Gitiles
Code Review Sign In
review.blissroms.org / platform_external_ebtables / 1b4ccfa221a3bd538109eceafed1e9c8c0951156 / . / ebtables.c
blob: 58dad06a022e55ba290e56eea8160667d76d21e1 [file] [log] [blame]
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1/*
Bart De Schuymerc56a31a2002-07-25 08:16:08 +0000[diff] [blame]2 * ebtables.c, v2.0 July 2002
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]3 *
4 * Author: Bart De Schuymer
5 *
6 * This code is stongly inspired on the iptables code which is
7 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation; either version 2 of the
12 * License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24#include <getopt.h>
25#include <string.h>
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]26#include <stdio.h>
27#include <stdlib.h>
Bart De Schuymerd4586482002-08-11 16:15:55 +0000[diff] [blame]28#include <stdarg.h>
Bart De Schuymer41830412002-06-05 19:41:28 +0000[diff] [blame]29#include <netinet/ether.h>
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]30#include "include/ebtables_u.h"
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]31#include "include/ethernetdb.h"
Bart De Schuymerc8531032002-06-14 21:55:29 +0000[diff] [blame]32#include <unistd.h>
33#include <fcntl.h>
34#include <sys/wait.h>
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]35
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]36/*
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]37 * default command line options
38 * do not mess around with the already assigned numbers unless
39 * you know what you are doing
40 */
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]41static struct option ebt_original_options[] =
42{
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]43 { "append" , required_argument, 0, 'A' },
44 { "insert" , required_argument, 0, 'I' },
45 { "delete" , required_argument, 0, 'D' },
46 { "list" , optional_argument, 0, 'L' },
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]47 { "Lc" , no_argument , 0, 4 },
48 { "Ln" , no_argument , 0, 5 },
49 { "Lx" , no_argument , 0, 6 },
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]50 { "Lmac2" , no_argument , 0, 12 },
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]51 { "zero" , optional_argument, 0, 'Z' },
52 { "flush" , optional_argument, 0, 'F' },
53 { "policy" , required_argument, 0, 'P' },
54 { "in-interface" , required_argument, 0, 'i' },
55 { "in-if" , required_argument, 0, 'i' },
56 { "logical-in" , required_argument, 0, 2 },
57 { "logical-out" , required_argument, 0, 3 },
58 { "out-interface" , required_argument, 0, 'o' },
59 { "out-if" , required_argument, 0, 'o' },
60 { "version" , no_argument , 0, 'V' },
61 { "help" , no_argument , 0, 'h' },
62 { "jump" , required_argument, 0, 'j' },
63 { "proto" , required_argument, 0, 'p' },
64 { "protocol" , required_argument, 0, 'p' },
65 { "db" , required_argument, 0, 'b' },
66 { "source" , required_argument, 0, 's' },
67 { "src" , required_argument, 0, 's' },
68 { "destination" , required_argument, 0, 'd' },
69 { "dst" , required_argument, 0, 'd' },
70 { "table" , required_argument, 0, 't' },
Bart De Schuymerc8531032002-06-14 21:55:29 +0000[diff] [blame]71 { "modprobe" , required_argument, 0, 'M' },
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]72 { "new-chain" , required_argument, 0, 'N' },
73 { "rename-chain" , required_argument, 0, 'E' },
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]74 { "delete-chain" , optional_argument, 0, 'X' },
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]75 { "atomic-init" , no_argument , 0, 7 },
76 { "atomic-commit" , no_argument , 0, 8 },
77 { "atomic-file" , required_argument, 0, 9 },
78 { "atomic-save" , no_argument , 0, 10 },
Bart De Schuymer8d1d8942002-07-15 20:09:09 +0000[diff] [blame]79 { "init-table" , no_argument , 0, 11 },
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]80 { 0 }
81};
82
83static struct option *ebt_options = ebt_original_options;
84
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]85/*
86 * holds all the data
87 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]88static struct ebt_u_replace replace;
89
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]90/*
91 * the chosen table
92 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]93static struct ebt_u_table *table = NULL;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]94
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]95/*
96 * The pointers in here are special:
97 * The struct ebt_target * pointer is actually a struct ebt_u_target * pointer.
98 * instead of making yet a few other structs, we just do a cast.
99 * We need a struct ebt_u_target pointer because we know the address of the data
100 * they point to won't change. We want to allow that the struct ebt_u_target.t
101 * member can change.
102 * Same holds for the struct ebt_match and struct ebt_watcher pointers
103 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]104struct ebt_u_entry *new_entry;
105
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]106
107static int global_option_offset = 0;
108#define OPTION_OFFSET 256
109static struct option *
110merge_options(struct option *oldopts, const struct option *newopts,
111 unsigned int *options_offset)
112{
113 unsigned int num_old, num_new, i;
114 struct option *merge;
115
116 if (!newopts || !oldopts || !options_offset)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]117 ebt_print_bug("merge wrong");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]118 for (num_old = 0; oldopts[num_old].name; num_old++);
119 for (num_new = 0; newopts[num_new].name; num_new++);
120
121 global_option_offset += OPTION_OFFSET;
122 *options_offset = global_option_offset;
123
124 merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
125 if (!merge)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]126 ebt_print_memory();
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]127 memcpy(merge, oldopts, num_old * sizeof(struct option));
128 for (i = 0; i < num_new; i++) {
129 merge[num_old + i] = newopts[i];
130 merge[num_old + i].val += *options_offset;
131 }
132 memset(merge + num_old + num_new, 0, sizeof(struct option));
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]133 /* only free dynamically allocated stuff */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]134 if (oldopts != ebt_original_options)
135 free(oldopts);
136
137 return merge;
138}
139
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]140static void merge_match(struct ebt_u_match *m)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]141{
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]142 ebt_options = merge_options
143 (ebt_options, m->extra_ops, &(m->option_offset));
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]144}
145
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]146static void merge_watcher(struct ebt_u_watcher *w)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]147{
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]148 ebt_options = merge_options
149 (ebt_options, w->extra_ops, &(w->option_offset));
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]150}
151
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]152static void merge_target(struct ebt_u_target *t)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]153{
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]154 ebt_options = merge_options
155 (ebt_options, t->extra_ops, &(t->option_offset));
Bart De Schuymer9a0fbf22003-01-11 16:16:54 +0000[diff] [blame]156}
157
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]158/*
159 * we use replace.flags, so we can't use the following values:
160 * 0x01 == OPT_COMMAND, 0x02 == OPT_TABLE, 0x100 == OPT_ZERO
161 */
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]162#define LIST_N 0x04
163#define LIST_C 0x08
164#define LIST_X 0x10
165#define LIST_MAC2 0x20
166
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]167/*
168 * helper function for list_rules()
169 */
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]170static void list_em(struct ebt_u_entries *entries)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]171{
172 int i, j, space = 0, digits;
173 struct ebt_u_entry *hlp;
174 struct ebt_u_match_list *m_l;
175 struct ebt_u_watcher_list *w_l;
176 struct ebt_u_match *m;
177 struct ebt_u_watcher *w;
178 struct ebt_u_target *t;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]179
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]180 if (replace.flags & LIST_MAC2)
181 ebt_printstyle_mac = 2;
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]182 hlp = entries->entries;
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]183 if (replace.flags & LIST_X && entries->policy != EBT_ACCEPT) {
184 printf("ebtables -t %s -P %s %s\n", replace.name,
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]185 entries->name, ebt_standard_targets[-entries->policy - 1]);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]186 } else if (!(replace.flags & LIST_X)) {
Bart De Schuymerc87c9642002-08-01 15:34:16 +0000[diff] [blame]187 printf("\nBridge chain: %s, entries: %d, policy: %s\n",
188 entries->name, entries->nentries,
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]189 ebt_standard_targets[-entries->policy - 1]);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]190 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]191
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]192 i = entries->nentries;
Bart De Schuymerf8f8f292002-06-25 15:43:57 +0000[diff] [blame]193 while (i > 9) {
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]194 space++;
195 i /= 10;
196 }
197
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]198 for (i = 0; i < entries->nentries; i++) {
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]199 if (replace.flags & LIST_N) {
200 digits = 0;
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]201 /* A little work to get nice rule numbers. */
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]202 j = i + 1;
203 while (j > 9) {
204 digits++;
205 j /= 10;
206 }
207 for (j = 0; j < space - digits; j++)
208 printf(" ");
209 printf("%d. ", i + 1);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]210 }
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]211 if (replace.flags & LIST_X)
212 printf("ebtables -t %s -A %s ",
213 replace.name, entries->name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]214
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]215 /*
216 * Don't print anything about the protocol if no protocol was
217 * specified, obviously this means any protocol will do.
218 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]219 if (!(hlp->bitmask & EBT_NOPROTO)) {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]220 printf("-p ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]221 if (hlp->invflags & EBT_IPROTO)
222 printf("! ");
223 if (hlp->bitmask & EBT_802_3)
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]224 printf("Length ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]225 else {
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]226 struct ethertypeent *ent;
227
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]228 ent = getethertypebynumber
229 (ntohs(hlp->ethproto));
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]230 if (!ent)
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]231 printf("0x%x ", ntohs(hlp->ethproto));
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]232 else
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]233 printf("%s ", ent->e_name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]234 }
235 }
236 if (hlp->bitmask & EBT_SOURCEMAC) {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]237 printf("-s ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]238 if (hlp->invflags & EBT_ISOURCE)
239 printf("! ");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]240 ebt_print_mac_and_mask(hlp->sourcemac, hlp->sourcemsk);
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]241 printf(" ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]242 }
243 if (hlp->bitmask & EBT_DESTMAC) {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]244 printf("-d ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]245 if (hlp->invflags & EBT_IDEST)
246 printf("! ");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]247 ebt_print_mac_and_mask(hlp->destmac, hlp->destmsk);
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]248 printf(" ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]249 }
250 if (hlp->in[0] != '\0') {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]251 printf("-i ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]252 if (hlp->invflags & EBT_IIN)
253 printf("! ");
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]254 printf("%s ", hlp->in);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]255 }
256 if (hlp->logical_in[0] != '\0') {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]257 printf("--logical-in ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]258 if (hlp->invflags & EBT_ILOGICALIN)
259 printf("! ");
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]260 printf("%s ", hlp->logical_in);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]261 }
262 if (hlp->logical_out[0] != '\0') {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]263 printf("--logical-out ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]264 if (hlp->invflags & EBT_ILOGICALOUT)
265 printf("! ");
Bart De Schuymerb3d8f262002-07-07 14:26:15 +0000[diff] [blame]266 printf("%s ", hlp->logical_out);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]267 }
268 if (hlp->out[0] != '\0') {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]269 printf("-o ");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]270 if (hlp->invflags & EBT_IOUT)
271 printf("! ");
Bart De Schuymerb3d8f262002-07-07 14:26:15 +0000[diff] [blame]272 printf("%s ", hlp->out);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]273 }
274
275 m_l = hlp->m_list;
276 while (m_l) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]277 m = ebt_find_match(m_l->m->u.name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]278 if (!m)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]279 ebt_print_bug("Match not found");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]280 m->print(hlp, m_l->m);
281 m_l = m_l->next;
282 }
283 w_l = hlp->w_list;
284 while (w_l) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]285 w = ebt_find_watcher(w_l->w->u.name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]286 if (!w)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]287 ebt_print_bug("Watcher not found");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]288 w->print(hlp, w_l->w);
289 w_l = w_l->next;
290 }
291
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]292 printf("-j ");
293 if (strcmp(hlp->t->u.name, EBT_STANDARD_TARGET))
294 printf("%s ", hlp->t->u.name);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]295 t = ebt_find_target(hlp->t->u.name);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]296 if (!t)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]297 ebt_print_bug("Target not found");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]298 t->print(hlp, hlp->t);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]299 if (replace.flags & LIST_C)
Bart De Schuymer73fccca2002-10-17 22:00:23 +0000[diff] [blame]300 printf(", pcnt = %llu -- bcnt = %llu",
301 replace.counters[entries->counter_offset + i].pcnt,
302 replace.counters[entries->counter_offset + i].bcnt);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]303 printf("\n");
304 hlp = hlp->next;
305 }
306}
307
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]308static void print_help()
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]309{
310 struct ebt_u_match_list *m_l;
311 struct ebt_u_watcher_list *w_l;
312
Bart De Schuymer57a3f6a2003-04-01 16:59:33 +0000[diff] [blame]313 PRINT_VERSION;
314 printf(
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]315"Usage:\n"
316"ebtables -[ADI] chain rule-specification [options]\n"
317"ebtables -P chain target\n"
318"ebtables -[LFZ] [chain]\n"
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]319"ebtables -[NX] [chain]\n"
320"ebtables -E old-chain-name new-chain-name\n\n"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]321"Commands:\n"
Bart De Schuymer23f6dcf2002-08-17 09:14:07 +0000[diff] [blame]322"--append -A chain : append to chain\n"
323"--delete -D chain : delete matching rule from chain\n"
324"--delete -D chain rulenum : delete rule at position rulenum from chain\n"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]325"--insert -I chain rulenum : insert rule at position rulenum in chain\n"
Bart De Schuymer23f6dcf2002-08-17 09:14:07 +0000[diff] [blame]326"--list -L [chain] : list the rules in a chain or in all chains\n"
327"--flush -F [chain] : delete all rules in chain or in all chains\n"
328"--init-table : replace the kernel table with the initial table\n"
329"--zero -Z [chain] : put counters on zero in chain or in all chains\n"
330"--policy -P chain target : change policy on chain to target\n"
331"--new-chain -N chain : create a user defined chain\n"
332"--rename-chain -E old new : rename a chain\n"
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]333"--delete-chain -X [chain] : delete a user defined chain\n"
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]334"--atomic-commit : update the kernel w/t table contained in <FILE>\n"
335"--atomic-init : put the initial kernel table into <FILE>\n"
336"--atomic-save : put the current kernel table into <FILE>\n"
Bart De Schuymer97819962002-12-11 21:23:07 +0000[diff] [blame]337"--atomic-file file : set <FILE> to file\n\n"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]338"Options:\n"
339"--proto -p [!] proto : protocol hexadecimal, by name or LENGTH\n"
340"--src -s [!] address[/mask]: source mac address\n"
341"--dst -d [!] address[/mask]: destination mac address\n"
342"--in-if -i [!] name : network input interface name\n"
343"--out-if -o [!] name : network output interface name\n"
344"--logical-in [!] name : logical bridge input interface name\n"
345"--logical-out [!] name : logical bridge output interface name\n"
Bart De Schuymer5cbc8e02002-07-14 21:15:28 +0000[diff] [blame]346"--modprobe -M program : try to insert modules using this program\n"
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]347"--version -V : print package version\n\n"
348"Environment variable:\n"
349ATOMIC_ENV_VARIABLE " : if set <FILE> (see above) will equal its value"
350"\n\n");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]351 m_l = new_entry->m_list;
352 while (m_l) {
353 ((struct ebt_u_match *)m_l->m)->help();
354 printf("\n");
355 m_l = m_l->next;
356 }
357 w_l = new_entry->w_list;
358 while (w_l) {
359 ((struct ebt_u_watcher *)w_l->w)->help();
360 printf("\n");
361 w_l = w_l->next;
362 }
363 ((struct ebt_u_target *)new_entry->t)->help();
364 printf("\n");
365 if (table->help)
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]366 table->help(ebt_hooknames);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]367 exit(0);
368}
369
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]370/*
371 * execute command L
372 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]373static void list_rules()
374{
375 int i;
376
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]377 if (!(replace.flags & LIST_X))
378 printf("Bridge table: %s\n", table->name);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]379 if (replace.selected_chain != -1) {
380 list_em(ebt_to_chain(&replace));
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]381 } else {
382 struct ebt_u_chain_list *cl = replace.udc;
383
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]384 /*
385 * create new chains and rename standard chains when necessary
386 */
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]387 if (replace.flags & LIST_X) {
388 while (cl) {
389 printf("ebtables -t %s -N %s\n", replace.name,
390 cl->udc->name);
391 cl = cl->next;
392 }
393 cl = replace.udc;
394 for (i = 0; i < NF_BR_NUMHOOKS; i++)
395 if (replace.valid_hooks & (1 << i) &&
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]396 strcmp(replace.hook_entry[i]->name,
397 ebt_hooknames[i]))
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]398 printf("ebtables -t %s -E %s %s\n",
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]399 replace.name, ebt_hooknames[i],
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]400 replace.hook_entry[i]->name);
401 }
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]402 i = 0;
403 while (1) {
404 if (i < NF_BR_NUMHOOKS) {
405 if (replace.valid_hooks & (1 << i))
406 list_em(replace.hook_entry[i]);
407 i++;
408 continue;
409 } else {
410 if (!cl)
411 break;
412 list_em(cl->udc);
413 cl = cl->next;
414 }
415 }
416 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]417}
418
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]419static int parse_delete_rule(const char *argv, int *rule_nr, int *rule_nr_end)
420{
421 char *colon = strchr(argv, ':'), *buffer;
422
423 if (colon) {
424 *colon = '\0';
425 if (*(colon + 1) == '\0')
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]426 *rule_nr_end = -1; /* until the last rule */
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]427 else {
428 *rule_nr_end = strtol(colon + 1, &buffer, 10);
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]429 if (*buffer != '\0' || *rule_nr_end == 0)
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]430 return -1;
431 }
432 }
433 if (colon == argv)
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]434 *rule_nr = 1; /* beginning with the first rule */
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]435 else {
436 *rule_nr = strtol(argv, &buffer, 10);
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]437 if (*buffer != '\0' || *rule_nr == 0)
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]438 return -1;
439 }
440 if (!colon)
441 *rule_nr_end = *rule_nr;
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]442 return 0;
443}
444
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]445#define print_if_l_error ebt_print_error("Interface name length must be less " \
Bart De Schuymerc5075142002-08-18 14:21:19 +0000[diff] [blame]446 "than %d", IFNAMSIZ)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]447#define OPT_COMMAND 0x01
448#define OPT_TABLE 0x02
449#define OPT_IN 0x04
450#define OPT_OUT 0x08
451#define OPT_JUMP 0x10
452#define OPT_PROTOCOL 0x20
453#define OPT_SOURCE 0x40
454#define OPT_DEST 0x80
455#define OPT_ZERO 0x100
456#define OPT_LOGICALIN 0x200
457#define OPT_LOGICALOUT 0x400
458#define OPT_KERNELDATA 0x800 /* if set, we already have loaded the table
459 * in userspace */
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]460/* the main thing */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]461int main(int argc, char *argv[])
462{
Bart De Schuymer923a5732002-08-11 12:01:33 +0000[diff] [blame]463 char *buffer;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]464 int c, i;
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]465 /*
466 * this special one for the -Z option (we can have -Z <this> -L <that>)
467 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]468 int zerochain = -1;
Bart De Schuymerf8f8f292002-06-25 15:43:57 +0000[diff] [blame]469 int policy = 0;
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]470 int rule_nr = 0; /* used for -[D,I] */
471 int rule_nr_end = 0; /* used for -I */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]472 struct ebt_u_target *t;
473 struct ebt_u_match *m;
474 struct ebt_u_watcher *w;
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]475 struct ebt_u_match_list *m_l;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]476 struct ebt_u_watcher_list *w_l;
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]477 struct ebt_u_entries *entries;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]478
Bart De Schuymera615b962002-11-03 14:54:09 +0000[diff] [blame]479 opterr = 0;
480
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]481 ebt_iterate_matches(merge_match);
482 ebt_iterate_watchers(merge_watcher);
483 ebt_iterate_targets(merge_target);
484
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]485 buffer = getenv(ATOMIC_ENV_VARIABLE);
486 if (buffer) {
487 replace.filename = malloc(strlen(buffer)+1);
488 if (!replace.filename)
489 ebt_print_memory();
490 memcpy(replace.filename, buffer, strlen(buffer)+1);
491 buffer = NULL;
492 }
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]493 /*
494 * initialize the table name, OPT_ flags, selected hook and command
495 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]496 strcpy(replace.name, "filter");
497 replace.flags = 0;
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]498 replace.selected_chain = -1;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]499 replace.command = 'h';
Bart De Schuymered053432002-07-21 19:35:39 +0000[diff] [blame]500 replace.counterchanges = NULL;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]501
502 new_entry = (struct ebt_u_entry *)malloc(sizeof(struct ebt_u_entry));
503 if (!new_entry)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]504 ebt_print_memory();
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]505 /*
506 * put some sane values in our new entry
507 */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]508 ebt_initialize_entry(new_entry);
509 new_entry->replace = &replace;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]510
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]511 /*
512 * The scenario induced by this loop makes that:
513 * '-t' ,'-M' and --atomic (if specified) have to come
514 * before '-A' and the like
515 */
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]516
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]517 /*
518 * getopt saves the day
519 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]520 while ((c = getopt_long(argc, argv,
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]521 "-A:D:I:N:E:X::L::Z::F::P:Vhi:o:j:p:s:d:t:M:", ebt_options, NULL)) != -1) {
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]522 switch (c) {
523
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]524 case 'A': /* add a rule */
525 case 'D': /* delete a rule */
526 case 'P': /* define policy */
527 case 'I': /* insert a rule */
528 case 'N': /* make a user defined chain */
529 case 'E': /* rename chain */
530 case 'X': /* delete chain */
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]531 /* We allow -N chainname -P policy */
532 if (replace.command == 'N' && c == 'P') {
533 replace.command = c;
534 optind--;
535 goto handle_P;
536 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]537 replace.command = c;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]538 replace.flags |= OPT_COMMAND;
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]539 if (!(replace.flags & OPT_KERNELDATA)) {
540 ebt_get_kernel_table(&replace, table, 0);
541 replace.flags |= OPT_KERNELDATA;
542 }
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]543 if (optarg && (optarg[0] == '-' ||
544 !strcmp(optarg, "!")))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]545 ebt_print_error("No chain name specified");
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]546 if (c == 'N') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]547 ebt_new_chain(&replace, optarg, EBT_ACCEPT);
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]548 /* This is needed to get -N x -P y working */
549 replace.selected_chain =
550 ebt_get_chainnr(&replace, optarg);
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]551 break;
552 }
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]553 if (c == 'X') {
554 char *opt;
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]555
556 if (!optarg && (optind >= argc ||
Bart De Schuymerf3196482003-07-25 12:53:17 +0000[diff] [blame]557 (argv[optind][0] == '-'
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]558 && strcmp(argv[optind], "!")))) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]559 replace.selected_chain = -1;
560 ebt_delete_chain(&replace);
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]561 break;
562 }
563 if (optarg)
564 opt = optarg;
565 else {
566 opt = argv[optind];
567 optind++;
568 }
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]569 if ((replace.selected_chain =
570 ebt_get_chainnr(&replace, opt)) == -1)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]571 ebt_print_error("Chain %s doesn't "
572 "exist", optarg);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]573 ebt_delete_chain(&replace);
Bart De Schuymer90f2c2e2003-07-13 18:48:02 +0000[diff] [blame]574 break;
575 }
576
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]577 if ((replace.selected_chain =
578 ebt_get_chainnr(&replace, optarg)) == -1)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]579 ebt_print_error("Chain %s doesn't exist",
580 optarg);
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]581 if (c == 'E') {
Bart De Schuymerc56a31a2002-07-25 08:16:08 +0000[diff] [blame]582 if (optind >= argc || argv[optind][0] == '-' ||
583 !strcmp(argv[optind], "!"))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]584 ebt_print_error("No new chain name "
585 "specified");
586 if (strlen(argv[optind])>=EBT_CHAIN_MAXNAMELEN)
587 ebt_print_error("Chain name len can't "
588 "exceed %d",
589 EBT_CHAIN_MAXNAMELEN - 1);
590 if (ebt_get_chainnr(&replace, argv[optind]) !=
591 -1)
592 ebt_print_error("Chain %s already "
593 "exists", argv[optind]);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]594 if (ebt_find_target(argv[optind]))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]595 ebt_print_error("Target with name %s "
596 "exists", argv[optind]);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]597 ebt_rename_chain(&replace, argv[optind]);
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]598 optind++;
599 break;
600 }
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]601
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]602 if (c == 'D' && optind < argc &&
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]603 (argv[optind][0] != '-' ||
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]604 (argv[optind][1] >= '0' &&
605 argv[optind][1] <= '9'))) {
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]606 if (parse_delete_rule(argv[optind],
607 &rule_nr, &rule_nr_end))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]608 ebt_print_error("Problem with the "
Bart De Schuymercc440052002-11-06 21:10:33 +0000[diff] [blame]609 "specified rule number(s)");
610 optind++;
611 }
612 if (c == 'I') {
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]613 if (optind >= argc ||
614 (argv[optind][0] == '-' &&
615 (argv[optind][1] < '0' ||
616 argv[optind][1] > '9')))
617 ebt_print_error("No rulenr for -I"
Bart De Schuymerc56a31a2002-07-25 08:16:08 +0000[diff] [blame]618 " specified");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]619 rule_nr = strtol(argv[optind], &buffer, 10);
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]620 if (*buffer != '\0')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]621 ebt_print_error("Problem with the "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]622 "specified rule number");
623 optind++;
624 }
625 if (c == 'P') {
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]626handle_P:
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]627 if (optind >= argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]628 ebt_print_error("No policy specified");
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]629 policy = 0;
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]630 for (i = 0; i < NUM_STANDARD_TARGETS; i++)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]631 if (!strcmp(argv[optind],
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]632 ebt_standard_targets[i])) {
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]633 policy = -i -1;
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]634 if (policy == EBT_CONTINUE)
635 policy = 0;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]636 break;
637 }
Bart De Schuymer1ab41562002-06-23 17:09:54 +0000[diff] [blame]638 if (policy == 0)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]639 ebt_print_error("Wrong policy");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]640 optind++;
641 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]642 break;
643
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]644 case 'L': /* list */
645 case 'F': /* flush */
646 case 'Z': /* zero counters */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]647 if (c == 'Z') {
648 if (replace.flags & OPT_ZERO)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]649 ebt_print_error("Multiple commands"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]650 " not allowed");
651 if ( (replace.flags & OPT_COMMAND &&
652 replace.command != 'L'))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]653 ebt_print_error("command -Z only "
654 "allowed together with command -L");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]655 replace.flags |= OPT_ZERO;
656 } else {
657 replace.command = c;
658 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]659 ebt_print_error("Multiple commands"
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]660 " not allowed");
661 replace.flags |= OPT_COMMAND;
662 }
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]663 ebt_get_kernel_table(&replace, table, 0);
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]664 i = -1;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]665 if (optarg) {
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]666 if ( (i = ebt_get_chainnr(&replace, optarg)) ==
667 -1 )
668 ebt_print_error("Bad chain");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]669 } else
670 if (optind < argc && argv[optind][0] != '-') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]671 if ((i = ebt_get_chainnr(&replace,
672 argv[optind])) == -1)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]673 ebt_print_error("Bad chain");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]674 optind++;
675 }
676 if (i != -1) {
677 if (c == 'Z')
678 zerochain = i;
679 else
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]680 replace.selected_chain = i;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]681 }
682 break;
683
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]684 case 'V': /* version */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]685 replace.command = 'V';
686 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]687 ebt_print_error("Multiple commands not "
688 "allowed");
Bart De Schuymer57a3f6a2003-04-01 16:59:33 +0000[diff] [blame]689 PRINT_VERSION;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]690 exit(0);
691
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]692 case 'M': /* modprobe */
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]693 if (replace.command != 'h')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]694 ebt_print_error("Please put the -M option "
695 "earlier");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]696 ebt_modprobe = optarg;
Bart De Schuymerc8531032002-06-14 21:55:29 +0000[diff] [blame]697 break;
698
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]699 case 'h': /* help */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]700 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]701 ebt_print_error("Multiple commands not "
702 "allowed");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]703 replace.command = 'h';
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]704 /*
705 * All other arguments should be extension names
706 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]707 while (optind < argc) {
708 struct ebt_u_match *m;
709 struct ebt_u_watcher *w;
710
Bart De Schuymer9a0fbf22003-01-11 16:16:54 +0000[diff] [blame]711 if (!strcasecmp("list_extensions",
712 argv[optind]))
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]713 ebt_list_extensions();
Bart De Schuymer9a0fbf22003-01-11 16:16:54 +0000[diff] [blame]714
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]715 if ((m = ebt_find_match(argv[optind])))
716 ebt_add_match(new_entry, m);
717 else if ((w = ebt_find_watcher(argv[optind])))
718 ebt_add_watcher(new_entry, w);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]719 else {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]720 if (!(t = ebt_find_target(argv[optind])))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]721 ebt_print_error("Extension %s "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]722 "not found", argv[optind]);
723 if (replace.flags & OPT_JUMP)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]724 ebt_print_error("Sorry, you "
725 "can only see help for one "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]726 "target extension each time");
727 replace.flags |= OPT_JUMP;
728 new_entry->t =
729 (struct ebt_entry_target *)t;
730 }
731 optind++;
732 }
733 break;
734
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]735 case 't': /* table */
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]736 if (replace.command != 'h')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]737 ebt_print_error("Please put the -t option "
738 "first");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]739 ebt_check_option(&replace.flags, OPT_TABLE);
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]740 if (strlen(optarg) > EBT_TABLE_MAXNAMELEN - 1)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]741 ebt_print_error("Table name too long");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]742 strcpy(replace.name, optarg);
743 break;
744
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]745 case 'i': /* input interface */
746 case 2 : /* logical input interface */
747 case 'o': /* output interface */
748 case 3 : /* logical output interface */
749 case 'j': /* target */
750 case 'p': /* net family protocol */
751 case 's': /* source mac */
752 case 'd': /* destination mac */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]753 if ((replace.flags & OPT_COMMAND) == 0)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]754 ebt_print_error("No command specified");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]755 if ( replace.command != 'A' &&
756 replace.command != 'D' && replace.command != 'I')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]757 ebt_print_error("Command and option do not "
758 "match");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]759 if (c == 'i') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]760 ebt_check_option(&replace.flags, OPT_IN);
761 if (replace.selected_chain > 2 &&
762 replace.selected_chain < NF_BR_BROUTING)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]763 ebt_print_error("Use in-interface "
764 "only in "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]765 "INPUT, FORWARD, PREROUTING and"
766 "BROUTING chains");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]767 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]768 new_entry->invflags |= EBT_IIN;
769
770 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]771 ebt_print_error("No in-interface "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]772 "specified");
773 if (strlen(argv[optind - 1]) >= IFNAMSIZ)
Bart De Schuymerc5075142002-08-18 14:21:19 +0000[diff] [blame]774 print_if_l_error;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]775 strcpy(new_entry->in, argv[optind - 1]);
776 break;
777 }
778 if (c == 2) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]779 ebt_check_option(&replace.flags, OPT_LOGICALIN);
780 if (replace.selected_chain > 2 &&
781 replace.selected_chain < NF_BR_BROUTING)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]782 ebt_print_error("Use logical "
783 "in-interface "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]784 "only in INPUT, FORWARD, "
785 "PREROUTING and BROUTING chains");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]786 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]787 new_entry->invflags |= EBT_ILOGICALIN;
788
789 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]790 ebt_print_error("No logical "
791 "in-interface specified");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]792 if (strlen(argv[optind - 1]) >= IFNAMSIZ)
Bart De Schuymerc5075142002-08-18 14:21:19 +0000[diff] [blame]793 print_if_l_error;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]794 strcpy(new_entry->logical_in, argv[optind - 1]);
795 break;
796 }
797 if (c == 'o') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]798 ebt_check_option(&replace.flags, OPT_OUT);
799 if (replace.selected_chain < 2)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]800 ebt_print_error("Use out-interface "
801 "only in OUTPUT, FORWARD and "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]802 "POSTROUTING chains");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]803 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]804 new_entry->invflags |= EBT_IOUT;
805
806 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]807 ebt_print_error("No out-interface "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]808 "specified");
809
810 if (strlen(argv[optind - 1]) >= IFNAMSIZ)
Bart De Schuymerc5075142002-08-18 14:21:19 +0000[diff] [blame]811 print_if_l_error;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]812 strcpy(new_entry->out, argv[optind - 1]);
813 break;
814 }
815 if (c == 3) {
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]816 ebt_check_option(&replace.flags,
817 OPT_LOGICALOUT);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]818 if (replace.selected_chain < 2)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]819 ebt_print_error("Use logical "
820 "out-interface "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]821 "only in OUTPUT, FORWARD and "
822 "POSTROUTING chains");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]823 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]824 new_entry->invflags |= EBT_ILOGICALOUT;
825
826 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]827 ebt_print_error("No logical "
828 "out-interface specified");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]829
830 if (strlen(argv[optind - 1]) >= IFNAMSIZ)
Bart De Schuymerc5075142002-08-18 14:21:19 +0000[diff] [blame]831 print_if_l_error;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]832 strcpy(new_entry->logical_out,
833 argv[optind - 1]);
834 break;
835 }
836 if (c == 'j') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]837 ebt_check_option(&replace.flags, OPT_JUMP);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]838 for (i = 0; i < NUM_STANDARD_TARGETS; i++)
839 if (!strcmp(optarg,
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]840 ebt_standard_targets[i])) {
841 t = ebt_find_target(
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]842 EBT_STANDARD_TARGET);
843 ((struct ebt_standard_target *)
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]844 t->t)->verdict = -i - 1;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]845 break;
846 }
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]847 if (-i - 1 == EBT_RETURN) {
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]848 if (replace.selected_chain <
849 NF_BR_NUMHOOKS)
850 ebt_print_error("Return target"
851 " only for user defined "
852 "chains");
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]853 }
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]854 if (i != NUM_STANDARD_TARGETS)
855 break;
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]856 if ((i = ebt_get_chainnr(&replace, optarg)) !=
857 -1) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]858 if (i < NF_BR_NUMHOOKS)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]859 ebt_print_error("don't jump"
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]860 " to a standard chain");
861 t = ebt_find_target(EBT_STANDARD_TARGET);
862 ((struct ebt_standard_target *)
863 t->t)->verdict = i - NF_BR_NUMHOOKS;
864 break;
865 } else {
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]866 /*
867 * must be an extension then
868 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]869 struct ebt_u_target *t;
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]870
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]871 t = ebt_find_target(optarg);
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]872 /*
873 * -j standard not allowed either
874 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]875 if (!t || t ==
876 (struct ebt_u_target *)new_entry->t)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]877 ebt_print_error("Illegal "
878 "target name");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]879 new_entry->t =
880 (struct ebt_entry_target *)t;
881 }
882 break;
883 }
884 if (c == 's') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]885 ebt_check_option(&replace.flags, OPT_SOURCE);
886 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]887 new_entry->invflags |= EBT_ISOURCE;
888
889 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]890 ebt_print_error("No source mac "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]891 "specified");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]892 if (ebt_get_mac_and_mask(argv[optind - 1],
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]893 new_entry->sourcemac, new_entry->sourcemsk))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]894 ebt_print_error("Problem with "
895 "specified source mac");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]896 new_entry->bitmask |= EBT_SOURCEMAC;
897 break;
898 }
899 if (c == 'd') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]900 ebt_check_option(&replace.flags, OPT_DEST);
901 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]902 new_entry->invflags |= EBT_IDEST;
903
904 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]905 ebt_print_error("No destination mac "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]906 "specified");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]907 if (ebt_get_mac_and_mask(argv[optind - 1],
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]908 new_entry->destmac, new_entry->destmsk))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]909 ebt_print_error("Problem with "
910 "specified destination mac");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]911 new_entry->bitmask |= EBT_DESTMAC;
912 break;
913 }
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]914 ebt_check_option(&replace.flags, OPT_PROTOCOL);
915 if (ebt_check_inverse(optarg))
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]916 new_entry->invflags |= EBT_IPROTO;
917
918 if (optind > argc)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]919 ebt_print_error("No protocol specified");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]920 new_entry->bitmask &= ~((unsigned int)EBT_NOPROTO);
921 i = strtol(argv[optind - 1], &buffer, 16);
922 if (*buffer == '\0' && (i < 0 || i > 0xFFFF))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]923 ebt_print_error("Problem with the specified "
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]924 "protocol");
925 new_entry->ethproto = i;
Bart De Schuymer28bf6f62002-06-26 18:57:24 +0000[diff] [blame]926 if (*buffer != '\0') {
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]927 struct ethertypeent *ent;
928
929 if (!strcasecmp(argv[optind - 1], "LENGTH")) {
930 new_entry->bitmask |= EBT_802_3;
931 break;
932 }
933 ent = getethertypebyname(argv[optind - 1]);
934 if (!ent)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]935 ebt_print_error("Problem with the "
936 "specified protocol");
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]937 new_entry->ethproto = ent->e_ethertype;
Bart De Schuymer28bf6f62002-06-26 18:57:24 +0000[diff] [blame]938 }
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]939 if (new_entry->ethproto < 1536 &&
940 !(new_entry->bitmask & EBT_802_3))
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]941 ebt_print_error("Sorry, protocols have values "
942 "above or equal to 0x0600");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]943 break;
944
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]945 case 4 : /* Lc */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]946 ebt_check_option(&replace.flags, LIST_C);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]947 if (replace.command != 'L')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]948 ebt_print_error("Use --Lc with -L");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]949 if (replace.flags & LIST_X)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]950 ebt_print_error("--Lx not compatible with "
951 "--Lc");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]952 replace.flags |= LIST_C;
953 break;
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]954 case 5 : /* Ln */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]955 ebt_check_option(&replace.flags, LIST_N);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]956 if (replace.command != 'L')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]957 ebt_print_error("Use --Ln with -L");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]958 if (replace.flags & LIST_X)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]959 ebt_print_error("--Lx not compatible with "
960 "--Ln");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]961 replace.flags |= LIST_N;
962 break;
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]963 case 6 : /* Lx */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]964 ebt_check_option(&replace.flags, LIST_X);
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]965 if (replace.command != 'L')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]966 ebt_print_error("Use --Lx with -L");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]967 if (replace.flags & LIST_C)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]968 ebt_print_error("--Lx not compatible with "
969 "--Lc");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]970 if (replace.flags & LIST_N)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]971 ebt_print_error("--Lx not compatible with "
972 "--Ln");
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]973 replace.flags |= LIST_X;
974 break;
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]975 case 12 : /* Lmac2 */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]976 ebt_check_option(&replace.flags, LIST_MAC2);
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]977 if (replace.command != 'L')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]978 ebt_print_error("Use --Lmac2 with -L");
Bart De Schuymer22d03a22003-05-03 20:28:22 +0000[diff] [blame]979 replace.flags |= LIST_MAC2;
980 break;
Bart De Schuymer9895a8e2003-01-11 10:14:24 +0000[diff] [blame]981 case 8 : /* atomic-commit */
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]982 replace.command = c;
983 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]984 ebt_print_error("Multiple commands not "
985 "allowed");
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]986 replace.flags |= OPT_COMMAND;
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]987 if (!replace.filename)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]988 ebt_print_error("No atomic file specified");
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]989 /*
990 * get the information from the file
991 */
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]992 ebt_get_table(&replace, 0);
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]993 /*
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]994 * we don't want the kernel giving us its counters,
995 * they would overwrite the counters extracted from
996 * the file
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]997 */
Bart De Schuymerc56a31a2002-07-25 08:16:08 +0000[diff] [blame]998 replace.num_counters = 0;
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]999 /*
1000 * make sure the table will be written to the kernel
1001 */
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1002 free(replace.filename);
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]1003 replace.filename = NULL;
1004 break;
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1005 case 7 : /* atomic-init */
1006 case 10: /* atomic-save */
1007 case 11: /* init-table */
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]1008 replace.command = c;
1009 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1010 ebt_print_error("Multiple commands not "
1011 "allowed");
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1012 if (c != 11 && !replace.filename)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1013 ebt_print_error("No atomic file specified");
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]1014 replace.flags |= OPT_COMMAND;
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1015 {
1016 char *tmp = replace.filename;
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1017 int init = 1;
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1018
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1019 if (c == 10)
1020 init = 0;
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1021 tmp = replace.filename;
1022 /* get the kernel table */
1023 replace.filename = NULL;
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1024 ebt_get_kernel_table(&replace, table, init);
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1025 replace.filename = tmp;
1026 }
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1027 break;
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1028 case 9 : /* atomic */
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1029 if (replace.flags & OPT_COMMAND)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1030 ebt_print_error("--atomic has to come before"
1031 " the command");
Bart De Schuymer5885b362002-12-03 20:51:36 +0000[diff] [blame]1032 /* another possible memory leak here */
Bart De Schuymer62423742002-07-14 19:06:20 +0000[diff] [blame]1033 replace.filename = (char *)malloc(strlen(optarg) + 1);
1034 strcpy(replace.filename, optarg);
1035 break;
Bart De Schuymera615b962002-11-03 14:54:09 +0000[diff] [blame]1036 case 1 :
1037 if (!strcmp(optarg, "!"))
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1038 ebt_check_inverse(optarg);
Bart De Schuymera615b962002-11-03 14:54:09 +0000[diff] [blame]1039 else
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1040 ebt_print_error("Bad argument : %s", optarg);
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1041 /*
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1042 * ebt_check_inverse() did optind++
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1043 */
Bart De Schuymera615b962002-11-03 14:54:09 +0000[diff] [blame]1044 optind--;
1045 continue;
Bart De Schuymer9af14f92002-07-10 20:49:10 +0000[diff] [blame]1046 default:
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1047 /*
1048 * is it a target option?
1049 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1050 t = (struct ebt_u_target *)new_entry->t;
1051 if ((t->parse(c - t->option_offset, argv, argc,
1052 new_entry, &t->flags, &t->t)))
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]1053 goto check_extension;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1054
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1055 /*
1056 * is it a match_option?
1057 */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1058 for (m = ebt_matches; m; m = m->next)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1059 if (m->parse(c - m->option_offset, argv,
1060 argc, new_entry, &m->flags, &m->m))
1061 break;
1062
1063 if (m != NULL) {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1064 if (m->used == 0) {
1065 ebt_add_match(new_entry, m);
1066 m->used = 1;
1067 }
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]1068 goto check_extension;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1069 }
1070
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1071 /*
1072 * is it a watcher option?
1073 */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1074 for (w = ebt_watchers; w; w = w->next)
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1075 if (w->parse(c-w->option_offset, argv,
1076 argc, new_entry, &w->flags, &w->w))
1077 break;
1078
1079 if (w == NULL)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1080 ebt_print_error("Unknown argument");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1081 if (w->used == 0) {
1082 ebt_add_watcher(new_entry, w);
1083 w->used = 1;
1084 }
Bart De Schuymerdd5594b2002-06-26 18:05:20 +0000[diff] [blame]1085check_extension:
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]1086 if (replace.command != 'A' && replace.command != 'I' &&
1087 replace.command != 'D')
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1088 ebt_print_error("Extensions only for -A, "
1089 "-I and -D");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1090 }
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1091 ebt_invert = 0;
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1092 }
1093
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1094 if ( !table && !(table = ebt_find_table(replace.name)) )
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1095 ebt_print_error("Bad table name");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1096
1097 if ( (replace.flags & OPT_COMMAND) && replace.command != 'L' &&
1098 replace.flags & OPT_ZERO )
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1099 ebt_print_error("Command -Z only allowed together with "
1100 "command -L");
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1101
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1102 /*
1103 * do this after parsing everything, so we can print specific info
1104 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1105 if (replace.command == 'h' && !(replace.flags & OPT_ZERO))
1106 print_help();
1107
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1108 /*
1109 * do the final checks
1110 */
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]1111 if (replace.command == 'A' || replace.command == 'I' ||
1112 replace.command == 'D') {
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1113 /*
1114 * this will put the hook_mask right for the chains
1115 */
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1116 ebt_check_for_loops(&replace);
1117 entries = ebt_to_chain(&replace);
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]1118 m_l = new_entry->m_list;
1119 w_l = new_entry->w_list;
1120 t = (struct ebt_u_target *)new_entry->t;
1121 while (m_l) {
1122 m = (struct ebt_u_match *)(m_l->m);
1123 m->final_check(new_entry, m->m, replace.name,
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1124 entries->hook_mask, 0);
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]1125 m_l = m_l->next;
1126 }
1127 while (w_l) {
1128 w = (struct ebt_u_watcher *)(w_l->w);
1129 w->final_check(new_entry, w->w, replace.name,
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1130 entries->hook_mask, 0);
Bart De Schuymer60332e02002-06-23 08:01:47 +0000[diff] [blame]1131 w_l = w_l->next;
1132 }
1133 t->final_check(new_entry, t->t, replace.name,
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1134 entries->hook_mask, 0);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1135 }
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1136 /*
1137 * so, the extensions can work with the host endian
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1138 * the kernel does not have to do this of course
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1139 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1140 new_entry->ethproto = htons(new_entry->ethproto);
1141
Bart De Schuymerc34f4672002-08-18 18:03:52 +0000[diff] [blame]1142 if (replace.command == 'P') {
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1143 if (replace.selected_chain < NF_BR_NUMHOOKS &&
Bart De Schuymerc34f4672002-08-18 18:03:52 +0000[diff] [blame]1144 policy == EBT_RETURN)
Bart De Schuymer64182a32004-01-21 20:39:54 +0000[diff] [blame]1145 ebt_print_error("Policy RETURN only allowed for user "
1146 "defined chains");
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1147 ebt_change_policy(&replace, policy);
Bart De Schuymerc34f4672002-08-18 18:03:52 +0000[diff] [blame]1148 } else if (replace.command == 'L') {
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1149 list_rules();
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1150 if (replace.flags & OPT_ZERO) {
1151 replace.selected_chain = zerochain;
1152 ebt_zero_counters(&replace);
1153 } else
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1154 exit(0);
1155 }
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1156 if (replace.flags & OPT_ZERO) {
1157 replace.selected_chain = zerochain;
1158 ebt_zero_counters(&replace);
1159 } else if (replace.command == 'F')
1160 ebt_flush_chains(&replace);
1161 else if (replace.command == 'A' || replace.command == 'I') {
1162 ebt_add_rule(&replace, new_entry, rule_nr);
1163 ebt_check_for_loops(&replace);
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1164 /*
1165 * do the final_check(), for all entries
1166 * needed when adding a rule that has a chain target
1167 */
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1168 i = -1;
1169 while (1) {
1170 struct ebt_u_entry *e;
1171
1172 i++;
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1173 entries = ebt_nr_to_chain(&replace, i);
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1174 if (!entries) {
1175 if (i < NF_BR_NUMHOOKS)
1176 continue;
1177 else
1178 break;
1179 }
1180 e = entries->entries;
1181 while (e) {
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1182 /*
1183 * userspace extensions use host endian
1184 */
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1185 e->ethproto = ntohs(e->ethproto);
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1186 ebt_do_final_checks(&replace, e, entries);
Bart De Schuymer7b9aaeb2002-06-23 20:38:34 +0000[diff] [blame]1187 e->ethproto = htons(e->ethproto);
1188 e = e->next;
1189 }
1190 }
Bart De Schuymerc3b97f52003-04-17 17:03:49 +0000[diff] [blame]1191 } else if (replace.command == 'D')
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1192 ebt_delete_rule(&replace, new_entry, rule_nr, rule_nr_end);
Bart De Schuymerc7bfa272002-11-20 19:40:13 +0000[diff] [blame]1193 /*
1194 * commands -N, -E, -X, --atomic-commit, --atomic-commit, --atomic-save,
1195 * --init-table fall through
1196 */
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1197
1198 if (table->check)
1199 table->check(&replace);
1200
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1201 ebt_deliver_table(&replace);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1202
Bart De Schuymered053432002-07-21 19:35:39 +0000[diff] [blame]1203 if (replace.counterchanges)
Bart De Schuymer8339ff12004-01-14 20:05:27 +0000[diff] [blame]1204 ebt_deliver_counters(&replace);
Bart De Schuymer1abc55d2002-06-01 19:23:47 +0000[diff] [blame]1205 return 0;
1206}