1 /* Shared library add-on to iptables to add byte tracking support. */
8 #include <linux/netfilter_ipv4/ip_conntrack.h>
9 #include <linux/netfilter_ipv4/ipt_connbytes.h>
11 /* Function which prints out usage message. */
16 "connbytes v%s options:\n"
17 " [!] --connbytes from:[to]\n"
18 " Transfered byte range to match\n"
19 "\n", IPTABLES_VERSION);
22 static struct option opts[] = {
23 { "connbytes", 1, 0, '1' },
27 /* Initialize the match. */
29 init(struct ipt_entry_match *m, unsigned int *nfcache)
31 /* Can't cache this */
32 *nfcache |= NFC_UNKNOWN;
36 parse_range(const char *arg, struct ipt_connbytes_info *si)
40 si->from = strtol(arg,&colon,10);
42 exit_error(PARAMETER_PROBLEM, "Bad range `%s'", arg);
43 si->to = strtol(colon+1,&p,10);
45 /* second number omited */
48 if (si->from > si->to)
49 exit_error(PARAMETER_PROBLEM, "%lu should be less than %lu", si->from,si->to);
52 /* Function which parses command options; returns true if it
55 parse(int c, char **argv, int invert, unsigned int *flags,
56 const struct ipt_entry *entry,
57 unsigned int *nfcache,
58 struct ipt_entry_match **match)
60 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)(*match)->data;
65 if (check_inverse(optarg, &invert, optind, 0))
68 parse_range(argv[optind-1], sinfo);
71 sinfo->from = sinfo->to;
84 static void final_check(unsigned int flags)
87 exit_error(PARAMETER_PROBLEM, "You must specify `--connbytes'");
90 /* Prints out the matchinfo. */
92 print(const struct ipt_ip *ip,
93 const struct ipt_entry_match *match,
96 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
98 if (sinfo->from > sinfo->to)
99 printf("connbytes ! %lu:%lu",sinfo->to,sinfo->from);
101 printf("connbytes %lu:%lu",sinfo->from,sinfo->to);
104 /* Saves the matchinfo in parsable form to stdout. */
105 static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
107 struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
109 if (sinfo->from > sinfo->to)
110 printf("! --connbytes %lu:%lu",sinfo->to,sinfo->from);
112 printf("--connbytes %lu:%lu",sinfo->from,sinfo->to);
116 struct iptables_match state
120 IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
121 IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
133 register_match(&state);