search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / ebtables / extensions / ebt_limit.c
blobee40e5ccc91721ae89e1a77cb9c7f69a242ef9c5
1 /* ebt_limit
2 *
3 * Authors:
4 * Tom Marshall <tommy@home.tig-grr.com>
5 *
6 * Mostly copied from iptables' limit match.
7 *
8 * September, 2003
9 */
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <getopt.h>
15 #include <errno.h>
16 #include "../include/ebtables_u.h"
17 #include <linux/netfilter_bridge/ebt_limit.h>
18
19 #define EBT_LIMIT_AVG "3/hour"
20 #define EBT_LIMIT_BURST 5
21
22 static int string_to_number(const char *s, unsigned int min, unsigned int max,
23 unsigned int *ret)
24 {
25 long number;
26 char *end;
27
28 errno = 0;
29 number = strtol(s, &end, 0);
30 if (*end == '\0' && end != s) {
31 if (errno != ERANGE && min <= number && number <= max) {
32 *ret = number;
33 return 0;
34 }
35 }
36 return -1;
37 }
38
39 #define FLAG_LIMIT 0x01
40 #define FLAG_LIMIT_BURST 0x02
41 #define ARG_LIMIT '1'
42 #define ARG_LIMIT_BURST '2'
43
44 static struct option opts[] =
45 {
46 { "limit", required_argument, 0, ARG_LIMIT },
47 { "limit-burst", required_argument, 0, ARG_LIMIT_BURST },
48 { 0 }
49 };
50
51 static void print_help(void)
52 {
53 printf(
54 "limit options:\n"
55 "--limit avg : max average match rate: default "EBT_LIMIT_AVG"\n"
56 " [Packets per second unless followed by \n"
57 " /sec /minute /hour /day postfixes]\n"
58 "--limit-burst number : number to match in a burst, -1 < number < 10001,\n"
59 " default %u\n", EBT_LIMIT_BURST);
60 }
61
62 static int parse_rate(const char *rate, u_int32_t *val)
63 {
64 const char *delim;
65 u_int32_t r;
66 u_int32_t mult = 1; /* Seconds by default. */
67
68 delim = strchr(rate, '/');
69 if (delim) {
70 if (strlen(delim+1) == 0)
71 return 0;
72
73 if (strncasecmp(delim+1, "second", strlen(delim+1)) == 0)
74 mult = 1;
75 else if (strncasecmp(delim+1, "minute", strlen(delim+1)) == 0)
76 mult = 60;
77 else if (strncasecmp(delim+1, "hour", strlen(delim+1)) == 0)
78 mult = 60*60;
79 else if (strncasecmp(delim+1, "day", strlen(delim+1)) == 0)
80 mult = 24*60*60;
81 else
82 return 0;
83 }
84 r = atoi(rate);
85 if (!r)
86 return 0;
87
88 /* This would get mapped to infinite (1/day is minimum they
89 can specify, so we're ok at that end). */
90 if (r / mult > EBT_LIMIT_SCALE)
91 return 0;
92
93 *val = EBT_LIMIT_SCALE * mult / r;
94 return 1;
95 }
96
97 /* Initialize the match. */
98 static void init(struct ebt_entry_match *m)
99 {
100 struct ebt_limit_info *r = (struct ebt_limit_info *)m->data;
101
102 parse_rate(EBT_LIMIT_AVG, &r->avg);
103 r->burst = EBT_LIMIT_BURST;
104 }
105
106 /* FIXME: handle overflow:
107 if (r->avg*r->burst/r->burst != r->avg)
108 exit_error(PARAMETER_PROBLEM,
109 "Sorry: burst too large for that avg rate.\n");
110 */
111
112 static int parse(int c, char **argv, int argc,
113 const struct ebt_u_entry *entry,
114 unsigned int *flags,
115 struct ebt_entry_match **match)
116 {
117 struct ebt_limit_info *r = (struct ebt_limit_info *)(*match)->data;
118 unsigned int num;
119
120 switch(c) {
121 case ARG_LIMIT:
122 ebt_check_option2(flags, FLAG_LIMIT);
123 if (ebt_check_inverse2(optarg))
124 ebt_print_error2("Unexpected `!' after --limit");
125 if (!parse_rate(optarg, &r->avg))
126 ebt_print_error2("bad rate `%s'", optarg);
127 break;
128
129 case ARG_LIMIT_BURST:
130 ebt_check_option2(flags, FLAG_LIMIT_BURST);
131 if (ebt_check_inverse2(optarg))
132 ebt_print_error2("Unexpected `!' after --limit-burst");
133 if (string_to_number(optarg, 0, 10000, &num) == -1)
134 ebt_print_error2("bad --limit-burst `%s'", optarg);
135 r->burst = num;
136 break;
137
138 default:
139 return 0;
140 }
141
142 return 1;
143 }
144
145 static void final_check(const struct ebt_u_entry *entry,
146 const struct ebt_entry_match *match, const char *name,
147 unsigned int hookmask, unsigned int time)
148 {
149 }
150
151 struct rates
152 {
153 const char *name;
154 u_int32_t mult;
155 };
156
157 static struct rates g_rates[] =
158 {
159 { "day", EBT_LIMIT_SCALE*24*60*60 },
160 { "hour", EBT_LIMIT_SCALE*60*60 },
161 { "min", EBT_LIMIT_SCALE*60 },
162 { "sec", EBT_LIMIT_SCALE }
163 };
164
165 static void print_rate(u_int32_t period)
166 {
167 unsigned int i;
168
169 for (i = 1; i < sizeof(g_rates)/sizeof(struct rates); i++)
170 if (period > g_rates[i].mult ||
171 g_rates[i].mult/period < g_rates[i].mult%period)
172 break;
173
174 printf("%u/%s ", g_rates[i-1].mult / period, g_rates[i-1].name);
175 }
176
177 static void print(const struct ebt_u_entry *entry,
178 const struct ebt_entry_match *match)
179 {
180 struct ebt_limit_info *r = (struct ebt_limit_info *)match->data;
181
182 printf("--limit ");
183 print_rate(r->avg);
184 printf("--limit-burst %u ", r->burst);
185 }
186
187 static int compare(const struct ebt_entry_match* m1,
188 const struct ebt_entry_match *m2)
189 {
190 struct ebt_limit_info* li1 = (struct ebt_limit_info*)m1->data;
191 struct ebt_limit_info* li2 = (struct ebt_limit_info*)m2->data;
192
193 if (li1->avg != li2->avg)
194 return 0;
195
196 if (li1->burst != li2->burst)
197 return 0;
198
199 return 1;
200 }
201
202 static struct ebt_u_match limit_match =
203 {
204 .name = "limit",
205 .size = sizeof(struct ebt_limit_info),
206 .help = print_help,
207 .init = init,
208 .parse = parse,
209 .final_check = final_check,
210 .print = print,
211 .compare = compare,
212 .extra_ops = opts,
213 };
214
215 void _init(void)
216 {
217 ebt_register_match(&limit_match);
218 }