Home | History | Annotate | Download | only in extensions 
      1 /* ebt_nflog
      2  *
      3  * Authors:
      4  * Peter Warasin <peter (at) endian.com>
      5  *
      6  *  February, 2008
      7  *
      8  * Based on:
      9  *  ebt_ulog.c, (C) 2004, Bart De Schuymer <bdschuym (at) pandora.be>
     10  *  libxt_NFLOG.c
     11  *
     12  * Adapted to libxtables for ebtables-compat in 2015 by
     13  * Arturo Borrero Gonzalez <arturo (at) debian.org>
     14  */
     15 
     16 #include <stdio.h>
     17 #include <stdlib.h>
     18 #include <string.h>
     19 #include <getopt.h>
     20 #include <xtables.h>
     21 #include "iptables/nft.h"
     22 #include "iptables/nft-bridge.h"
     23 #include <linux/netfilter_bridge/ebt_nflog.h>
     24 
     25 enum {
     26 	NFLOG_GROUP	= 0x1,
     27 	NFLOG_PREFIX	= 0x2,
     28 	NFLOG_RANGE	= 0x4,
     29 	NFLOG_THRESHOLD	= 0x8,
     30 	NFLOG_NFLOG	= 0x16,
     31 };
     32 
     33 static struct option brnflog_opts[] = {
     34 	{ .name = "nflog-group",     .has_arg = true,  .val = NFLOG_GROUP},
     35 	{ .name = "nflog-prefix",    .has_arg = true,  .val = NFLOG_PREFIX},
     36 	{ .name = "nflog-range",     .has_arg = true,  .val = NFLOG_RANGE},
     37 	{ .name = "nflog-threshold", .has_arg = true,  .val = NFLOG_THRESHOLD},
     38 	{ .name = "nflog",           .has_arg = false, .val = NFLOG_NFLOG},
     39 	XT_GETOPT_TABLEEND,
     40 };
     41 
     42 static void brnflog_help(void)
     43 {
     44 	printf("nflog options:\n"
     45 	       "--nflog               : use the default nflog parameters\n"
     46 	       "--nflog-prefix prefix : Prefix string for log message\n"
     47 	       "--nflog-group group   : NETLINK group used for logging\n"
     48 	       "--nflog-range range   : Number of byte to copy\n"
     49 	       "--nflog-threshold     : Message threshold of"
     50 	       "in-kernel queue\n");
     51 }
     52 
     53 static void brnflog_init(struct xt_entry_target *t)
     54 {
     55 	struct ebt_nflog_info *info = (struct ebt_nflog_info *)t->data;
     56 
     57 	info->prefix[0]	= '\0';
     58 	info->group	= EBT_NFLOG_DEFAULT_GROUP;
     59 	info->threshold = EBT_NFLOG_DEFAULT_THRESHOLD;
     60 }
     61 
     62 static int brnflog_parse(int c, char **argv, int invert, unsigned int *flags,
     63 			 const void *entry, struct xt_entry_target **target)
     64 {
     65 	struct ebt_nflog_info *info = (struct ebt_nflog_info *)(*target)->data;
     66 	unsigned int i;
     67 
     68 	if (invert)
     69 		xtables_error(PARAMETER_PROBLEM,
     70 			      "The use of '!' makes no sense for the"
     71 			      " nflog watcher");
     72 
     73 	switch (c) {
     74 	case NFLOG_PREFIX:
     75 		EBT_CHECK_OPTION(flags, NFLOG_PREFIX);
     76 		if (strlen(optarg) > EBT_NFLOG_PREFIX_SIZE - 1)
     77 			xtables_error(PARAMETER_PROBLEM,
     78 				      "Prefix too long for nflog-prefix");
     79 		strncpy(info->prefix, optarg, EBT_NFLOG_PREFIX_SIZE);
     80 		break;
     81 	case NFLOG_GROUP:
     82 		EBT_CHECK_OPTION(flags, NFLOG_GROUP);
     83 		if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
     84 			xtables_error(PARAMETER_PROBLEM,
     85 				      "--nflog-group must be a number!");
     86 		info->group = i;
     87 		break;
     88 	case NFLOG_RANGE:
     89 		EBT_CHECK_OPTION(flags, NFLOG_RANGE);
     90 		if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
     91 			xtables_error(PARAMETER_PROBLEM,
     92 				      "--nflog-range must be a number!");
     93 		info->len = i;
     94 		break;
     95 	case NFLOG_THRESHOLD:
     96 		EBT_CHECK_OPTION(flags, NFLOG_THRESHOLD);
     97 		if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
     98 			xtables_error(PARAMETER_PROBLEM,
     99 				      "--nflog-threshold must be a number!");
    100 		info->threshold = i;
    101 		break;
    102 	case NFLOG_NFLOG:
    103 		EBT_CHECK_OPTION(flags, NFLOG_NFLOG);
    104 		break;
    105 	default:
    106 		return 0;
    107 	}
    108 	return 1;
    109 }
    110 
    111 static void
    112 brnflog_print(const void *ip, const struct xt_entry_target *target,
    113 	      int numeric)
    114 {
    115 	struct ebt_nflog_info *info = (struct ebt_nflog_info *)target->data;
    116 
    117 	if (info->prefix[0] != '\0')
    118 		printf("--nflog-prefix \"%s\" ", info->prefix);
    119 	if (info->group)
    120 		printf("--nflog-group %d ", info->group);
    121 	if (info->len)
    122 		printf("--nflog-range %d ", info->len);
    123 	if (info->threshold != EBT_NFLOG_DEFAULT_THRESHOLD)
    124 		printf("--nflog-threshold %d ", info->threshold);
    125 }
    126 
    127 static struct xtables_target brnflog_watcher = {
    128 	.name		= "nflog",
    129 	.revision	= 0,
    130 	.version	= XTABLES_VERSION,
    131 	.family		= NFPROTO_BRIDGE,
    132 	.size		= XT_ALIGN(sizeof(struct ebt_nflog_info)),
    133 	.userspacesize	= XT_ALIGN(sizeof(struct ebt_nflog_info)),
    134 	.init		= brnflog_init,
    135 	.help		= brnflog_help,
    136 	.parse		= brnflog_parse,
    137 	.print		= brnflog_print,
    138 	.extra_opts	= brnflog_opts,
    139 };
    140 
    141 void _init(void)
    142 {
    143 	xtables_register_target(&brnflog_watcher);
    144 }
    145