X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=extensions%2Flibxt_connbytes.c;fp=extensions%2Flibxt_connbytes.c;h=0000000000000000000000000000000000000000;hb=f81615a1b6e71d36b4f49a38c04805cc52a146c2;hp=64faa8f1fdc8b78e9e61a89b2a3ccb91110b09be;hpb=38258638166a4aee377b55922610aa57c410e6f9;p=iptables.git diff --git a/extensions/libxt_connbytes.c b/extensions/libxt_connbytes.c deleted file mode 100644 index 64faa8f..0000000 --- a/extensions/libxt_connbytes.c +++ /dev/null @@ -1,219 +0,0 @@ -/* Shared library add-on to iptables to add byte tracking support. */ -#include -#include -#include -#include -#include -#include -#include -#include - -/* Function which prints out usage message. */ -static void connbytes_help(void) -{ - printf( -"connbytes match options:\n" -" [!] --connbytes from:[to]\n" -" --connbytes-dir [original, reply, both]\n" -" --connbytes-mode [packets, bytes, avgpkt]\n"); -} - -static const struct option connbytes_opts[] = { - { "connbytes", 1, NULL, '1' }, - { "connbytes-dir", 1, NULL, '2' }, - { "connbytes-mode", 1, NULL, '3' }, - { .name = NULL } -}; - -static void -parse_range(const char *arg, struct xt_connbytes_info *si) -{ - char *colon,*p; - - si->count.from = strtoul(arg,&colon,10); - if (*colon != ':') - exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg); - si->count.to = strtoul(colon+1,&p,10); - if (p == colon+1) { - /* second number omited */ - si->count.to = 0xffffffff; - } - if (si->count.from > si->count.to) - exit_error(PARAMETER_PROBLEM, "%llu should be less than %llu", - (unsigned long long)si->count.from, - (unsigned long long)si->count.to); -} - -/* Function which parses command options; returns true if it - ate an option */ -static int -connbytes_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) -{ - struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)(*match)->data; - unsigned long i; - - switch (c) { - case '1': - if (check_inverse(optarg, &invert, &optind, 0)) - optind++; - - parse_range(argv[optind-1], sinfo); - if (invert) { - i = sinfo->count.from; - sinfo->count.from = sinfo->count.to; - sinfo->count.to = i; - } - *flags |= 1; - break; - case '2': - if (!strcmp(optarg, "original")) - sinfo->direction = XT_CONNBYTES_DIR_ORIGINAL; - else if (!strcmp(optarg, "reply")) - sinfo->direction = XT_CONNBYTES_DIR_REPLY; - else if (!strcmp(optarg, "both")) - sinfo->direction = XT_CONNBYTES_DIR_BOTH; - else - exit_error(PARAMETER_PROBLEM, - "Unknown --connbytes-dir `%s'", optarg); - - *flags |= 2; - break; - case '3': - if (!strcmp(optarg, "packets")) - sinfo->what = XT_CONNBYTES_PKTS; - else if (!strcmp(optarg, "bytes")) - sinfo->what = XT_CONNBYTES_BYTES; - else if (!strcmp(optarg, "avgpkt")) - sinfo->what = XT_CONNBYTES_AVGPKT; - else - exit_error(PARAMETER_PROBLEM, - "Unknown --connbytes-mode `%s'", optarg); - *flags |= 4; - break; - default: - return 0; - } - - return 1; -} - -static void connbytes_check(unsigned int flags) -{ - if (flags != 7) - exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'" - "`--connbytes-dir' and `--connbytes-mode'"); -} - -static void print_mode(struct xt_connbytes_info *sinfo) -{ - switch (sinfo->what) { - case XT_CONNBYTES_PKTS: - fputs("packets ", stdout); - break; - case XT_CONNBYTES_BYTES: - fputs("bytes ", stdout); - break; - case XT_CONNBYTES_AVGPKT: - fputs("avgpkt ", stdout); - break; - default: - fputs("unknown ", stdout); - break; - } -} - -static void print_direction(struct xt_connbytes_info *sinfo) -{ - switch (sinfo->direction) { - case XT_CONNBYTES_DIR_ORIGINAL: - fputs("original ", stdout); - break; - case XT_CONNBYTES_DIR_REPLY: - fputs("reply ", stdout); - break; - case XT_CONNBYTES_DIR_BOTH: - fputs("both ", stdout); - break; - default: - fputs("unknown ", stdout); - break; - } -} - -/* Prints out the matchinfo. */ -static void -connbytes_print(const void *ip, const struct xt_entry_match *match, int numeric) -{ - struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data; - - if (sinfo->count.from > sinfo->count.to) - printf("connbytes ! %llu:%llu ", - (unsigned long long)sinfo->count.to, - (unsigned long long)sinfo->count.from); - else - printf("connbytes %llu:%llu ", - (unsigned long long)sinfo->count.from, - (unsigned long long)sinfo->count.to); - - fputs("connbytes mode ", stdout); - print_mode(sinfo); - - fputs("connbytes direction ", stdout); - print_direction(sinfo); -} - -/* Saves the matchinfo in parsable form to stdout. */ -static void connbytes_save(const void *ip, const struct xt_entry_match *match) -{ - struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data; - - if (sinfo->count.from > sinfo->count.to) - printf("! --connbytes %llu:%llu ", - (unsigned long long)sinfo->count.to, - (unsigned long long)sinfo->count.from); - else - printf("--connbytes %llu:%llu ", - (unsigned long long)sinfo->count.from, - (unsigned long long)sinfo->count.to); - - fputs("--connbytes-mode ", stdout); - print_mode(sinfo); - - fputs("--connbytes-dir ", stdout); - print_direction(sinfo); -} - -static struct xtables_match connbytes_match = { - .family = AF_INET, - .name = "connbytes", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_connbytes_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)), - .help = connbytes_help, - .parse = connbytes_parse, - .final_check = connbytes_check, - .print = connbytes_print, - .save = connbytes_save, - .extra_opts = connbytes_opts, -}; - -static struct xtables_match connbytes_match6 = { - .family = AF_INET6, - .name = "connbytes", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_connbytes_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_connbytes_info)), - .help = connbytes_help, - .parse = connbytes_parse, - .final_check = connbytes_check, - .print = connbytes_print, - .save = connbytes_save, - .extra_opts = connbytes_opts, -}; - -void _init(void) -{ - xtables_register_match(&connbytes_match); - xtables_register_match(&connbytes_match6); -}