| Arturo Borrero | bdc6686 | 2015-03-03 19:48:13 +0100 | [diff] [blame] | 1 | /* ebt_nflog |
| 2 | * |
| 3 | * Authors: |
| 4 | * Peter Warasin <peter@endian.com> |
| 5 | * |
| 6 | * February, 2008 |
| 7 | * |
| 8 | * Based on: |
| 9 | * ebt_ulog.c, (C) 2004, Bart De Schuymer <bdschuym@pandora.be> |
| 10 | * libxt_NFLOG.c |
| 11 | * |
| 12 | * Adapted to libxtables for ebtables-compat in 2015 by |
| Arturo Borrero Gonzalez | 4bf10c6 | 2016-10-18 14:12:57 +0200 | [diff] [blame] | 13 | * Arturo Borrero Gonzalez <arturo@debian.org> |
| Arturo Borrero | bdc6686 | 2015-03-03 19:48:13 +0100 | [diff] [blame] | 14 | */ |
| 15 | |
| 16 | #include <stdio.h> |
| 17 | #include <stdlib.h> |
| 18 | #include <string.h> |
| 19 | #include <getopt.h> |
| 20 | #include <xtables.h> |
| 21 | #include "iptables/nft.h" |
| 22 | #include "iptables/nft-bridge.h" |
| 23 | #include <linux/netfilter_bridge/ebt_nflog.h> |
| 24 | |
| 25 | enum { |
| 26 | NFLOG_GROUP = 0x1, |
| 27 | NFLOG_PREFIX = 0x2, |
| 28 | NFLOG_RANGE = 0x4, |
| 29 | NFLOG_THRESHOLD = 0x8, |
| 30 | NFLOG_NFLOG = 0x16, |
| 31 | }; |
| 32 | |
| 33 | static struct option brnflog_opts[] = { |
| 34 | { .name = "nflog-group", .has_arg = true, .val = NFLOG_GROUP}, |
| 35 | { .name = "nflog-prefix", .has_arg = true, .val = NFLOG_PREFIX}, |
| 36 | { .name = "nflog-range", .has_arg = true, .val = NFLOG_RANGE}, |
| 37 | { .name = "nflog-threshold", .has_arg = true, .val = NFLOG_THRESHOLD}, |
| 38 | { .name = "nflog", .has_arg = false, .val = NFLOG_NFLOG}, |
| 39 | XT_GETOPT_TABLEEND, |
| 40 | }; |
| 41 | |
| 42 | static void brnflog_help(void) |
| 43 | { |
| 44 | printf("nflog options:\n" |
| 45 | "--nflog : use the default nflog parameters\n" |
| 46 | "--nflog-prefix prefix : Prefix string for log message\n" |
| 47 | "--nflog-group group : NETLINK group used for logging\n" |
| 48 | "--nflog-range range : Number of byte to copy\n" |
| 49 | "--nflog-threshold : Message threshold of" |
| 50 | "in-kernel queue\n"); |
| 51 | } |
| 52 | |
| 53 | static void brnflog_init(struct xt_entry_target *t) |
| 54 | { |
| 55 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)t->data; |
| 56 | |
| 57 | info->prefix[0] = '\0'; |
| 58 | info->group = EBT_NFLOG_DEFAULT_GROUP; |
| 59 | info->threshold = EBT_NFLOG_DEFAULT_THRESHOLD; |
| 60 | } |
| 61 | |
| 62 | static int brnflog_parse(int c, char **argv, int invert, unsigned int *flags, |
| 63 | const void *entry, struct xt_entry_target **target) |
| 64 | { |
| 65 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)(*target)->data; |
| 66 | unsigned int i; |
| 67 | |
| 68 | if (invert) |
| 69 | xtables_error(PARAMETER_PROBLEM, |
| 70 | "The use of '!' makes no sense for the" |
| 71 | " nflog watcher"); |
| 72 | |
| 73 | switch (c) { |
| 74 | case NFLOG_PREFIX: |
| 75 | EBT_CHECK_OPTION(flags, NFLOG_PREFIX); |
| 76 | if (strlen(optarg) > EBT_NFLOG_PREFIX_SIZE - 1) |
| 77 | xtables_error(PARAMETER_PROBLEM, |
| 78 | "Prefix too long for nflog-prefix"); |
| 79 | strncpy(info->prefix, optarg, EBT_NFLOG_PREFIX_SIZE); |
| 80 | break; |
| 81 | case NFLOG_GROUP: |
| 82 | EBT_CHECK_OPTION(flags, NFLOG_GROUP); |
| 83 | if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX)) |
| 84 | xtables_error(PARAMETER_PROBLEM, |
| 85 | "--nflog-group must be a number!"); |
| 86 | info->group = i; |
| 87 | break; |
| 88 | case NFLOG_RANGE: |
| 89 | EBT_CHECK_OPTION(flags, NFLOG_RANGE); |
| 90 | if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX)) |
| 91 | xtables_error(PARAMETER_PROBLEM, |
| 92 | "--nflog-range must be a number!"); |
| 93 | info->len = i; |
| 94 | break; |
| 95 | case NFLOG_THRESHOLD: |
| 96 | EBT_CHECK_OPTION(flags, NFLOG_THRESHOLD); |
| 97 | if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX)) |
| 98 | xtables_error(PARAMETER_PROBLEM, |
| 99 | "--nflog-threshold must be a number!"); |
| 100 | info->threshold = i; |
| 101 | break; |
| 102 | case NFLOG_NFLOG: |
| 103 | EBT_CHECK_OPTION(flags, NFLOG_NFLOG); |
| 104 | break; |
| 105 | default: |
| 106 | return 0; |
| 107 | } |
| 108 | return 1; |
| 109 | } |
| 110 | |
| 111 | static void |
| 112 | brnflog_print(const void *ip, const struct xt_entry_target *target, |
| 113 | int numeric) |
| 114 | { |
| 115 | struct ebt_nflog_info *info = (struct ebt_nflog_info *)target->data; |
| 116 | |
| 117 | if (info->prefix[0] != '\0') |
| 118 | printf("--nflog-prefix \"%s\" ", info->prefix); |
| 119 | if (info->group) |
| 120 | printf("--nflog-group %d ", info->group); |
| 121 | if (info->len) |
| 122 | printf("--nflog-range %d ", info->len); |
| 123 | if (info->threshold != EBT_NFLOG_DEFAULT_THRESHOLD) |
| 124 | printf("--nflog-threshold %d ", info->threshold); |
| 125 | } |
| 126 | |
| 127 | static struct xtables_target brnflog_watcher = { |
| 128 | .name = "nflog", |
| 129 | .revision = 0, |
| 130 | .version = XTABLES_VERSION, |
| 131 | .family = NFPROTO_BRIDGE, |
| 132 | .size = XT_ALIGN(sizeof(struct ebt_nflog_info)), |
| 133 | .userspacesize = XT_ALIGN(sizeof(struct ebt_nflog_info)), |
| 134 | .init = brnflog_init, |
| 135 | .help = brnflog_help, |
| 136 | .parse = brnflog_parse, |
| 137 | .print = brnflog_print, |
| 138 | .extra_opts = brnflog_opts, |
| 139 | }; |
| 140 | |
| 141 | void _init(void) |
| 142 | { |
| 143 | xtables_register_target(&brnflog_watcher); |
| 144 | } |