Initial commit

andrsharaev · Jul 14, 2019 · 5e3682f · 5e3682f
1 parent d6527f5
commit 5e3682f
Show file tree

Hide file tree

Showing 5 changed files with 1,950 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,62 @@
+KVER   ?= $(shell uname -r)
+KDIR   ?= /lib/modules/$(KVER)/build/
+DEPMOD  = /sbin/depmod -a
+CC     ?= gcc
+obj-m   = xt_NAT.o
+CFLAGS_xt_NAT.o := -DDEBUG
+
+all: xt_NAT.ko libxt_NAT.so
+
+xt_NAT.ko: xt_NAT.c
+	make -C $(KDIR) M=$(CURDIR) modules CONFIG_DEBUG_INFO=y
+	-sync
+
+%_sh.o: libxt_NAT.c
+	gcc -O2 -Wall -Wunused -fPIC -o $@ -c $<
+
+%.so: %_sh.o
+	gcc -shared -o $@ $<
+
+sparse: clean | xt_NAT.c xt_NAT.h
+	make -C $(KDIR) M=$(CURDIR) modules C=1
+
+cppcheck:
+	cppcheck -I $(KDIR)/include --enable=all --inconclusive xt_NAT.c
+	cppcheck libxt_NAT.c
+
+coverity:
+	coverity-submit -v
+
+clean:
+	make -C $(KDIR) M=$(CURDIR) clean
+	-rm -f *.so *_sh.o *.o modules.order
+
+install: | minstall linstall
+
+minstall: | xt_NAT.ko
+	make -C $(KDIR) M=$(CURDIR) modules_install INSTALL_MOD_PATH=$(DESTDIR)
+
+linstall: libxt_NAT.so
+	install -D $< $(DESTDIR)$(shell pkg-config --variable xtlibdir xtables)/$<
+
+uninstall:
+	-rm -f $(DESTDIR)$(shell pkg-config --variable xtlibdir xtables)/libxt_NAT.so
+	-rm -f $(KDIR)/extra/xt_NAT.ko
+
+load: all
+	-sync
+	-modprobe x_tables
+	-mkdir -p /lib64/modules/`uname -r`/kernel/net/ipv4/
+	-cp xt_NAT.ko /lib64/modules/`uname -r`/kernel/net/ipv4/
+	-depmod `uname -r`
+	-modprobe xt_NAT
+	-iptables-restore < iptables.rules
+	-conntrack -F
+unload:
+	-/etc/init.d/iptables restart
+	-rmmod xt_NAT.ko
+del:
+	-sync
+reload: unload clean load
+
+.PHONY: all minstall linstall install uninstall clean cppcheck
diff --git a/compat.h b/compat.h
@@ -0,0 +1,15 @@
+/* This code is derived from the Linux Kernel sources intended
+ * to maintain compatibility with different Kernel versions.
+ * Copyright of original source is of respective Linux Kernel authors.
+ * License is GPLv2.
+ */
+
+#ifndef COMPAT_NAT_H
+#define COMPAT_NAT_H
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
+# define sock_create_kern(f, t, p, s) sock_create_kern(&init_net, f, t, p, s)
+#endif
+
+#endif /* COMPAT_NAT_H */
+
diff --git a/libxt_NAT.c b/libxt_NAT.c
@@ -0,0 +1,93 @@
+#include <getopt.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include "xt_NAT.h"
+
+enum {
+    F_SNAT  = 1 << 0,
+    F_DNAT  = 1 << 1,
+};
+
+static const struct option nat_tg_opts[] = {
+    {.name = "snat", .has_arg = false, .val = 's'},
+    {.name = "dnat", .has_arg = false, .val = 'd'},
+    {NULL},
+};
+
+static void nat_tg_help(void)
+{
+    printf(
+        "NAT target options:\n"
+        "  --snat    Create NAT translation from Inside to Outside\n"
+        "  --dnat    Allow NAT for revert traffic from Outside to Inside\n");
+}
+
+static int nat_tg_parse(int c, char **argv, int invert, unsigned int *flags,
+                        const void *entry, struct xt_entry_target **target)
+{
+    struct xt_nat_tginfo *info = (void *)(*target)->data;
+
+    switch (c) {
+    case 's':
+        info->variant = XTNAT_SNAT;
+        *flags |= F_SNAT;
+        return true;
+    case 'd':
+        info->variant = XTNAT_DNAT;
+        *flags |= F_DNAT;
+        return true;
+    }
+    return false;
+}
+
+static void nat_tg_check(unsigned int flags)
+{
+    if (flags == (F_SNAT | F_DNAT))
+        xtables_error(PARAMETER_PROBLEM,
+                      "NAT: only one action can be used at a time");
+}
+
+static void nat_tg_save(const void *ip,
+                        const struct xt_entry_target *target)
+{
+    const struct xt_nat_tginfo *info = (const void *)target->data;
+
+    switch (info->variant) {
+    case XTNAT_SNAT:
+        printf(" --snat ");
+        break;
+    case XTNAT_DNAT:
+        printf(" --dnat ");
+        break;
+    }
+}
+
+static void nat_tg_print(const void *ip,
+                         const struct xt_entry_target *target, int numeric)
+{
+    printf(" -j NAT");
+    nat_tg_save(ip, target);
+}
+
+static struct xtables_target nat_tg_reg = {
+    .version       = XTABLES_VERSION,
+    .name          = "NAT",
+    .family        = NFPROTO_IPV4,
+    .size          = XT_ALIGN(sizeof(struct xt_nat_tginfo)),
+    .userspacesize = XT_ALIGN(sizeof(struct xt_nat_tginfo)),
+    .help          = nat_tg_help,
+    .parse         = nat_tg_parse,
+    .final_check   = nat_tg_check,
+    .print         = nat_tg_print,
+    .save          = nat_tg_save,
+    .extra_opts    = nat_tg_opts,
+};
+
+static __attribute__((constructor)) void nat_tg_ldr(void)
+{
+    xtables_register_target(&nat_tg_reg);
+}
+