2 Shared library add-on to iptables to add match support for the fuzzy match.
4 This file is distributed under the terms of the GNU General Public
5 License (GPL). Copies of the GPL can be obtained from:
6 ftp://prep.ai.mit.edu/pub/gnu/GPL
8 2002-08-07 Hime Aguiar e Oliveira Jr. <hime@engineer.com> : Initial version.
9 2003-06-09 Hime Aguiar e Oliveira Jr. <hime@engineer.com> : Bug corrections in
10 the save function , thanks to information given by Jean-Francois Patenaude .
21 #include <linux/netfilter_ipv4/ip_tables.h>
22 #include <linux/netfilter_ipv4/ipt_fuzzy.h>
29 "fuzzy v%s options:\n"
30 " --lower-limit number (in packets per second)\n"
31 " --upper-limit number\n"
35 static struct option opts[] = {
36 { "lower-limit", 1 , 0 , '1' } ,
37 { "upper-limit", 1 , 0 , '2' } ,
41 /* Initialize data structures */
43 init(struct ipt_entry_match *m, unsigned int *nfcache)
45 struct ipt_fuzzy_info *presentinfo = (struct ipt_fuzzy_info *)(m)->data;
46 *nfcache |= NFC_UNKNOWN;
49 * Default rates ( I'll improve this very soon with something based
50 * on real statistics of the running machine ) .
53 presentinfo->minimum_rate = 1000;
54 presentinfo->maximum_rate = 2000;
57 #define IPT_FUZZY_OPT_MINIMUM 0x01
58 #define IPT_FUZZY_OPT_MAXIMUM 0x02
61 parse(int c, char **argv, int invert, unsigned int *flags,
62 const struct ipt_entry *entry,
63 unsigned int *nfcache,
64 struct ipt_entry_match **match)
67 struct ipt_fuzzy_info *fuzzyinfo = (struct ipt_fuzzy_info *)(*match)->data;
76 exit_error(PARAMETER_PROBLEM,"Can't specify ! --lower-limit");
78 if (*flags & IPT_FUZZY_OPT_MINIMUM)
79 exit_error(PARAMETER_PROBLEM,"Can't specify --lower-limit twice");
81 if (string_to_number(optarg,1,MAXFUZZYRATE,&num) == -1 || num < 1)
82 exit_error(PARAMETER_PROBLEM,"BAD --lower-limit");
84 fuzzyinfo->minimum_rate = num ;
86 *flags |= IPT_FUZZY_OPT_MINIMUM;
93 exit_error(PARAMETER_PROBLEM,"Can't specify ! --upper-limit");
95 if (*flags & IPT_FUZZY_OPT_MAXIMUM)
96 exit_error(PARAMETER_PROBLEM,"Can't specify --upper-limit twice");
98 if (string_to_number(optarg,1,MAXFUZZYRATE,&num) == -1 || num < 1)
99 exit_error(PARAMETER_PROBLEM,"BAD --upper-limit");
101 fuzzyinfo->maximum_rate = num ;
103 *flags |= IPT_FUZZY_OPT_MAXIMUM;
113 static void final_check(unsigned int flags)
118 print(const struct ipt_ip *ip,
119 const struct ipt_entry_match *match,
122 const struct ipt_fuzzy_info *fuzzyinfo
123 = (const struct ipt_fuzzy_info *)match->data;
125 printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ",fuzzyinfo->minimum_rate,fuzzyinfo->maximum_rate);
129 /* Saves the union ipt_targinfo in parsable form to stdout. */
131 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
133 const struct ipt_fuzzy_info *fuzzyinfo
134 = (const struct ipt_fuzzy_info *)match->data;
136 printf("--lower-limit %u ",fuzzyinfo->minimum_rate);
137 printf("--upper-limit %u ",fuzzyinfo->maximum_rate);
141 struct iptables_match fuzzy_match
145 IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
146 IPT_ALIGN(sizeof(struct ipt_fuzzy_info)),
158 register_match(&fuzzy_match);