search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / ebtables / extensions / ebt_nflog.c
blob0cd10e05f1c336206834a9d54cbe2373c24718d1
1 /* ebt_nflog
2 *
3 * Authors:
4 * Peter Warasin <peter@endian.com>
5 *
6 * February, 2008
7 *
8 * Based on:
9 * ebt_ulog.c, (C) 2004, Bart De Schuymer <bdschuym@pandora.be>
10 * libxt_NFLOG.c
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <getopt.h>
17 #include "../include/ebtables_u.h"
18 #include <linux/netfilter_bridge/ebt_nflog.h>
19
20 enum {
21 NFLOG_GROUP = 0x1,
22 NFLOG_PREFIX = 0x2,
23 NFLOG_RANGE = 0x4,
24 NFLOG_THRESHOLD = 0x8,
25 NFLOG_NFLOG = 0x16,
26 };
27
28 static struct option nflog_opts[] = {
29 {"nflog-group", required_argument, NULL, NFLOG_GROUP},
30 {"nflog-prefix", required_argument, NULL, NFLOG_PREFIX},
31 {"nflog-range", required_argument, NULL, NFLOG_RANGE},
32 {"nflog-threshold", required_argument, NULL, NFLOG_THRESHOLD},
33 {"nflog", no_argument, NULL, NFLOG_NFLOG},
34 {.name = NULL}
35 };
36
37 static void nflog_help()
38 {
39 printf("nflog options:\n"
40 "--nflog : use the default nflog parameters\n"
41 "--nflog-prefix prefix : Prefix string for log message\n"
42 "--nflog-group group : NETLINK group used for logging\n"
43 "--nflog-range range : Number of byte to copy\n"
44 "--nflog-threshold : Message threshold of"
45 "in-kernel queue\n");
46 }
47
48 static void init(struct ebt_entry_watcher *watcher)
49 {
50 struct ebt_nflog_info *info = (struct ebt_nflog_info *)watcher->data;
51
52 info->prefix[0] = '\0';
53 info->group = EBT_NFLOG_DEFAULT_GROUP;
54 info->threshold = EBT_NFLOG_DEFAULT_THRESHOLD;
55 }
56
57 static int nflog_parse(int c, char **argv, int argc,
58 const struct ebt_u_entry *entry, unsigned int *flags,
59 struct ebt_entry_watcher **watcher)
60 {
61 struct ebt_nflog_info *info;
62 unsigned int i;
63 char *end;
64
65 info = (struct ebt_nflog_info *)(*watcher)->data;
66 switch (c) {
67 case NFLOG_PREFIX:
68 if (ebt_check_inverse2(optarg))
69 goto inverse_invalid;
70 ebt_check_option2(flags, NFLOG_PREFIX);
71 if (strlen(optarg) > EBT_NFLOG_PREFIX_SIZE - 1)
72 ebt_print_error("Prefix too long for nflog-prefix");
73 strcpy(info->prefix, optarg);
74 break;
75
76 case NFLOG_GROUP:
77 if (ebt_check_inverse2(optarg))
78 goto inverse_invalid;
79 ebt_check_option2(flags, NFLOG_GROUP);
80 i = strtoul(optarg, &end, 10);
81 if (*end != '\0')
82 ebt_print_error2("--nflog-group must be a number!");
83 info->group = i;
84 break;
85
86 case NFLOG_RANGE:
87 if (ebt_check_inverse2(optarg))
88 goto inverse_invalid;
89 ebt_check_option2(flags, NFLOG_RANGE);
90 i = strtoul(optarg, &end, 10);
91 if (*end != '\0')
92 ebt_print_error2("--nflog-range must be a number!");
93 info->len = i;
94 break;
95
96 case NFLOG_THRESHOLD:
97 if (ebt_check_inverse2(optarg))
98 goto inverse_invalid;
99 ebt_check_option2(flags, NFLOG_THRESHOLD);
100 i = strtoul(optarg, &end, 10);
101 if (*end != '\0')
102 ebt_print_error2("--nflog-threshold must be a number!");
103 info->threshold = i;
104 break;
105 case NFLOG_NFLOG:
106 if (ebt_check_inverse(optarg))
107 goto inverse_invalid;
108 ebt_check_option2(flags, NFLOG_NFLOG);
109 break;
110
111 default:
112 return 0;
113 }
114 return 1;
115
116 inverse_invalid:
117 ebt_print_error("The use of '!' makes no sense for the nflog watcher");
118 return 1;
119 }
120
121 static void nflog_final_check(const struct ebt_u_entry *entry,
122 const struct ebt_entry_watcher *watcher,
123 const char *name, unsigned int hookmask,
124 unsigned int time)
125 {
126 }
127
128 static void nflog_print(const struct ebt_u_entry *entry,
129 const struct ebt_entry_watcher *watcher)
130 {
131 struct ebt_nflog_info *info = (struct ebt_nflog_info *)watcher->data;
132
133 if (info->prefix[0] != '\0')
134 printf("--nflog-prefix \"%s\"", info->prefix);
135 if (info->group)
136 printf("--nflog-group %d ", info->group);
137 if (info->len)
138 printf("--nflog-range %d", info->len);
139 if (info->threshold != EBT_NFLOG_DEFAULT_THRESHOLD)
140 printf(" --nflog-threshold %d ", info->threshold);
141 }
142
143 static int nflog_compare(const struct ebt_entry_watcher *w1,
144 const struct ebt_entry_watcher *w2)
145 {
146 struct ebt_nflog_info *info1 = (struct ebt_nflog_info *)w1->data;
147 struct ebt_nflog_info *info2 = (struct ebt_nflog_info *)w2->data;
148
149 if (info1->group != info2->group ||
150 info1->len != info2->len ||
151 info1->threshold != info2->threshold ||
152 strcmp(info1->prefix, info2->prefix))
153 return 0;
154 return 1;
155 }
156
157 static struct ebt_u_watcher nflog_watcher = {
158 .name = "nflog",
159 .size = sizeof(struct ebt_nflog_info),
160 .help = nflog_help,
161 .init = init,
162 .parse = nflog_parse,
163 .final_check = nflog_final_check,
164 .print = nflog_print,
165 .compare = nflog_compare,
166 .extra_ops = nflog_opts,
167 };
168
169 void _init(void)
170 {
171 ebt_register_watcher(&nflog_watcher);
172 }