update to iptables-1.3.8

[iptables.git] / extensions / libipt_REDIRECT.c

diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 052b533..6b38716 100644 (file)
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -6,7 +6,10 @@
 #include <getopt.h>
 #include <iptables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_nat_rule.h>
+#include <linux/netfilter/nf_nat.h>
+
+#define IPT_REDIRECT_OPT_DEST  0x01
+#define IPT_REDIRECT_OPT_RANDOM        0x02
 
 /* Function which prints out usage message. */
 static void
@@ -21,6 +24,7 @@ IPTABLES_VERSION);
 
 static struct option opts[] = {
        { "to-ports", 1, 0, '1' },
+       { "random", 1, 0, '2' },
        { 0 }
 };
 
@@ -33,8 +37,6 @@ init(struct ipt_entry_target *t, unsigned int *nfcache)
        /* Actually, it's 0, but it's ignored at the moment. */
        mr->rangesize = 1;
 
-       /* Can't cache this */
-       *nfcache |= NFC_UNKNOWN;
 }
 
 /* Parses ports */
@@ -46,6 +48,9 @@ parse_ports(const char *arg, struct ip_nat_multi_range *mr)
 
        mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
 
+       if (strchr(arg, '.'))
+               exit_error(PARAMETER_PROBLEM, "IP address not permitted\n");
+
        port = atoi(arg);
        if (port == 0 || port > 65535)
                exit_error(PARAMETER_PROBLEM, "Port `%s' not valid\n", arg);
@@ -83,7 +88,8 @@ parse(int c, char **argv, int invert, unsigned int *flags,
        int portok;
 
        if (entry->ip.proto == IPPROTO_TCP
-           || entry->ip.proto == IPPROTO_UDP)
+           || entry->ip.proto == IPPROTO_UDP
+           || entry->ip.proto == IPPROTO_ICMP)
                portok = 1;
        else
                portok = 0;
@@ -99,6 +105,17 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                                   "Unexpected `!' after --to-ports");
 
                parse_ports(optarg, mr);
+               if (*flags & IPT_REDIRECT_OPT_RANDOM)
+                       mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
+               *flags |= IPT_REDIRECT_OPT_DEST;
+               return 1;
+
+       case '2':
+               if (*flags & IPT_REDIRECT_OPT_DEST) {
+                       mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM;
+                       *flags |= IPT_REDIRECT_OPT_RANDOM;
+               } else
+                       *flags |= IPT_REDIRECT_OPT_RANDOM;
                return 1;
 
        default:
@@ -127,6 +144,8 @@ print(const struct ipt_ip *ip,
                if (r->max.tcp.port != r->min.tcp.port)
                        printf("-%hu", ntohs(r->max.tcp.port));
                printf(" ");
+               if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
+                       printf("random ");
        }
 }
 
@@ -144,23 +163,24 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
                if (r->max.tcp.port != r->min.tcp.port)
                        printf("-%hu", ntohs(r->max.tcp.port));
                printf(" ");
+               if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM)
+                       printf("--random ");
        }
 }
 
-static
-struct iptables_target redir
-= { NULL,
-    "REDIRECT",
-    IPTABLES_VERSION,
-    IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-    IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
-    &help,
-    &init,
-    &parse,
-    &final_check,
-    &print,
-    &save,
-    opts
+static struct iptables_target redir = { 
+       .next           = NULL,
+       .name           = "REDIRECT",
+       .version        = IPTABLES_VERSION,
+       .size           = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+       .userspacesize  = IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
+       .help           = &help,
+       .init           = &init,
+       .parse          = &parse,
+       .final_check    = &final_check,
+       .print          = &print,
+       .save           = &save,
+       .extra_opts     = opts
 };
 
 void _init(void)