Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / d7282413763b0ba85d512c1cd49174b762ff449c / . / extensions / libxt_recent.c
blob: 1e1a111f11fb496f2721e24b375099b6d228cf89 [file] [log] [blame]
Jan Engelhardt32b8e612010-07-23 21:16:14 +0200[diff] [blame]1#include <stdbool.h>
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]2#include <stdio.h>
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]3#include <string.h>
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]4#include <xtables.h>
5#include <linux/netfilter/xt_recent.h>
Harald Welte122e7c02003-03-30 20:26:42 +0000[diff] [blame]6
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]7enum {
8 O_SET = 0,
9 O_RCHECK,
10 O_UPDATE,
11 O_REMOVE,
12 O_SECONDS,
13 O_HITCOUNT,
14 O_RTTL,
15 O_NAME,
16 O_RSOURCE,
17 O_RDEST,
18 F_SET = 1 << O_SET,
19 F_RCHECK = 1 << O_RCHECK,
20 F_UPDATE = 1 << O_UPDATE,
21 F_REMOVE = 1 << O_REMOVE,
22 F_ANY_OP = F_SET | F_RCHECK | F_UPDATE | F_REMOVE,
Stephen Frost27e1fa82003-04-14 13:33:15 +0000[diff] [blame]23};
24
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]25#define s struct xt_recent_mtinfo
26static const struct xt_option_entry recent_opts[] = {
27 {.name = "set", .id = O_SET, .type = XTTYPE_NONE,
28 .excl = F_ANY_OP, .flags = XTOPT_INVERT},
29 {.name = "rcheck", .id = O_RCHECK, .type = XTTYPE_NONE,
30 .excl = F_ANY_OP, .flags = XTOPT_INVERT},
31 {.name = "update", .id = O_UPDATE, .type = XTTYPE_NONE,
32 .excl = F_ANY_OP, .flags = XTOPT_INVERT},
33 {.name = "remove", .id = O_REMOVE, .type = XTTYPE_NONE,
34 .excl = F_ANY_OP, .flags = XTOPT_INVERT},
35 {.name = "seconds", .id = O_SECONDS, .type = XTTYPE_UINT32,
36 .flags = XTOPT_PUT, XTOPT_POINTER(s, seconds)},
37 {.name = "hitcount", .id = O_HITCOUNT, .type = XTTYPE_UINT32,
38 .flags = XTOPT_PUT, XTOPT_POINTER(s, hit_count)},
39 {.name = "rttl", .id = O_RTTL, .type = XTTYPE_NONE,
40 .excl = F_SET | F_REMOVE},
41 {.name = "name", .id = O_NAME, .type = XTTYPE_STRING,
42 .flags = XTOPT_PUT, XTOPT_POINTER(s, name)},
43 {.name = "rsource", .id = O_RSOURCE, .type = XTTYPE_NONE},
44 {.name = "rdest", .id = O_RDEST, .type = XTTYPE_NONE},
45 XTOPT_TABLEEND,
46};
47#undef s
48
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]49static void recent_help(void)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]50{
51 printf(
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]52"recent match options:\n"
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]53"[!] --set Add source address to list, always matches.\n"
54"[!] --rcheck Match if source address in list.\n"
55"[!] --update Match if source address in list, also update last-seen time.\n"
56"[!] --remove Match if source address in list, also removes that address from list.\n"
57" --seconds seconds For check and update commands above.\n"
58" Specifies that the match will only occur if source address last seen within\n"
59" the last 'seconds' seconds.\n"
60" --hitcount hits For check and update commands above.\n"
61" Specifies that the match will only occur if source address seen hits times.\n"
Fabrice MARIEae31bb62002-06-14 07:38:16 +0000[diff] [blame]62" May be used in conjunction with the seconds option.\n"
Stephen Frost4fce44c2002-02-04 11:58:22 +0000[diff] [blame]63" --rttl For check and update commands above.\n"
64" Specifies that the match will only occur if the source address and the TTL\n"
65" match between this packet and the one which was set.\n"
66" Useful if you have problems with people spoofing their source address in order\n"
67" to DoS you via this module.\n"
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]68" --name name Name of the recent list to be used. DEFAULT used if none given.\n"
Stephen Frost27e1fa82003-04-14 13:33:15 +0000[diff] [blame]69" --rsource Match/Save the source address of each packet in the recent list table (default).\n"
70" --rdest Match/Save the destination address of each packet in the recent list table.\n"
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]71"xt_recent by: Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/\n");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]72}
Jan Engelhardtddac6c52008-09-01 14:22:19 +0200[diff] [blame]73
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]74static void recent_init(struct xt_entry_match *match)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]75{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]76 struct xt_recent_mtinfo *info = (void *)(match)->data;
Stephen Frost7fdbc952002-06-21 17:26:33 +0000[diff] [blame]77
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]78 strncpy(info->name,"DEFAULT", XT_RECENT_NAME_LEN);
79 /* even though XT_RECENT_NAME_LEN is currently defined as 200,
Karsten Desler073df8f2004-01-31 15:33:55 +0000[diff] [blame]80 * better be safe, than sorry */
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]81 info->name[XT_RECENT_NAME_LEN-1] = '\0';
82 info->side = XT_RECENT_SOURCE;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]83}
84
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]85static void recent_parse(struct xt_option_call *cb)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]86{
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]87 struct xt_recent_mtinfo *info = cb->data;
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]88
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]89 xtables_option_parse(cb);
90 switch (cb->entry->id) {
91 case O_SET:
92 info->check_set |= XT_RECENT_SET;
93 if (cb->invert)
94 info->invert = true;
95 break;
96 case O_RCHECK:
97 info->check_set |= XT_RECENT_CHECK;
98 if (cb->invert)
99 info->invert = true;
100 break;
101 case O_UPDATE:
102 info->check_set |= XT_RECENT_UPDATE;
103 if (cb->invert)
104 info->invert = true;
105 break;
106 case O_REMOVE:
107 info->check_set |= XT_RECENT_REMOVE;
108 if (cb->invert)
109 info->invert = true;
110 break;
111 case O_RTTL:
112 info->check_set |= XT_RECENT_TTL;
113 break;
114 case O_RSOURCE:
115 info->side = XT_RECENT_SOURCE;
116 break;
117 case O_RDEST:
118 info->side = XT_RECENT_DEST;
119 break;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]120 }
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]121}
122
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]123static void recent_check(struct xt_fcheck_call *cb)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]124{
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]125 if (!(cb->xflags & F_ANY_OP))
Jan Engelhardt1829ed42009-02-21 03:29:44 +0100[diff] [blame]126 xtables_error(PARAMETER_PROBLEM,
Stephen Frostd5903952003-03-03 07:24:27 +0000[diff] [blame]127 "recent: you must specify one of `--set', `--rcheck' "
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]128 "`--update' or `--remove'");
129}
130
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]131static void recent_print(const void *ip, const struct xt_entry_match *match,
132 int numeric)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]133{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]134 const struct xt_recent_mtinfo *info = (const void *)match->data;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]135
Sven Strickroth0c1b7762003-06-01 10:11:43 +0000[diff] [blame]136 if (info->invert)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]137 printf(" !");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]138
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]139 printf(" recent:");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]140 if (info->check_set & XT_RECENT_SET)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]141 printf(" SET");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]142 if (info->check_set & XT_RECENT_CHECK)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]143 printf(" CHECK");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]144 if (info->check_set & XT_RECENT_UPDATE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]145 printf(" UPDATE");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]146 if (info->check_set & XT_RECENT_REMOVE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]147 printf(" REMOVE");
148 if(info->seconds) printf(" seconds: %d", info->seconds);
149 if(info->hit_count) printf(" hit_count: %d", info->hit_count);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]150 if (info->check_set & XT_RECENT_TTL)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]151 printf(" TTL-Match");
152 if(info->name) printf(" name: %s", info->name);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]153 if (info->side == XT_RECENT_SOURCE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]154 printf(" side: source");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]155 if (info->side == XT_RECENT_DEST)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]156 printf(" side: dest");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]157}
158
Jan Engelhardt59d16402007-10-04 16:28:39 +0000[diff] [blame]159static void recent_save(const void *ip, const struct xt_entry_match *match)
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]160{
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]161 const struct xt_recent_mtinfo *info = (const void *)match->data;
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]162
Sven Strickroth0c1b7762003-06-01 10:11:43 +0000[diff] [blame]163 if (info->invert)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]164 printf(" !");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]165
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]166 if (info->check_set & XT_RECENT_SET)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]167 printf(" --set");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]168 if (info->check_set & XT_RECENT_CHECK)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]169 printf(" --rcheck");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]170 if (info->check_set & XT_RECENT_UPDATE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]171 printf(" --update");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]172 if (info->check_set & XT_RECENT_REMOVE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]173 printf(" --remove");
174 if(info->seconds) printf(" --seconds %d", info->seconds);
175 if(info->hit_count) printf(" --hitcount %d", info->hit_count);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]176 if (info->check_set & XT_RECENT_TTL)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]177 printf(" --rttl");
178 if(info->name) printf(" --name %s",info->name);
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]179 if (info->side == XT_RECENT_SOURCE)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]180 printf(" --rsource");
Jan Engelhardtaf1660f2008-10-22 18:53:39 +0200[diff] [blame]181 if (info->side == XT_RECENT_DEST)
Jan Engelhardt73866352010-12-18 02:04:59 +0100[diff] [blame]182 printf(" --rdest");
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]183}
184
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]185static struct xtables_match recent_mt_reg = {
Jan Engelhardte1df2212011-02-15 12:02:51 +0100[diff] [blame]186 .name = "recent",
187 .version = XTABLES_VERSION,
188 .family = NFPROTO_UNSPEC,
189 .size = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
190 .userspacesize = XT_ALIGN(sizeof(struct xt_recent_mtinfo)),
191 .help = recent_help,
192 .init = recent_init,
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]193 .x6_parse = recent_parse,
194 .x6_fcheck = recent_check,
Jan Engelhardte1df2212011-02-15 12:02:51 +0100[diff] [blame]195 .print = recent_print,
196 .save = recent_save,
Jan Engelhardt51a746e2011-05-04 12:30:15 +0200[diff] [blame]197 .x6_options = recent_opts,
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]198};
199
200void _init(void)
201{
Jan Engelhardt8b7c64d2008-04-15 11:48:25 +0200[diff] [blame]202 xtables_register_match(&recent_mt_reg);
Stephen Frost93c7e5a2001-11-08 22:35:03 +0000[diff] [blame]203}