Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / iptables / ae65b529140b07daae87ecffe267ea2fbb395c0c / . / extensions / libipt_connbytes.c
blob: 6c3caa3ef171d7284257c733b954e4a11c276323 [file] [log] [blame]
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]1/* Shared library add-on to iptables to add byte tracking support. */
2#include <stdio.h>
3#include <netdb.h>
4#include <string.h>
5#include <stdlib.h>
6#include <getopt.h>
7#include <iptables.h>
8#include <linux/netfilter_ipv4/ip_conntrack.h>
9#include <linux/netfilter_ipv4/ipt_connbytes.h>
10
11/* Function which prints out usage message. */
12static void
13help(void)
14{
15 printf(
16"connbytes v%s options:\n"
17" [!] --connbytes from:[to]\n"
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]18" --connbytes-dir [original, reply, both]\n"
19" --connbytes-mode [packets, bytes, avgpkt]\n"
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]20"\n", IPTABLES_VERSION);
21}
22
23static struct option opts[] = {
24 { "connbytes", 1, 0, '1' },
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]25 { "connbytes-dir", 1, 0, '2' },
26 { "connbytes-mode", 1, 0, '3' },
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]27 {0}
28};
29
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]30static void
31parse_range(const char *arg, struct ipt_connbytes_info *si)
32{
33 char *colon,*p;
34
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]35 si->count.from = strtoul(arg,&colon,10);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]36 if (*colon != ':')
37 exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg);
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]38 si->count.to = strtoul(colon+1,&p,10);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]39 if (p == colon+1) {
40 /* second number omited */
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]41 si->count.to = 0xffffffff;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]42 }
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]43 if (si->count.from > si->count.to)
44 exit_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
45 si->count.from, si->count.to);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]46}
47
48/* Function which parses command options; returns true if it
49 ate an option */
50static int
51parse(int c, char **argv, int invert, unsigned int *flags,
52 const struct ipt_entry *entry,
53 unsigned int *nfcache,
54 struct ipt_entry_match **match)
55{
56 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)(*match)->data;
Martin Josefsson11460882004-05-08 14:02:36 +0000[diff] [blame]57 unsigned long i;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]58
59 switch (c) {
60 case '1':
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]61 if (check_inverse(optarg, &invert, &optind, 0))
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]62 optind++;
63
64 parse_range(argv[optind-1], sinfo);
65 if (invert) {
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]66 i = sinfo->count.from;
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]67 sinfo->count.from = sinfo->count.to;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]68 sinfo->count.to = i;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]69 }
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]70 *flags |= 1;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]71 break;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]72 case '2':
73 if (!strcmp(optarg, "original"))
74 sinfo->direction = IPT_CONNBYTES_DIR_ORIGINAL;
75 else if (!strcmp(optarg, "reply"))
76 sinfo->direction = IPT_CONNBYTES_DIR_REPLY;
77 else if (!strcmp(optarg, "both"))
78 sinfo->direction = IPT_CONNBYTES_DIR_BOTH;
79 else
80 exit_error(PARAMETER_PROBLEM,
81 "Unknown --connbytes-dir `%s'", optarg);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]82
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]83 *flags |= 2;
84 break;
85 case '3':
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]86 if (!strcmp(optarg, "packets"))
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]87 sinfo->what = IPT_CONNBYTES_PKTS;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]88 else if (!strcmp(optarg, "bytes"))
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]89 sinfo->what = IPT_CONNBYTES_BYTES;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]90 else if (!strcmp(optarg, "avgpkt"))
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]91 sinfo->what = IPT_CONNBYTES_AVGPKT;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]92 else
93 exit_error(PARAMETER_PROBLEM,
94 "Unknown --connbytes-mode `%s'", optarg);
95 *flags |= 4;
Piotrek Kaczmarek1c0f2362005-04-24 16:19:51 +0000[diff] [blame]96 break;
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]97 default:
98 return 0;
99 }
100
101 return 1;
102}
103
104static void final_check(unsigned int flags)
105{
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]106 if (flags != 7)
107 exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'"
108 "`--connbytes-direction' and `--connbytes-mode'");
109}
110
111static void print_mode(struct ipt_connbytes_info *sinfo)
112{
113 switch (sinfo->what) {
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]114 case IPT_CONNBYTES_PKTS:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]115 fputs("packets ", stdout);
116 break;
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]117 case IPT_CONNBYTES_BYTES:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]118 fputs("bytes ", stdout);
119 break;
Martin Josefssonae65b522005-09-11 17:26:43 +0000[diff] [blame^]120 case IPT_CONNBYTES_AVGPKT:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]121 fputs("avgpkt ", stdout);
122 break;
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]123 default:
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]124 fputs("unknown ", stdout);
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]125 break;
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]126 }
127}
128
129static void print_direction(struct ipt_connbytes_info *sinfo)
130{
131 switch (sinfo->direction) {
132 case IPT_CONNBYTES_DIR_ORIGINAL:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]133 fputs("original ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]134 break;
135 case IPT_CONNBYTES_DIR_REPLY:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]136 fputs("reply ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]137 break;
138 case IPT_CONNBYTES_DIR_BOTH:
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]139 fputs("both ", stdout);
140 break;
141 default:
142 fputs("unknown ", stdout);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]143 break;
144 }
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]145}
146
147/* Prints out the matchinfo. */
148static void
149print(const struct ipt_ip *ip,
150 const struct ipt_entry_match *match,
151 int numeric)
152{
153 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
154
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]155 if (sinfo->count.from > sinfo->count.to)
156 printf("connbytes ! %llu:%llu ", sinfo->count.to,
157 sinfo->count.from);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]158 else
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]159 printf("connbytes %llu:%llu ",sinfo->count.from,
160 sinfo->count.to);
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]161
162 fputs("connbytes mode ", stdout);
163 print_mode(sinfo);
164
165 fputs("connbytes direction ", stdout);
166 print_direction(sinfo);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]167}
168
169/* Saves the matchinfo in parsable form to stdout. */
170static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
171{
172 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
173
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]174 if (sinfo->count.from > sinfo->count.to)
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]175 printf("! --connbytes %llu:%llu ", sinfo->count.to,
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]176 sinfo->count.from);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]177 else
Harald Welte7dc57e22004-11-18 22:59:36 +0000[diff] [blame]178 printf("--connbytes %llu:%llu ", sinfo->count.from,
Harald Welte93f4a3d2004-11-18 22:50:01 +0000[diff] [blame]179 sinfo->count.to);
180
181 fputs("--connbytes-mode ", stdout);
182 print_mode(sinfo);
183
184 fputs("--connbytes-direction ", stdout);
185 print_direction(sinfo);
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]186}
187
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]188static struct iptables_match state = {
189 .next = NULL,
190 .name = "connbytes",
191 .version = IPTABLES_VERSION,
192 .size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
193 .userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
194 .help = &help,
Pablo Neira8caee8b2004-12-28 13:11:59 +0000[diff] [blame]195 .parse = &parse,
196 .final_check = &final_check,
197 .print = &print,
198 .save = &save,
199 .extra_opts = opts
Martin Devera766113a2003-06-19 12:23:37 +0000[diff] [blame]200};
201
202void _init(void)
203{
204 register_match(&state);
205}