diff options
author | HyungKyu Song <hk76.song@samsung.com> | 2013-02-16 00:06:47 +0900 |
---|---|---|
committer | HyungKyu Song <hk76.song@samsung.com> | 2013-02-16 00:06:47 +0900 |
commit | ebceb903d97f38aa6f4110c455367492c8b94f6c (patch) | |
tree | 5d21c5f26a156067e733c9faa79782ecc26196e9 /extensions/libxt_NFLOG.c | |
parent | dbc5ef4889caa206f4d47d83345357780ceef73e (diff) | |
download | iptables-tizen_2.0.tar.gz iptables-tizen_2.0.tar.bz2 iptables-tizen_2.0.zip |
Diffstat (limited to 'extensions/libxt_NFLOG.c')
-rw-r--r-- | extensions/libxt_NFLOG.c | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c new file mode 100644 index 0000000..e2185d5 --- /dev/null +++ b/extensions/libxt_NFLOG.c @@ -0,0 +1,158 @@ +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <getopt.h> +#include <xtables.h> + +#include <linux/netfilter/x_tables.h> +#include <linux/netfilter/xt_NFLOG.h> + +enum { + NFLOG_GROUP = 0x1, + NFLOG_PREFIX = 0x2, + NFLOG_RANGE = 0x4, + NFLOG_THRESHOLD = 0x8, +}; + +static const struct option NFLOG_opts[] = { + { "nflog-group", 1, NULL, NFLOG_GROUP }, + { "nflog-prefix", 1, NULL, NFLOG_PREFIX }, + { "nflog-range", 1, NULL, NFLOG_RANGE }, + { "nflog-threshold", 1, NULL, NFLOG_THRESHOLD }, + { .name = NULL } +}; + +static void NFLOG_help(void) +{ + printf("NFLOG target options:\n" + " --nflog-group NUM NETLINK group used for logging\n" + " --nflog-range NUM Number of byte to copy\n" + " --nflog-threshold NUM Message threshold of in-kernel queue\n" + " --nflog-prefix STRING Prefix string for log messages\n"); +} + +static void NFLOG_init(struct xt_entry_target *t) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)t->data; + + info->group = 0; + info->threshold = XT_NFLOG_DEFAULT_THRESHOLD; +} + +static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_target **target) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data; + int n; + size_t length; + + switch (c) { + case NFLOG_GROUP: + if (*flags & NFLOG_GROUP) + xtables_error(PARAMETER_PROBLEM, + "Can't specify --nflog-group twice"); + if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) + xtables_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-group"); + + n = atoi(optarg); + if (n < 0) + xtables_error(PARAMETER_PROBLEM, + "--nflog-group can not be negative"); + info->group = n; + break; + case NFLOG_PREFIX: + if (*flags & NFLOG_PREFIX) + xtables_error(PARAMETER_PROBLEM, + "Can't specify --nflog-prefix twice"); + if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) + xtables_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-prefix"); + + length = strlen(optarg); + if (length == 0) + xtables_error(PARAMETER_PROBLEM, + "No prefix specified for --nflog-prefix"); + if (length >= sizeof(info->prefix)) + xtables_error(PARAMETER_PROBLEM, + "--nflog-prefix too long, max %Zu characters", + sizeof(info->prefix) - 1); + if (length != strlen(strtok(optarg, "\n"))) + xtables_error(PARAMETER_PROBLEM, + "Newlines are not allowed in --nflog-prefix"); + strcpy(info->prefix, optarg); + break; + case NFLOG_RANGE: + if (*flags & NFLOG_RANGE) + xtables_error(PARAMETER_PROBLEM, + "Can't specify --nflog-range twice"); + n = atoi(optarg); + if (n < 0) + xtables_error(PARAMETER_PROBLEM, + "Invalid --nflog-range, must be >= 0"); + info->len = n; + break; + case NFLOG_THRESHOLD: + if (*flags & NFLOG_THRESHOLD) + xtables_error(PARAMETER_PROBLEM, + "Can't specify --nflog-threshold twice"); + n = atoi(optarg); + if (n < 1) + xtables_error(PARAMETER_PROBLEM, + "Invalid --nflog-threshold, must be >= 1"); + info->threshold = n; + break; + default: + return 0; + } + *flags |= c; + return 1; +} + +static void nflog_print(const struct xt_nflog_info *info, char *prefix) +{ + if (info->prefix[0] != '\0') { + printf("%snflog-prefix ", prefix); + xtables_save_string(info->prefix); + } + if (info->group) + printf("%snflog-group %u ", prefix, info->group); + if (info->len) + printf("%snflog-range %u ", prefix, info->len); + if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) + printf("%snflog-threshold %u ", prefix, info->threshold); +} + +static void NFLOG_print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, ""); +} + +static void NFLOG_save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, "--"); +} + +static struct xtables_target nflog_target = { + .family = NFPROTO_UNSPEC, + .name = "NFLOG", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_nflog_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), + .help = NFLOG_help, + .init = NFLOG_init, + .parse = NFLOG_parse, + .print = NFLOG_print, + .save = NFLOG_save, + .extra_opts = NFLOG_opts, +}; + +void _init(void) +{ + xtables_register_target(&nflog_target); +} |