1 /* Shared library add-on to iptables for NFQ
2 *
3 * (C) 2005 by Harald Welte <laforge@netfilter.org>
4 *
5 * This program is distributed under the terms of GNU GPL v2, 1991
6 *
7 */
8 #include <stdio.h>
9 #include <xtables.h>
10 #include <linux/netfilter/xt_NFQUEUE.h>
11
12 enum {
13 O_QUEUE_NUM = 0,
14 O_QUEUE_BALANCE,
15 O_QUEUE_BYPASS,
16 O_QUEUE_CPU_FANOUT,
17 F_QUEUE_NUM = 1 << O_QUEUE_NUM,
18 F_QUEUE_BALANCE = 1 << O_QUEUE_BALANCE,
19 F_QUEUE_CPU_FANOUT = 1 << O_QUEUE_CPU_FANOUT,
20 };
21
NFQUEUE_help(void)22 static void NFQUEUE_help(void)
23 {
24 printf(
25 "NFQUEUE target options\n"
26 " --queue-num value Send packet to QUEUE number <value>.\n"
27 " Valid queue numbers are 0-65535\n"
28 );
29 }
30
NFQUEUE_help_v1(void)31 static void NFQUEUE_help_v1(void)
32 {
33 printf(
34 "NFQUEUE target options\n"
35 " --queue-num value Send packet to QUEUE number <value>.\n"
36 " Valid queue numbers are 0-65535\n"
37 " --queue-balance first:last Balance flows between queues <value> to <value>.\n");
38 }
39
NFQUEUE_help_v2(void)40 static void NFQUEUE_help_v2(void)
41 {
42 printf(
43 "NFQUEUE target options\n"
44 " --queue-num value Send packet to QUEUE number <value>.\n"
45 " Valid queue numbers are 0-65535\n"
46 " --queue-balance first:last Balance flows between queues <value> to <value>.\n"
47 " --queue-bypass Bypass Queueing if no queue instance exists.\n"
48 " --queue-cpu-fanout Use current CPU (no hashing)\n");
49 }
50
NFQUEUE_help_v3(void)51 static void NFQUEUE_help_v3(void)
52 {
53 printf(
54 "NFQUEUE target options\n"
55 " --queue-num value Send packet to QUEUE number <value>.\n"
56 " Valid queue numbers are 0-65535\n"
57 " --queue-balance first:last Balance flows between queues <value> to <value>.\n"
58 " --queue-bypass Bypass Queueing if no queue instance exists.\n"
59 " --queue-cpu-fanout Use current CPU (no hashing)\n");
60 }
61
62 #define s struct xt_NFQ_info
63 static const struct xt_option_entry NFQUEUE_opts[] = {
64 {.name = "queue-num", .id = O_QUEUE_NUM, .type = XTTYPE_UINT16,
65 .flags = XTOPT_PUT, XTOPT_POINTER(s, queuenum),
66 .excl = F_QUEUE_BALANCE},
67 {.name = "queue-balance", .id = O_QUEUE_BALANCE,
68 .type = XTTYPE_UINT16RC, .excl = F_QUEUE_NUM},
69 {.name = "queue-bypass", .id = O_QUEUE_BYPASS, .type = XTTYPE_NONE},
70 {.name = "queue-cpu-fanout", .id = O_QUEUE_CPU_FANOUT,
71 .type = XTTYPE_NONE, .also = F_QUEUE_BALANCE},
72 XTOPT_TABLEEND,
73 };
74 #undef s
75
NFQUEUE_parse(struct xt_option_call * cb)76 static void NFQUEUE_parse(struct xt_option_call *cb)
77 {
78 xtables_option_parse(cb);
79 if (cb->entry->id == O_QUEUE_BALANCE)
80 xtables_error(PARAMETER_PROBLEM, "NFQUEUE target: "
81 "--queue-balance not supported (kernel too old?)");
82 }
83
NFQUEUE_parse_v1(struct xt_option_call * cb)84 static void NFQUEUE_parse_v1(struct xt_option_call *cb)
85 {
86 struct xt_NFQ_info_v1 *info = cb->data;
87 const uint16_t *r = cb->val.u16_range;
88
89 xtables_option_parse(cb);
90 switch (cb->entry->id) {
91 case O_QUEUE_BALANCE:
92 if (cb->nvals != 2)
93 xtables_error(PARAMETER_PROBLEM,
94 "Bad range \"%s\"", cb->arg);
95 if (r[0] >= r[1])
96 xtables_error(PARAMETER_PROBLEM, "%u should be less than %u",
97 r[0], r[1]);
98 info->queuenum = r[0];
99 info->queues_total = r[1] - r[0] + 1;
100 break;
101 }
102 }
103
NFQUEUE_parse_v2(struct xt_option_call * cb)104 static void NFQUEUE_parse_v2(struct xt_option_call *cb)
105 {
106 struct xt_NFQ_info_v2 *info = cb->data;
107 const uint16_t *r = cb->val.u16_range;
108
109 xtables_option_parse(cb);
110 switch (cb->entry->id) {
111 case O_QUEUE_BALANCE:
112 if (cb->nvals != 2)
113 xtables_error(PARAMETER_PROBLEM,
114 "Bad range \"%s\"", cb->arg);
115 if (r[0] >= r[1])
116 xtables_error(PARAMETER_PROBLEM,
117 "%u should be less than %u",
118 r[0], r[1]);
119 info->queuenum = r[0];
120 info->queues_total = r[1] - r[0] + 1;
121 break;
122 case O_QUEUE_BYPASS:
123 info->bypass |= NFQ_FLAG_BYPASS;
124 break;
125 }
126 }
127
NFQUEUE_parse_v3(struct xt_option_call * cb)128 static void NFQUEUE_parse_v3(struct xt_option_call *cb)
129 {
130 struct xt_NFQ_info_v3 *info = cb->data;
131 const uint16_t *r = cb->val.u16_range;
132
133 xtables_option_parse(cb);
134 switch (cb->entry->id) {
135 case O_QUEUE_BALANCE:
136 if (cb->nvals != 2)
137 xtables_error(PARAMETER_PROBLEM,
138 "Bad range \"%s\"", cb->arg);
139 if (r[0] >= r[1])
140 xtables_error(PARAMETER_PROBLEM,
141 "%u should be less than %u",
142 r[0], r[1]);
143 info->queuenum = r[0];
144 info->queues_total = r[1] - r[0] + 1;
145 break;
146 case O_QUEUE_BYPASS:
147 info->flags |= NFQ_FLAG_BYPASS;
148 break;
149 case O_QUEUE_CPU_FANOUT:
150 info->flags |= NFQ_FLAG_CPU_FANOUT;
151 break;
152 }
153 }
154
NFQUEUE_print(const void * ip,const struct xt_entry_target * target,int numeric)155 static void NFQUEUE_print(const void *ip,
156 const struct xt_entry_target *target, int numeric)
157 {
158 const struct xt_NFQ_info *tinfo =
159 (const struct xt_NFQ_info *)target->data;
160 printf(" NFQUEUE num %u", tinfo->queuenum);
161 }
162
NFQUEUE_print_v1(const void * ip,const struct xt_entry_target * target,int numeric)163 static void NFQUEUE_print_v1(const void *ip,
164 const struct xt_entry_target *target, int numeric)
165 {
166 const struct xt_NFQ_info_v1 *tinfo = (const void *)target->data;
167 unsigned int last = tinfo->queues_total;
168
169 if (last > 1) {
170 last += tinfo->queuenum - 1;
171 printf(" NFQUEUE balance %u:%u", tinfo->queuenum, last);
172 } else {
173 printf(" NFQUEUE num %u", tinfo->queuenum);
174 }
175 }
176
NFQUEUE_print_v2(const void * ip,const struct xt_entry_target * target,int numeric)177 static void NFQUEUE_print_v2(const void *ip,
178 const struct xt_entry_target *target, int numeric)
179 {
180 const struct xt_NFQ_info_v2 *info = (void *) target->data;
181 unsigned int last = info->queues_total;
182
183 if (last > 1) {
184 last += info->queuenum - 1;
185 printf(" NFQUEUE balance %u:%u", info->queuenum, last);
186 } else
187 printf(" NFQUEUE num %u", info->queuenum);
188
189 if (info->bypass & NFQ_FLAG_BYPASS)
190 printf(" bypass");
191 }
192
NFQUEUE_print_v3(const void * ip,const struct xt_entry_target * target,int numeric)193 static void NFQUEUE_print_v3(const void *ip,
194 const struct xt_entry_target *target, int numeric)
195 {
196 const struct xt_NFQ_info_v3 *info = (void *)target->data;
197 unsigned int last = info->queues_total;
198
199 if (last > 1) {
200 last += info->queuenum - 1;
201 printf(" NFQUEUE balance %u:%u", info->queuenum, last);
202 } else
203 printf(" NFQUEUE num %u", info->queuenum);
204
205 if (info->flags & NFQ_FLAG_BYPASS)
206 printf(" bypass");
207
208 if (info->flags & NFQ_FLAG_CPU_FANOUT)
209 printf(" cpu-fanout");
210 }
211
NFQUEUE_save(const void * ip,const struct xt_entry_target * target)212 static void NFQUEUE_save(const void *ip, const struct xt_entry_target *target)
213 {
214 const struct xt_NFQ_info *tinfo =
215 (const struct xt_NFQ_info *)target->data;
216
217 printf(" --queue-num %u", tinfo->queuenum);
218 }
219
NFQUEUE_save_v1(const void * ip,const struct xt_entry_target * target)220 static void NFQUEUE_save_v1(const void *ip, const struct xt_entry_target *target)
221 {
222 const struct xt_NFQ_info_v1 *tinfo = (const void *)target->data;
223 unsigned int last = tinfo->queues_total;
224
225 if (last > 1) {
226 last += tinfo->queuenum - 1;
227 printf(" --queue-balance %u:%u", tinfo->queuenum, last);
228 } else {
229 printf(" --queue-num %u", tinfo->queuenum);
230 }
231 }
232
NFQUEUE_save_v2(const void * ip,const struct xt_entry_target * target)233 static void NFQUEUE_save_v2(const void *ip, const struct xt_entry_target *target)
234 {
235 const struct xt_NFQ_info_v2 *info = (void *) target->data;
236 unsigned int last = info->queues_total;
237
238 if (last > 1) {
239 last += info->queuenum - 1;
240 printf(" --queue-balance %u:%u", info->queuenum, last);
241 } else
242 printf(" --queue-num %u", info->queuenum);
243
244 if (info->bypass & NFQ_FLAG_BYPASS)
245 printf(" --queue-bypass");
246 }
247
NFQUEUE_save_v3(const void * ip,const struct xt_entry_target * target)248 static void NFQUEUE_save_v3(const void *ip,
249 const struct xt_entry_target *target)
250 {
251 const struct xt_NFQ_info_v3 *info = (void *)target->data;
252 unsigned int last = info->queues_total;
253
254 if (last > 1) {
255 last += info->queuenum - 1;
256 printf(" --queue-balance %u:%u", info->queuenum, last);
257 } else
258 printf(" --queue-num %u", info->queuenum);
259
260 if (info->flags & NFQ_FLAG_BYPASS)
261 printf(" --queue-bypass");
262
263 if (info->flags & NFQ_FLAG_CPU_FANOUT)
264 printf(" --queue-cpu-fanout");
265 }
266
NFQUEUE_init_v1(struct xt_entry_target * t)267 static void NFQUEUE_init_v1(struct xt_entry_target *t)
268 {
269 struct xt_NFQ_info_v1 *tinfo = (void *)t->data;
270 tinfo->queues_total = 1;
271 }
272
NFQUEUE_xlate(struct xt_xlate * xl,const struct xt_xlate_tg_params * params)273 static int NFQUEUE_xlate(struct xt_xlate *xl,
274 const struct xt_xlate_tg_params *params)
275 {
276 const struct xt_NFQ_info *tinfo =
277 (const struct xt_NFQ_info *)params->target->data;
278
279 xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
280
281 return 1;
282 }
283
NFQUEUE_xlate_v1(struct xt_xlate * xl,const struct xt_xlate_tg_params * params)284 static int NFQUEUE_xlate_v1(struct xt_xlate *xl,
285 const struct xt_xlate_tg_params *params)
286 {
287 const struct xt_NFQ_info_v1 *tinfo = (const void *)params->target->data;
288 unsigned int last = tinfo->queues_total;
289
290 if (last > 1) {
291 last += tinfo->queuenum - 1;
292 xt_xlate_add(xl, "queue num %u-%u ", tinfo->queuenum, last);
293 } else {
294 xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
295 }
296
297 return 1;
298 }
299
NFQUEUE_xlate_v2(struct xt_xlate * xl,const struct xt_xlate_tg_params * params)300 static int NFQUEUE_xlate_v2(struct xt_xlate *xl,
301 const struct xt_xlate_tg_params *params)
302 {
303 const struct xt_NFQ_info_v2 *info = (void *)params->target->data;
304 unsigned int last = info->queues_total;
305
306 if (last > 1) {
307 last += info->queuenum - 1;
308 xt_xlate_add(xl, "queue num %u-%u ", info->queuenum, last);
309 } else
310 xt_xlate_add(xl, "queue num %u ", info->queuenum);
311
312 if (info->bypass & NFQ_FLAG_BYPASS)
313 xt_xlate_add(xl, "bypass");
314
315 return 1;
316 }
317
NFQUEUE_xlate_v3(struct xt_xlate * xl,const struct xt_xlate_tg_params * params)318 static int NFQUEUE_xlate_v3(struct xt_xlate *xl,
319 const struct xt_xlate_tg_params *params)
320 {
321 const struct xt_NFQ_info_v3 *info = (void *)params->target->data;
322 unsigned int last = info->queues_total;
323
324 if (last > 1) {
325 last += info->queuenum - 1;
326 xt_xlate_add(xl, "queue num %u-%u ", info->queuenum, last);
327 } else
328 xt_xlate_add(xl, "queue num %u ", info->queuenum);
329
330 if (info->flags & NFQ_FLAG_BYPASS)
331 xt_xlate_add(xl, "bypass");
332
333 if (info->flags & NFQ_FLAG_CPU_FANOUT)
334 xt_xlate_add(xl, "%sfanout ",
335 info->flags & NFQ_FLAG_BYPASS ? "," : "");
336
337 return 1;
338 }
339
340 static struct xtables_target nfqueue_targets[] = {
341 {
342 .family = NFPROTO_UNSPEC,
343 .name = "NFQUEUE",
344 .version = XTABLES_VERSION,
345 .size = XT_ALIGN(sizeof(struct xt_NFQ_info)),
346 .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info)),
347 .help = NFQUEUE_help,
348 .print = NFQUEUE_print,
349 .save = NFQUEUE_save,
350 .x6_parse = NFQUEUE_parse,
351 .x6_options = NFQUEUE_opts,
352 .xlate = NFQUEUE_xlate,
353 },{
354 .family = NFPROTO_UNSPEC,
355 .revision = 1,
356 .name = "NFQUEUE",
357 .version = XTABLES_VERSION,
358 .size = XT_ALIGN(sizeof(struct xt_NFQ_info_v1)),
359 .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v1)),
360 .help = NFQUEUE_help_v1,
361 .init = NFQUEUE_init_v1,
362 .print = NFQUEUE_print_v1,
363 .save = NFQUEUE_save_v1,
364 .x6_parse = NFQUEUE_parse_v1,
365 .x6_options = NFQUEUE_opts,
366 .xlate = NFQUEUE_xlate_v1,
367 },{
368 .family = NFPROTO_UNSPEC,
369 .revision = 2,
370 .name = "NFQUEUE",
371 .version = XTABLES_VERSION,
372 .size = XT_ALIGN(sizeof(struct xt_NFQ_info_v2)),
373 .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v2)),
374 .help = NFQUEUE_help_v2,
375 .init = NFQUEUE_init_v1,
376 .print = NFQUEUE_print_v2,
377 .save = NFQUEUE_save_v2,
378 .x6_parse = NFQUEUE_parse_v2,
379 .x6_options = NFQUEUE_opts,
380 .xlate = NFQUEUE_xlate_v2,
381 },{
382 .family = NFPROTO_UNSPEC,
383 .revision = 3,
384 .name = "NFQUEUE",
385 .version = XTABLES_VERSION,
386 .size = XT_ALIGN(sizeof(struct xt_NFQ_info_v3)),
387 .userspacesize = XT_ALIGN(sizeof(struct xt_NFQ_info_v3)),
388 .help = NFQUEUE_help_v3,
389 .init = NFQUEUE_init_v1,
390 .print = NFQUEUE_print_v3,
391 .save = NFQUEUE_save_v3,
392 .x6_parse = NFQUEUE_parse_v3,
393 .x6_options = NFQUEUE_opts,
394 .xlate = NFQUEUE_xlate_v3,
395 }
396 };
397
_init(void)398 void _init(void)
399 {
400 xtables_register_targets(nfqueue_targets, ARRAY_SIZE(nfqueue_targets));
401 }
402