[deliverable/linux.git] / net / netfilter / xt_REDIRECT.c

/*
 * (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Based on Rusty Russell's IPv4 REDIRECT target. Development of IPv6
 * NAT funded by Astaro.
 */

#include <linux/if.h>
#include <linux/inetdevice.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/types.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/x_tables.h>
#include <net/addrconf.h>
#include <net/checksum.h>
#include <net/protocol.h>
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/ipv4/nf_nat_redirect.h>
#include <net/netfilter/ipv6/nf_nat_redirect.h>

static unsigned int
redirect_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
	return nf_nat_redirect_ipv6(skb, par->targinfo, par->hooknum);
}

static int redirect_tg6_checkentry(const struct xt_tgchk_param *par)
{
	const struct nf_nat_range *range = par->targinfo;

	if (range->flags & NF_NAT_RANGE_MAP_IPS)
		return -EINVAL;
	return 0;
}

/* FIXME: Take multiple ranges --RR */
static int redirect_tg4_check(const struct xt_tgchk_param *par)
{
	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;

	if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
		pr_debug("bad MAP_IPS.\n");
		return -EINVAL;
	}
	if (mr->rangesize != 1) {
		pr_debug("bad rangesize %u.\n", mr->rangesize);
		return -EINVAL;
	}
	return 0;
}

static unsigned int
redirect_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
	return nf_nat_redirect_ipv4(skb, par->targinfo, par->hooknum);
}

static struct xt_target redirect_tg_reg[] __read_mostly = {
	{
		.name       = "REDIRECT",
		.family     = NFPROTO_IPV6,
		.revision   = 0,
		.table      = "nat",
		.checkentry = redirect_tg6_checkentry,
		.target     = redirect_tg6,
		.targetsize = sizeof(struct nf_nat_range),
		.hooks      = (1 << NF_INET_PRE_ROUTING) |
		              (1 << NF_INET_LOCAL_OUT),
		.me         = THIS_MODULE,
	},
	{
		.name       = "REDIRECT",
		.family     = NFPROTO_IPV4,
		.revision   = 0,
		.table      = "nat",
		.target     = redirect_tg4,
		.checkentry = redirect_tg4_check,
		.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
		.hooks      = (1 << NF_INET_PRE_ROUTING) |
		              (1 << NF_INET_LOCAL_OUT),
		.me         = THIS_MODULE,
	},
};

static int __init redirect_tg_init(void)
{
	return xt_register_targets(redirect_tg_reg,
				   ARRAY_SIZE(redirect_tg_reg));
}

static void __exit redirect_tg_exit(void)
{
	xt_unregister_targets(redirect_tg_reg, ARRAY_SIZE(redirect_tg_reg));
}

module_init(redirect_tg_init);
module_exit(redirect_tg_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_DESCRIPTION("Xtables: Connection redirection to localhost");
MODULE_ALIAS("ip6t_REDIRECT");
MODULE_ALIAS("ipt_REDIRECT");
Commit	Line	Data
2cbc78a2 JE	1	/*
	2	* (C) 1999-2001 Paul `Rusty' Russell
	3	* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
	4	* Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*
	10	* Based on Rusty Russell's IPv4 REDIRECT target. Development of IPv6
	11	* NAT funded by Astaro.
	12	*/
	13
	14	#include <linux/if.h>
	15	#include <linux/inetdevice.h>
	16	#include <linux/ip.h>
	17	#include <linux/kernel.h>
	18	#include <linux/module.h>
	19	#include <linux/netdevice.h>
	20	#include <linux/netfilter.h>
	21	#include <linux/types.h>
	22	#include <linux/netfilter_ipv4.h>
	23	#include <linux/netfilter_ipv6.h>
	24	#include <linux/netfilter/x_tables.h>
	25	#include <net/addrconf.h>
	26	#include <net/checksum.h>
	27	#include <net/protocol.h>
	28	#include <net/netfilter/nf_nat.h>
8b13eddf	29	#include <net/netfilter/ipv4/nf_nat_redirect.h>
9de920ed	30	#include <net/netfilter/ipv6/nf_nat_redirect.h>
2cbc78a2 JE	31
	32	static unsigned int
	33	redirect_tg6(struct sk_buff skb, const struct xt_action_param par)
	34	{
9de920ed	35	return nf_nat_redirect_ipv6(skb, par->targinfo, par->hooknum);
2cbc78a2 JE	36	}
	37
	38	static int redirect_tg6_checkentry(const struct xt_tgchk_param *par)
	39	{
	40	const struct nf_nat_range *range = par->targinfo;
	41
	42	if (range->flags & NF_NAT_RANGE_MAP_IPS)
	43	return -EINVAL;
	44	return 0;
	45	}
	46
	47	/* FIXME: Take multiple ranges --RR */
	48	static int redirect_tg4_check(const struct xt_tgchk_param *par)
	49	{
	50	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
	51
	52	if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
	53	pr_debug("bad MAP_IPS.\n");
	54	return -EINVAL;
	55	}
	56	if (mr->rangesize != 1) {
	57	pr_debug("bad rangesize %u.\n", mr->rangesize);
	58	return -EINVAL;
	59	}
	60	return 0;
	61	}
	62
	63	static unsigned int
	64	redirect_tg4(struct sk_buff skb, const struct xt_action_param par)
	65	{
8b13eddf	66	return nf_nat_redirect_ipv4(skb, par->targinfo, par->hooknum);
2cbc78a2 JE	67	}
	68
	69	static struct xt_target redirect_tg_reg[] __read_mostly = {
	70	{
	71	.name = "REDIRECT",
	72	.family = NFPROTO_IPV6,
	73	.revision = 0,
	74	.table = "nat",
	75	.checkentry = redirect_tg6_checkentry,
	76	.target = redirect_tg6,
	77	.targetsize = sizeof(struct nf_nat_range),
	78	.hooks = (1 << NF_INET_PRE_ROUTING) \|
	79	(1 << NF_INET_LOCAL_OUT),
	80	.me = THIS_MODULE,
	81	},
	82	{
	83	.name = "REDIRECT",
	84	.family = NFPROTO_IPV4,
	85	.revision = 0,
	86	.table = "nat",
	87	.target = redirect_tg4,
	88	.checkentry = redirect_tg4_check,
	89	.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
	90	.hooks = (1 << NF_INET_PRE_ROUTING) \|
	91	(1 << NF_INET_LOCAL_OUT),
	92	.me = THIS_MODULE,
	93	},
	94	};
	95
	96	static int __init redirect_tg_init(void)
	97	{
	98	return xt_register_targets(redirect_tg_reg,
	99	ARRAY_SIZE(redirect_tg_reg));
	100	}
	101
	102	static void __exit redirect_tg_exit(void)
	103	{
	104	xt_unregister_targets(redirect_tg_reg, ARRAY_SIZE(redirect_tg_reg));
	105	}
	106
	107	module_init(redirect_tg_init);
	108	module_exit(redirect_tg_exit);
	109
	110	MODULE_LICENSE("GPL");
	111	MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
	112	MODULE_DESCRIPTION("Xtables: Connection redirection to localhost");
	113	MODULE_ALIAS("ip6t_REDIRECT");
	114	MODULE_ALIAS("ipt_REDIRECT");