Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 73866357e4a7a0fdc1b293bf8863fee2bd56da9e / . / extensions / libxt_recent.c
blob: e4a7f4d4b6bb07b923cb7d48269ee6b158811d2f [file] [log] [blame]
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]1/* Shared library add-on to iptables to add recent matching support. */
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]2#include <stdbool.h>
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]3#include <stdio.h>
4#include <netdb.h>
5#include <string.h>
6#include <stdlib.h>
7#include <getopt.h>
8
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]9#include <xtables.h>
10#include <linux/netfilter/xt_recent.h>
Harald Welte122e7c02003-03-30 20:26:42 +0000[diff] [blame]11
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]12static const struct option recent_opts[] = {
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]13 {.name = "set", .has_arg = false, .val = 201},
14 {.name = "rcheck", .has_arg = false, .val = 202},
15 {.name = "update", .has_arg = false, .val = 203},
16 {.name = "seconds", .has_arg = true, .val = 204},
17 {.name = "hitcount", .has_arg = true, .val = 205},
18 {.name = "remove", .has_arg = false, .val = 206},
19 {.name = "rttl", .has_arg = false, .val = 207},
20 {.name = "name", .has_arg = true, .val = 208},
21 {.name = "rsource", .has_arg = false, .val = 209},
22 {.name = "rdest", .has_arg = false, .val = 210},
23 XT_GETOPT_TABLEEND,
Stephen Frost27e1fa82003-04-14 13:33:15 +0000[diff] [blame]24};
25
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]26static void recent_help(void)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]27{
28 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]29"recent match options:\n"
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]30"[!] --set Add source address to list, always matches.\n"
31"[!] --rcheck Match if source address in list.\n"
32"[!] --update Match if source address in list, also update last-seen time.\n"
33"[!] --remove Match if source address in list, also removes that address from list.\n"
34" --seconds seconds For check and update commands above.\n"
35" Specifies that the match will only occur if source address last seen within\n"
36" the last 'seconds' seconds.\n"
37" --hitcount hits For check and update commands above.\n"
38" Specifies that the match will only occur if source address seen hits times.\n"
Fabrice MARIEae31bb62002-06-14 07:38:16 +0000[diff] [blame]39" May be used in conjunction with the seconds option.\n"
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]40" --rttl For check and update commands above.\n"
41" Specifies that the match will only occur if the source address and the TTL\n"
42" match between this packet and the one which was set.\n"
43" Useful if you have problems with people spoofing their source address in order\n"
44" to DoS you via this module.\n"
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]45" --name name Name of the recent list to be used. DEFAULT used if none given.\n"
Stephen Frost27e1fa82003-04-14 13:33:15 +0000[diff] [blame]46" --rsource Match/Save the source address of each packet in the recent list table (default).\n"
47" --rdest Match/Save the destination address of each packet in the recent list table.\n"
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]48"xt_recent by: Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]49}
Jan Engelhardtddac6c52008-09-01 14:22:19 +0200[diff] [blame]50
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]51static void recent_init(struct xt_entry_match *match)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]52{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]53 struct xt_recent_mtinfo *info = (void *)(match)->data;
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]54
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]55 strncpy(info->name,"DEFAULT", XT_RECENT_NAME_LEN);
56 /* even though XT_RECENT_NAME_LEN is currently defined as 200,
Karsten Desler073df8f2004-01-31 15:33:55 +0000[diff] [blame]57 * better be safe, than sorry */
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]58 info->name[XT_RECENT_NAME_LEN-1] = '\0';
59 info->side = XT_RECENT_SOURCE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]60}
61
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]62#define RECENT_CMDS \
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]63 (XT_RECENT_SET | XT_RECENT_CHECK | \
64 XT_RECENT_UPDATE | XT_RECENT_REMOVE)
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]65
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]66static int recent_parse(int c, char **argv, int invert, unsigned int *flags,
67 const void *entry, struct xt_entry_match **match)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]68{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]69 struct xt_recent_mtinfo *info = (void *)(*match)->data;
70
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]71 switch (c) {
72 case 201:
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]73 if (*flags & RECENT_CMDS)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]74 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]75 "recent: only one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]76 "`--update' or `--remove' may be set");
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame]77 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]78 info->check_set |= XT_RECENT_SET;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]79 if (invert) info->invert = 1;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]80 *flags |= XT_RECENT_SET;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]81 break;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]82
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]83 case 202:
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]84 if (*flags & RECENT_CMDS)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]85 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]86 "recent: only one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]87 "`--update' or `--remove' may be set");
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame]88 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]89 info->check_set |= XT_RECENT_CHECK;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]90 if(invert) info->invert = 1;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]91 *flags |= XT_RECENT_CHECK;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]92 break;
93
94 case 203:
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]95 if (*flags & RECENT_CMDS)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]96 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]97 "recent: only one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]98 "`--update' or `--remove' may be set");
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame]99 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]100 info->check_set |= XT_RECENT_UPDATE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]101 if (invert) info->invert = 1;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]102 *flags |= XT_RECENT_UPDATE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]103 break;
104
Jan Engelhardt6ce22ff2010-01-19 18:13:23 +0100[diff] [blame]105 case 204:
106 info->seconds = atoi(optarg);
107 break;
108
109 case 205:
110 info->hit_count = atoi(optarg);
111 break;
112
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]113 case 206:
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]114 if (*flags & RECENT_CMDS)
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]115 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]116 "recent: only one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]117 "`--update' or `--remove' may be set");
Jan Engelhardtbf971282009-11-03 19:55:11 +0100[diff] [blame]118 xtables_check_inverse(optarg, &invert, &optind, 0, argv);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]119 info->check_set |= XT_RECENT_REMOVE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]120 if (invert) info->invert = 1;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]121 *flags |= XT_RECENT_REMOVE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]122 break;
123
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]124 case 207:
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]125 info->check_set |= XT_RECENT_TTL;
126 *flags |= XT_RECENT_TTL;
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]127 break;
128
129 case 208:
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]130 strncpy(info->name,optarg, XT_RECENT_NAME_LEN);
131 info->name[XT_RECENT_NAME_LEN-1] = '\0';
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]132 break;
133
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]134 case 209:
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]135 info->side = XT_RECENT_SOURCE;
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]136 break;
137
138 case 210:
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]139 info->side = XT_RECENT_DEST;
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]140 break;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]141 }
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]142
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]143 return 1;
144}
145
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]146static void recent_check(unsigned int flags)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]147{
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]148 if (!(flags & RECENT_CMDS))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]149 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]150 "recent: you must specify one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]151 "`--update' or `--remove'");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]152 if ((flags & XT_RECENT_TTL) &&
153 (flags & (XT_RECENT_SET | XT_RECENT_REMOVE)))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]154 xtables_error(PARAMETER_PROBLEM,
Jan Engelhardt3c5d15c2008-08-04 12:52:27 +0200[diff] [blame]155 "recent: --rttl may only be used with --rcheck or "
156 "--update");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]157}
158
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]159static void recent_print(const void *ip, const struct xt_entry_match *match,
160 int numeric)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]161{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]162 const struct xt_recent_mtinfo *info = (const void *)match->data;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]163
Sven Strickroth0c1b7762003-06-01 10:11:43 +0000[diff] [blame]164 if (info->invert)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]165 printf(" !");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]166
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]167 printf(" recent:");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]168 if (info->check_set & XT_RECENT_SET)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]169 printf(" SET");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]170 if (info->check_set & XT_RECENT_CHECK)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]171 printf(" CHECK");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]172 if (info->check_set & XT_RECENT_UPDATE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]173 printf(" UPDATE");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]174 if (info->check_set & XT_RECENT_REMOVE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]175 printf(" REMOVE");
176 if(info->seconds) printf(" seconds: %d", info->seconds);
177 if(info->hit_count) printf(" hit_count: %d", info->hit_count);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]178 if (info->check_set & XT_RECENT_TTL)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]179 printf(" TTL-Match");
180 if(info->name) printf(" name: %s", info->name);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]181 if (info->side == XT_RECENT_SOURCE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]182 printf(" side: source");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]183 if (info->side == XT_RECENT_DEST)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]184 printf(" side: dest");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]185}
186
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]187static void recent_save(const void *ip, const struct xt_entry_match *match)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]188{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]189 const struct xt_recent_mtinfo *info = (const void *)match->data;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]190
Sven Strickroth0c1b7762003-06-01 10:11:43 +0000[diff] [blame]191 if (info->invert)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]192 printf(" !");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]193
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]194 if (info->check_set & XT_RECENT_SET)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]195 printf(" --set");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]196 if (info->check_set & XT_RECENT_CHECK)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]197 printf(" --rcheck");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]198 if (info->check_set & XT_RECENT_UPDATE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]199 printf(" --update");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]200 if (info->check_set & XT_RECENT_REMOVE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]201 printf(" --remove");
202 if(info->seconds) printf(" --seconds %d", info->seconds);
203 if(info->hit_count) printf(" --hitcount %d", info->hit_count);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]204 if (info->check_set & XT_RECENT_TTL)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]205 printf(" --rttl");
206 if(info->name) printf(" --name %s",info->name);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]207 if (info->side == XT_RECENT_SOURCE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]208 printf(" --rsource");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]209 if (info->side == XT_RECENT_DEST)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame^]210 printf(" --rdest");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]211}
212
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]213static struct xtables_match recent_mt_reg = {
Stephen Frost27e1fa82003-04-14 13:33:15 +0000[diff] [blame]214 .name = "recent",
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]215 .version = XTABLES_VERSION,
Jan Engelhardtc5e85732009-06-12 20:55:44 +0200[diff] [blame]216 .family = NFPROTO_UNSPEC,
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]217 .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
218 .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]219 .help = recent_help,
220 .init = recent_init,
221 .parse = recent_parse,
222 .final_check = recent_check,
223 .print = recent_print,
224 .save = recent_save,
225 .extra_opts = recent_opts,
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]226};
227
228void _init(void)
229{
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]230 xtables_register_match(&recent_mt_reg);
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]231}