1 /* Shared library add-on to iptables to add IP range matching support. */
9 #include <linux/netfilter_ipv4/ipt_iprange.h>
11 /* Function which prints out usage message. */
16 "iprange match v%s options:\n"
17 "[!] --src-range ip-ip Match source IP in the specified range\n"
18 "[!] --dst-range ip-ip Match destination IP in the specified range\n"
23 static struct option opts[] = {
24 { "src-range", 1, 0, '1' },
25 { "dst-range", 1, 0, '2' },
30 parse_iprange(char *arg, struct ipt_iprange *range)
35 dash = strchr(arg, '-');
39 ip = dotted_to_addr(arg);
41 exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
43 range->min_ip = ip->s_addr;
46 ip = dotted_to_addr(dash+1);
48 exit_error(PARAMETER_PROBLEM, "iprange match: Bad IP address `%s'\n",
50 range->max_ip = ip->s_addr;
52 range->max_ip = range->min_ip;
55 /* Function which parses command options; returns true if it
58 parse(int c, char **argv, int invert, unsigned int *flags,
59 const struct ipt_entry *entry,
60 unsigned int *nfcache,
61 struct ipt_entry_match **match)
63 struct ipt_iprange_info *info = (struct ipt_iprange_info *)(*match)->data;
67 if (*flags & IPRANGE_SRC)
68 exit_error(PARAMETER_PROBLEM,
69 "iprange match: Only use --src-range ONCE!");
70 *flags |= IPRANGE_SRC;
72 info->flags |= IPRANGE_SRC;
73 check_inverse(optarg, &invert, &optind, 0);
75 info->flags |= IPRANGE_SRC_INV;
78 parse_iprange(optarg, &info->src);
83 if (*flags & IPRANGE_DST)
84 exit_error(PARAMETER_PROBLEM,
85 "iprange match: Only use --dst-range ONCE!");
86 *flags |= IPRANGE_DST;
88 info->flags |= IPRANGE_DST;
89 check_inverse(optarg, &invert, &optind, 0);
91 info->flags |= IPRANGE_DST_INV;
93 parse_iprange(optarg, &info->dst);
103 /* Final check; must have specified --src-range or --dst-range. */
105 final_check(unsigned int flags)
108 exit_error(PARAMETER_PROBLEM,
109 "iprange match: You must specify `--src-range' or `--dst-range'");
113 print_iprange(const struct ipt_iprange *range)
115 const unsigned char *byte_min, *byte_max;
117 byte_min = (const unsigned char *) &(range->min_ip);
118 byte_max = (const unsigned char *) &(range->max_ip);
119 printf("%d.%d.%d.%d-%d.%d.%d.%d ",
120 byte_min[0], byte_min[1], byte_min[2], byte_min[3],
121 byte_max[0], byte_max[1], byte_max[2], byte_max[3]);
124 /* Prints out the info. */
126 print(const struct ipt_ip *ip,
127 const struct ipt_entry_match *match,
130 struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
132 if (info->flags & IPRANGE_SRC) {
133 printf("source IP range ");
134 if (info->flags & IPRANGE_SRC_INV)
136 print_iprange(&info->src);
138 if (info->flags & IPRANGE_DST) {
139 printf("destination IP range ");
140 if (info->flags & IPRANGE_DST_INV)
142 print_iprange(&info->dst);
146 /* Saves the union ipt_info in parsable form to stdout. */
148 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
150 struct ipt_iprange_info *info = (struct ipt_iprange_info *)match->data;
152 if (info->flags & IPRANGE_SRC) {
153 if (info->flags & IPRANGE_SRC_INV)
155 printf("--src-range ");
156 print_iprange(&info->src);
157 if (info->flags & IPRANGE_DST)
160 if (info->flags & IPRANGE_DST) {
161 if (info->flags & IPRANGE_DST_INV)
163 printf("--dst-range ");
164 print_iprange(&info->dst);
168 static struct iptables_match iprange = {
171 .version = IPTABLES_VERSION,
172 .size = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
173 .userspacesize = IPT_ALIGN(sizeof(struct ipt_iprange_info)),
176 .final_check = &final_check,
184 register_match(&iprange);