Home | History | Annotate | Download | only in extensions 
      1 #include <math.h>
      2 #include <stdio.h>
      3 #include <string.h>
      4 #include <xtables.h>
      5 #include <linux/netfilter/xt_statistic.h>
      6 
      7 enum {
      8 	O_MODE = 0,
      9 	O_PROBABILITY,
     10 	O_EVERY,
     11 	O_PACKET,
     12 	F_PROBABILITY = 1 << O_PROBABILITY,
     13 	F_EVERY       = 1 << O_EVERY,
     14 	F_PACKET      = 1 << O_PACKET,
     15 };
     16 
     17 static void statistic_help(void)
     18 {
     19 	printf(
     20 "statistic match options:\n"
     21 " --mode mode                    Match mode (random, nth)\n"
     22 " random mode:\n"
     23 "[!] --probability p		 Probability\n"
     24 " nth mode:\n"
     25 "[!] --every n			 Match every nth packet\n"
     26 " --packet p			 Initial counter value (0 <= p <= n-1, default 0)\n");
     27 }
     28 
     29 #define s struct xt_statistic_info
     30 static const struct xt_option_entry statistic_opts[] = {
     31 	{.name = "mode", .id = O_MODE, .type = XTTYPE_STRING,
     32 	 .flags = XTOPT_MAND},
     33 	{.name = "probability", .id = O_PROBABILITY, .type = XTTYPE_DOUBLE,
     34 	 .flags = XTOPT_INVERT, .min = 0, .max = 1,
     35 	 .excl = F_EVERY | F_PACKET},
     36 	{.name = "every", .id = O_EVERY, .type = XTTYPE_UINT32, .min = 1,
     37 	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, u.nth.every),
     38 	 .excl = F_PROBABILITY, .also = F_PACKET},
     39 	{.name = "packet", .id = O_PACKET, .type = XTTYPE_UINT32,
     40 	 .flags = XTOPT_PUT, XTOPT_POINTER(s, u.nth.packet),
     41 	 .excl = F_PROBABILITY, .also = F_EVERY},
     42 	XTOPT_TABLEEND,
     43 };
     44 #undef s
     45 
     46 static void statistic_parse(struct xt_option_call *cb)
     47 {
     48 	struct xt_statistic_info *info = cb->data;
     49 
     50 	if (cb->invert)
     51 		info->flags |= XT_STATISTIC_INVERT;
     52 
     53 	xtables_option_parse(cb);
     54 	switch (cb->entry->id) {
     55 	case O_MODE:
     56 		if (strcmp(cb->arg, "random") == 0)
     57 			info->mode = XT_STATISTIC_MODE_RANDOM;
     58 		else if (strcmp(cb->arg, "nth") == 0)
     59 			info->mode = XT_STATISTIC_MODE_NTH;
     60 		else
     61 			xtables_error(PARAMETER_PROBLEM, "Bad mode \"%s\"",
     62 				cb->arg);
     63 		break;
     64 	case O_PROBABILITY:
     65 		info->u.random.probability = lround(0x80000000 * cb->val.dbl);
     66 		break;
     67 	case O_EVERY:
     68 		--info->u.nth.every;
     69 		break;
     70 	}
     71 }
     72 
     73 static void statistic_check(struct xt_fcheck_call *cb)
     74 {
     75 	struct xt_statistic_info *info = cb->data;
     76 
     77 	if (info->mode == XT_STATISTIC_MODE_RANDOM &&
     78 	    !(cb->xflags & F_PROBABILITY))
     79 		xtables_error(PARAMETER_PROBLEM,
     80 			"--probability must be specified when using "
     81 			"random mode");
     82 	if (info->mode == XT_STATISTIC_MODE_NTH &&
     83 	    !(cb->xflags & (F_EVERY | F_PACKET)))
     84 		xtables_error(PARAMETER_PROBLEM,
     85 			"--every and --packet must be specified when "
     86 			"using nth mode");
     87 
     88 	/* at this point, info->u.nth.every have been decreased. */
     89 	if (info->u.nth.packet > info->u.nth.every)
     90 		xtables_error(PARAMETER_PROBLEM,
     91 			  "the --packet p must be 0 <= p <= n-1");
     92 
     93 	info->u.nth.count = info->u.nth.every - info->u.nth.packet;
     94 }
     95 
     96 static void print_match(const struct xt_statistic_info *info, char *prefix)
     97 {
     98 	switch (info->mode) {
     99 	case XT_STATISTIC_MODE_RANDOM:
    100 		printf(" %smode random%s %sprobability %.11f", prefix,
    101 		       (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
    102 		       prefix,
    103 		       1.0 * info->u.random.probability / 0x80000000);
    104 		break;
    105 	case XT_STATISTIC_MODE_NTH:
    106 		printf(" %smode nth%s %severy %u", prefix,
    107 		       (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
    108 		       prefix,
    109 		       info->u.nth.every + 1);
    110 		if (info->u.nth.packet)
    111 			printf(" %spacket %u", prefix, info->u.nth.packet);
    112 		break;
    113 	}
    114 }
    115 
    116 static void
    117 statistic_print(const void *ip, const struct xt_entry_match *match, int numeric)
    118 {
    119 	const struct xt_statistic_info *info = (const void *)match->data;
    120 
    121 	printf(" statistic");
    122 	print_match(info, "");
    123 }
    124 
    125 static void statistic_save(const void *ip, const struct xt_entry_match *match)
    126 {
    127 	const struct xt_statistic_info *info = (const void *)match->data;
    128 
    129 	print_match(info, "--");
    130 }
    131 
    132 static struct xtables_match statistic_match = {
    133 	.family		= NFPROTO_UNSPEC,
    134 	.name		= "statistic",
    135 	.version	= XTABLES_VERSION,
    136 	.size		= XT_ALIGN(sizeof(struct xt_statistic_info)),
    137 	.userspacesize	= offsetof(struct xt_statistic_info, u.nth.count),
    138 	.help		= statistic_help,
    139 	.x6_parse	= statistic_parse,
    140 	.x6_fcheck	= statistic_check,
    141 	.print		= statistic_print,
    142 	.save		= statistic_save,
    143 	.x6_options	= statistic_opts,
    144 };
    145 
    146 void _init(void)
    147 {
    148 	xtables_register_match(&statistic_match);
    149 }
    150