File containing the implementation of the IP tables utilities. More...

#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <limits.h>
#include "allocs.h"
#include "iface_mapper.h"
#include "iptables.h"
#include "log.h"
#include "net.h"
#include "os.h"

Include dependency graph for iptables.c:

Data Structures
struct	iptables_columns

Macros
#define	BASIC_FLUSH_COMMANDS

Functions
struct iptables_columns	process_rule_column (char *column)

int	process_rule_lines (struct iptables_context ctx, char rule_str)

void	list_rule_cb (void ctx, void buf, size_t count)

int	run_iptables (struct iptables_context ctx, const char const argv[], process_callback_fn fn)

int	flush_iptables (struct iptables_context *ctx)

int	add_baseif_rules (struct iptables_context ctx, UT_array ifinfo_array)

void	iptables_free (struct iptables_context *ctx)
	Free the iptables context. More...

struct iptables_context *	iptables_init (const char path, UT_array ifinfo_array, bool exec_iptables)
	Initialises the iptables rules list. More...

int	get_filter_rules (struct iptables_context *ctx)

int	get_nat_rules (struct iptables_context *ctx)

long	find_rule (UT_array rlist, const char sip, const char sif, const char dip, const char dif, const char target)

int	delete_bridge_rule (struct iptables_context ctx, const char sip, const char sif, const char dip, const char *dif)

int	iptables_delete_bridge (struct iptables_context ctx, const char sip, const char sif, const char dip, const char *dif)
	Delete a bridge rule. More...

long	find_baseif_rulenum (UT_array rlist, const char ifname)

int	add_bridge_rule (struct iptables_context ctx, const char sip, const char sif, const char dip, const char *dif)

int	iptables_add_bridge (struct iptables_context ctx, char sip, char sif, char dip, char *dif)
	Add a bridge rule to the list of rules. More...

int	iptables_delete_nat (struct iptables_context ctx, char sip, char sif, char nif)
	Delete a NAT rule. More...

int	iptables_add_nat (struct iptables_context ctx, char sip, char sif, char nif)
	Add a NAT rule. More...

Detailed Description

File containing the implementation of the IP tables utilities.

Author: Alexandru Mereacre

Date: 2020

Copyright: SPDX-FileCopyrightText: © 2020 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Macro Definition Documentation

◆ BASIC_FLUSH_COMMANDS

#define BASIC_FLUSH_COMMANDS

Value:

  {                                                                             \
    {"-P", "INPUT", "ACCEPT", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL},  \
        {"-P", "FORWARD", "ACCEPT", NULL, NULL, NULL,                           \
         NULL, NULL,      NULL,     NULL, NULL},                                \
        {"-P", "OUTPUT", "ACCEPT", NULL, NULL, NULL,                            \
         NULL, NULL,     NULL,     NULL, NULL},                                 \
        {"-F", "-t", "nat", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL},    \
        {"-F", "-t", "mangle", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL}, \
        {"-F", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL},     \
        {"-X", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL},     \
        {"-A",    "FORWARD",     "-t", "filter", "--src", "224.0.0.0/4",        \
         "--dst", "224.0.0.0/4", "-j", "ACCEPT", NULL},                         \
        {NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL},     \
  }

Function Documentation

◆ add_baseif_rules()

int add_baseif_rules	(	struct iptables_context *	ctx,
		UT_array *	ifinfo_array
	)

◆ add_bridge_rule()

int add_bridge_rule	(	struct iptables_context *	ctx,
		const char *	sip,
		const char *	sif,
		const char *	dip,
		const char *	dif
	)

◆ delete_bridge_rule()

int delete_bridge_rule	(	struct iptables_context *	ctx,
		const char *	sip,
		const char *	sif,
		const char *	dip,
		const char *	dif
	)

◆ find_baseif_rulenum()

long find_baseif_rulenum	(	UT_array *	rlist,
		const char *	ifname
	)

◆ find_rule()

long find_rule	(	UT_array *	rlist,
		const char *	sip,
		const char *	sif,
		const char *	dip,
		const char *	dif,
		const char *	target
	)

◆ flush_iptables()

int flush_iptables ( struct iptables_context * ctx )

◆ get_filter_rules()

int get_filter_rules ( struct iptables_context * ctx )

◆ get_nat_rules()

int get_nat_rules ( struct iptables_context * ctx )

◆ iptables_add_bridge()

int iptables_add_bridge	(	struct iptables_context *	ctx,
		char *	sip,
		char *	sif,
		char *	dip,
		char *	dif
	)

Add a bridge rule to the list of rules.

Parameters

ctx	The iptables context
sip	Source IP string
sif	Source interface name string
dip	Destination IP string
dif	Destination interface name string

Returns: 0 on sucess, -1 on error

◆ iptables_add_nat()

int iptables_add_nat	(	struct iptables_context *	ctx,
		char *	sip,
		char *	sif,
		char *	nif
	)

Add a NAT rule.

Parameters

ctx	The iptables context
sip	Source IP string
sif	Source interface name string
nif	NAT interface name string

Returns: 0 on success, -1 on error

◆ iptables_delete_bridge()

int iptables_delete_bridge	(	struct iptables_context *	ctx,
		const char *	sip,
		const char *	sif,
		const char *	dip,
		const char *	dif
	)

Delete a bridge rule.

Parameters

ctx	The iptables context
sip	Source IP string
sif	Source interface name string
dip	Destination IP string
dif	Destination interface name string

Returns: 0 on success, -1 on error

◆ iptables_delete_nat()

int iptables_delete_nat	(	struct iptables_context *	ctx,
		char *	sip,
		char *	sif,
		char *	nif
	)

Delete a NAT rule.

Parameters

ctx	The iptables context
sip	Source IP string
sif	Source interface name string
nif	NAT interface name string

Returns: 0 on success, -1 on error

◆ iptables_free()

void iptables_free ( struct iptables_context * ctx )

Free the iptables context.

Parameters

ctx	The iptables context

◆ iptables_init()

struct iptables_context* iptables_init	(	const char *	path,
		UT_array *	ifinfo_array,
		bool	exec_iptables
	)

Initialises the iptables rules list.

Parameters

path	The iptables binary path
ifinfo_array	Array of interface configuration info structure
exec_iptables	Execute the iptables command

Returns: struct iptables_context*, pointer to newly created iptables context, NULL on failure

◆ list_rule_cb()

void list_rule_cb	(	void *	ctx,
		void *	buf,
		size_t	count
	)

◆ process_rule_column()

struct iptables_columns process_rule_column ( char * column )

◆ process_rule_lines()

int process_rule_lines	(	struct iptables_context *	ctx,
		char *	rule_str
	)

◆ run_iptables()

int run_iptables	(	struct iptables_context *	ctx,
		const char *const	argv[],
		process_callback_fn	fn
	)

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ BASIC_FLUSH_COMMANDS

Function Documentation

◆ add_baseif_rules()

◆ add_bridge_rule()

◆ delete_bridge_rule()

◆ find_baseif_rulenum()

◆ find_rule()

◆ flush_iptables()

◆ get_filter_rules()

◆ get_nat_rules()

◆ iptables_add_bridge()

◆ iptables_add_nat()

◆ iptables_delete_bridge()

◆ iptables_delete_nat()

◆ iptables_free()

◆ iptables_init()

◆ list_rule_cb()

◆ process_rule_column()

◆ process_rule_lines()

◆ run_iptables()