Blame - extensions/libipt_connbytes.c - fp2-dev/platform/external/iptables

blob: 6f97bcb0b4b280d997ed199d5fe62204d24848e3 [file] [log] [blame]

Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	1	/* Shared library add-on to iptables to add byte tracking support. */
				2	#include <stdio.h>
				3	#include <netdb.h>
				4	#include <string.h>
				5	#include <stdlib.h>
				6	#include <getopt.h>
				7	#include <iptables.h>
				8	#include <linux/netfilter_ipv4/ip_conntrack.h>
				9	#include <linux/netfilter_ipv4/ipt_connbytes.h>
				10
				11	/* Function which prints out usage message. */
				12	static void
				13	help(void)
				14	{
				15	printf(
				16	"connbytes v%s options:\n"
				17	" [!] --connbytes from:[to]\n"
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	18	" --connbytes-dir [original, reply, both]\n"
				19	" --connbytes-mode [packets, bytes, avgpkt]\n"
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	20	"\n", IPTABLES_VERSION);
				21	}
				22
				23	static struct option opts[] = {
				24	{ "connbytes", 1, 0, '1' },
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	25	{ "connbytes-dir", 1, 0, '2' },
				26	{ "connbytes-mode", 1, 0, '3' },
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	27	{0}
				28	};
				29
				30	/* Initialize the match. */
				31	static void
				32	init(struct ipt_entry_match m, unsigned int nfcache)
				33	{
				34	/* Can't cache this */
				35	*nfcache \|= NFC_UNKNOWN;
				36	}
				37
				38	static void
				39	parse_range(const char arg, struct ipt_connbytes_info si)
				40	{
				41	char colon,p;
				42
Martin Josefsson	1146088	2004-05-08 14:02:36 +0000	[diff] [blame]	43	si->from = strtoul(arg,&colon,10);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	44	if (*colon != ':')
				45	exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg);
Martin Josefsson	1146088	2004-05-08 14:02:36 +0000	[diff] [blame]	46	si->to = strtoul(colon+1,&p,10);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	47	if (p == colon+1) {
				48	/* second number omited */
				49	si->to = 0xffffffff;
				50	}
				51	if (si->from > si->to)
				52	exit_error(PARAMETER_PROBLEM, "%lu should be less than %lu", si->from,si->to);
				53	}
				54
				55	/* Function which parses command options; returns true if it
				56	ate an option */
				57	static int
				58	parse(int c, char *argv, int invert, unsigned int flags,
				59	const struct ipt_entry *entry,
				60	unsigned int *nfcache,
				61	struct ipt_entry_match **match)
				62	{
				63	struct ipt_connbytes_info sinfo = (struct ipt_connbytes_info )(*match)->data;
Martin Josefsson	1146088	2004-05-08 14:02:36 +0000	[diff] [blame]	64	unsigned long i;
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	65
				66	switch (c) {
				67	case '1':
				68	if (check_inverse(optarg, &invert, optind, 0))
				69	optind++;
				70
				71	parse_range(argv[optind-1], sinfo);
				72	if (invert) {
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	73	i = sinfo->count.from;
				74	sinfo->count.from = sinfo->to;
				75	sinfo->count.to = i;
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	76	}
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	77	*flags \|= 1;
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	78	break;
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	79	case '2':
				80	if (!strcmp(optarg, "original"))
				81	sinfo->direction = IPT_CONNBYTES_DIR_ORIGINAL;
				82	else if (!strcmp(optarg, "reply"))
				83	sinfo->direction = IPT_CONNBYTES_DIR_REPLY;
				84	else if (!strcmp(optarg, "both"))
				85	sinfo->direction = IPT_CONNBYTES_DIR_BOTH;
				86	else
				87	exit_error(PARAMETER_PROBLEM,
				88	"Unknown --connbytes-dir `%s'", optarg);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	89
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	90	*flags \|= 2;
				91	break;
				92	case '3':
				93	if (!stcmp(optarg, "packets"))
				94	sinfo->what = IPT_CONNBYTES_WHAT_PKTS;
				95	else if (!strcmp(optarg, "bytes"))
				96	sinfo->what = IPT_CONNBYTES_WHAT_BYTES;
				97	else if (!strcmp(optarg, "avgpkt"))
				98	sinfo->what = IPT_CONNBYTES_WHAT_AVGPKT;
				99	else
				100	exit_error(PARAMETER_PROBLEM,
				101	"Unknown --connbytes-mode `%s'", optarg);
				102	*flags \|= 4;
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	103	default:
				104	return 0;
				105	}
				106
				107	return 1;
				108	}
				109
				110	static void final_check(unsigned int flags)
				111	{
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	112	if (flags != 7)
				113	exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
				114	"`--connbytes-direction' and `--connbytes-mode'");
				115	}
				116
				117	static void print_mode(struct ipt_connbytes_info *sinfo)
				118	{
				119	switch (sinfo->what) {
				120	case IPT_CONNBYTES_WHAT_PKTS:
				121	fputs("packets ", stdout);
				122	break;
				123	case IPT_CONNBYTES_WHAT_BYTES:
				124	fputs("bytes ", stdout);
				125	break;
				126	case IPT_CONNBYTES_WHAT_AVGPKT:
				127	fputs("avgpkt ", stdout);
				128	break;
				129	case default:
				130	fputs("unknown ", stdout);
				131	}
				132	}
				133
				134	static void print_direction(struct ipt_connbytes_info *sinfo)
				135	{
				136	switch (sinfo->direction) {
				137	case IPT_CONNBYTES_DIR_ORIGINAL:
				138	fputs("original ");
				139	break;
				140	case IPT_CONNBYTES_DIR_REPLY:
				141	fputs("reply ");
				142	break;
				143	case IPT_CONNBYTES_DIR_BOTH:
				144	fputs("both ");
				145	break;
				146	}
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	147	}
				148
				149	/* Prints out the matchinfo. */
				150	static void
				151	print(const struct ipt_ip *ip,
				152	const struct ipt_entry_match *match,
				153	int numeric)
				154	{
				155	struct ipt_connbytes_info sinfo = (struct ipt_connbytes_info )match->data;
				156
				157	if (sinfo->from > sinfo->to)
Youza Youzovic	161b35f	2004-08-24 18:59:05 +0000	[diff] [blame]	158	printf("connbytes ! %lu:%lu ",sinfo->to,sinfo->from);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	159	else
Youza Youzovic	161b35f	2004-08-24 18:59:05 +0000	[diff] [blame]	160	printf("connbytes %lu:%lu ",sinfo->from,sinfo->to);
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	161
				162	fputs("connbytes mode ", stdout);
				163	print_mode(sinfo);
				164
				165	fputs("connbytes direction ", stdout);
				166	print_direction(sinfo);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	167	}
				168
				169	/* Saves the matchinfo in parsable form to stdout. */
				170	static void save(const struct ipt_ip ip, const struct ipt_entry_match match)
				171	{
				172	struct ipt_connbytes_info sinfo = (struct ipt_connbytes_info )match->data;
				173
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	174	if (sinfo->count.from > sinfo->count.to)
				175	printf("! --connbytes %lu:%lu ", sinfo->count.to,
				176	sinfo->count.from);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	177	else
Harald Welte	93f4a3d	2004-11-18 22:50:01 +0000	[diff] [blame^]	178	printf("--connbytes %lu:%lu ", sinfo->count.from,
				179	sinfo->count.to);
				180
				181	fputs("--connbytes-mode ", stdout);
				182	print_mode(sinfo);
				183
				184	fputs("--connbytes-direction ", stdout);
				185	print_direction(sinfo);
Martin Devera	766113a	2003-06-19 12:23:37 +0000	[diff] [blame]	186	}
				187
				188	static
				189	struct iptables_match state
				190	= { NULL,
				191	"connbytes",
				192	IPTABLES_VERSION,
				193	IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
				194	IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
				195	&help,
				196	&init,
				197	&parse,
				198	&final_check,
				199	&print,
				200	&save,
				201	opts
				202	};
				203
				204	void _init(void)
				205	{
				206	register_match(&state);
				207	}