int
get_nat_redirect_rule(const char * nat_chain_name, const char * ifname, unsigned short eport, int proto,
char * iaddr, int iaddrlen, unsigned short * iport,
char * desc, int desclen,
char * rhost, int rhostlen,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes)
{
int r = -1;
IPTC_HANDLE h;
const struct ipt_entry * e;
const struct ipt_entry_target * target;
const struct ip_nat_multi_range * mr;
const struct ipt_entry_match *match;
UNUSED(ifname);
h = iptc_init("nat");
if(!h)
{
syslog(LOG_ERR, "get_redirect_rule() : "
"iptc_init() failed : %s",
iptc_strerror(errno));
return -1;
}
if(!iptc_is_chain(nat_chain_name, h))
{
syslog(LOG_ERR, "chain %s not found", nat_chain_name);
}
else
{
#ifdef IPTABLES_143
for(e = iptc_first_rule(nat_chain_name, h);
e;
e = iptc_next_rule(e, h))
#else
for(e = iptc_first_rule(nat_chain_name, &h);
e;
e = iptc_next_rule(e, &h))
#endif
{
if(proto==e->ip.proto)
{
match = (const struct ipt_entry_match *)&e->elems;
if(0 == strncmp(match->u.user.name, "tcp", IPT_FUNCTION_MAXNAMELEN))
{
const struct ipt_tcp * info;
info = (const struct ipt_tcp *)match->data;
if(eport != info->dpts[0])
continue;
}
else
{
const struct ipt_udp * info;
info = (const struct ipt_udp *)match->data;
if(eport != info->dpts[0])
continue;
}
target = (void *)e + e->target_offset;
/* target = ipt_get_target(e); */
mr = (const struct ip_nat_multi_range *)&target->data[0];
snprintip(iaddr, iaddrlen, ntohl(mr->range[0].min_ip));
*iport = ntohs(mr->range[0].min.all);
get_redirect_desc(eport, proto, desc, desclen, timestamp);
if(packets)
*packets = e->counters.pcnt;
if(bytes)
*bytes = e->counters.bcnt;
/* rhost */
if(e->ip.src.s_addr && rhost) {
snprintip(rhost, rhostlen, ntohl(e->ip.src.s_addr));
}
r = 0;
break;
}
}
}
if(h)
#ifdef IPTABLES_143
iptc_free(h);
#else
iptc_free(&h);
#endif
return r;
}
/* get_peer_rule_by_index()
* return -1 when the rule was not found */
int
get_peer_rule_by_index(int index,
char * ifname, unsigned short * eport,
char * iaddr, int iaddrlen, unsigned short * iport,
int * proto, char * desc, int desclen,
char * rhost, int rhostlen, unsigned short * rport,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes)
{
int r = -1;
#if USE_INDEX_FROM_DESC_LIST && 0
r = get_redirect_desc_by_index(index, eport, proto,
desc, desclen, timestamp);
if (r==0)
{
r = get_redirect_rule(ifname, *eport, *proto, iaddr, iaddrlen, iport,
0, 0, packets, bytes);
}
#else
int i = 0;
IPTC_HANDLE h;
const struct ipt_entry * e;
const struct ipt_entry_target * target;
const struct ip_nat_multi_range * mr;
const struct ipt_entry_match *match;
UNUSED(ifname);
h = iptc_init("nat");
if(!h)
{
syslog(LOG_ERR, "get_peer_rule_by_index() : "
"iptc_init() failed : %s",
iptc_strerror(errno));
return -1;
}
if(!iptc_is_chain(miniupnpd_peer_chain, h))
{
syslog(LOG_ERR, "chain %s not found", miniupnpd_peer_chain);
}
else
{
#ifdef IPTABLES_143
for(e = iptc_first_rule(miniupnpd_peer_chain, h);
e;
e = iptc_next_rule(e, h))
#else
for(e = iptc_first_rule(miniupnpd_peer_chain, &h);
e;
e = iptc_next_rule(e, &h))
#endif
{
if(i==index)
{
*proto = e->ip.proto;
match = (const struct ipt_entry_match *)&e->elems;
if(0 == strncmp(match->u.user.name, "tcp", IPT_FUNCTION_MAXNAMELEN))
{
const struct ipt_tcp * info;
info = (const struct ipt_tcp *)match->data;
if (rport)
*rport = info->dpts[0];
if (iport)
*iport = info->spts[0];
}
else
{
const struct ipt_udp * info;
info = (const struct ipt_udp *)match->data;
if (rport)
*rport = info->dpts[0];
if (iport)
*iport = info->spts[0];
}
target = (void *)e + e->target_offset;
mr = (const struct ip_nat_multi_range *)&target->data[0];
*eport = ntohs(mr->range[0].min.all);
get_redirect_desc(*eport, *proto, desc, desclen, timestamp);
if(packets)
*packets = e->counters.pcnt;
if(bytes)
*bytes = e->counters.bcnt;
/* rhost */
if(rhost && rhostlen > 0) {
if(e->ip.dst.s_addr) {
snprintip(rhost, rhostlen, ntohl(e->ip.dst.s_addr));
} else {
rhost[0] = '\0';
}
}
if(iaddr && iaddrlen > 0) {
if(e->ip.src.s_addr) {
snprintip(iaddr, iaddrlen, ntohl(e->ip.src.s_addr));
} else {
rhost[0] = '\0';
}
}
r = 0;
break;
}
i++;
}
}
if(h)
#ifdef IPTABLES_143
iptc_free(h);
#else
iptc_free(&h);
#endif
#endif
return r;
}
