[ipt_ACCOUNT] / iptables / extensions / libipt_ACCOUNT.c

/* Shared library add-on to iptables to add ACCOUNT(ing) support.
   Author: Intra2net AG <opensource@intra2net.com>
*/

#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include <getopt.h>
#include <stddef.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>

static struct option opts[] = {
    { .name = "addr",        .has_arg = 1, .flag = 0, .val = 'a' },
    { .name = "tname",       .has_arg = 1, .flag = 0, .val = 't' },
    { .name = 0 }
};

/* Function which prints out usage message. */
static void help(void)
{
    printf(
"ACCOUNT v%s options:\n"
" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
" --%s name\t\t\tTable name for the userspace library\n",
IPTABLES_VERSION, opts[0].name, opts[1].name);
}

/* Initialize the target. */
static void
init(struct xt_entry_target *t)
{
    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)t->data;

    accountinfo->table_nr = -1;
}

#define IPT_ACCOUNT_OPT_ADDR 0x01
#define IPT_ACCOUNT_OPT_TABLE 0x02

/* Function which parses command options; returns true if it
   ate an option */

static int parse(int c, char **argv, int invert, unsigned int *flags,
                     const void *entry, struct xt_entry_target **target)
{
    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)(*target)->data;
    struct in_addr *addrs = NULL, mask;
    unsigned int naddrs = 0;

    switch (c) {
    case 'a':
        if (*flags & IPT_ACCOUNT_OPT_ADDR)
                exit_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
                            opts[0].name);

        if (check_inverse(optarg, &invert, NULL, 0))
                exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
                            opts[0].name);

        //loginfo->level = parse_level(optarg);
        parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);

        if (naddrs > 1)
                exit_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");

        accountinfo->net_ip = addrs[0].s_addr;
        accountinfo->net_mask = mask.s_addr;

        *flags |= IPT_ACCOUNT_OPT_ADDR;
        break;

    case 't':
            if (*flags & IPT_ACCOUNT_OPT_TABLE)
                    exit_error(PARAMETER_PROBLEM,
                                "Can't specify --%s twice", opts[1].name);

            if (check_inverse(optarg, &invert, NULL, 0))
                    exit_error(PARAMETER_PROBLEM,
                                "Unexpected `!' after --%s", opts[1].name);

            if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
                    exit_error(PARAMETER_PROBLEM,
                                "Maximum table name length %u for --%s",
                                ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);

            strcpy(accountinfo->table_name, optarg);
            *flags |= IPT_ACCOUNT_OPT_TABLE;
            break;

    default:
            return 0;
    }
    return 1;
}

/* Final check; nothing. */
static void final_check(unsigned int flags)
{
    if (!(flags&IPT_ACCOUNT_OPT_ADDR) || !(flags&IPT_ACCOUNT_OPT_TABLE))
        exit_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
                    opts[0].name, opts[1].name);
}

static void print_it(const void *ip,
                     const struct xt_entry_target *target, char do_prefix)
{
    const struct ipt_acc_info *accountinfo
        = (const struct ipt_acc_info *)target->data;
    struct in_addr a;

    if (!do_prefix)
        printf("ACCOUNT ");

    // Network information
    if (do_prefix)
        printf("--");
    printf("%s ", opts[0].name);

    a.s_addr = accountinfo->net_ip;	
    printf("%s", addr_to_dotted(&a));
    a.s_addr = accountinfo->net_mask;
    printf("%s", mask_to_dotted(&a));

    printf(" ");
    if (do_prefix)
        printf("--");

    printf("%s %s", opts[1].name, accountinfo->table_name);
}


static void
print(const void *ip,
      const struct xt_entry_target *target,
      int numeric)
{
    print_it (ip, target, 0);
}

/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
save(const void *ip, const struct xt_entry_target *target)
{
    print_it(ip, target, 1);
}

static
struct iptables_target account
= {
    .next          = NULL,
    .name          = "ACCOUNT",
    .version       = IPTABLES_VERSION,
    .size          = IPT_ALIGN(sizeof(struct ipt_acc_info)),
    .userspacesize = offsetof(struct ipt_acc_info, table_nr),
    .help          = &help,
    .init          = &init,
    .parse         = &parse,
    .final_check   = &final_check,
    .print         = &print,
    .save          = &save,
    .extra_opts    = opts
};

void _init(void)
{
    register_target(&account);
}
Commit	Line	Data
146aa677 TJ	1	/* Shared library add-on to iptables to add ACCOUNT(ing) support.
	2	Author: Intra2net AG <opensource@intra2net.com>
	3	*/
	4
	5	#include <stdio.h>
	6	#include <netdb.h>
	7	#include <string.h>
	8	#include <stdlib.h>
	9	#include <syslog.h>
	10	#include <getopt.h>
e8bd93ad	11	#include <stddef.h>
146aa677 TJ	12	#include <iptables.h>
	13	#include <linux/netfilter_ipv4/ip_tables.h>
	14	#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>
	15
	16	static struct option opts[] = {
	17	{ .name = "addr", .has_arg = 1, .flag = 0, .val = 'a' },
	18	{ .name = "tname", .has_arg = 1, .flag = 0, .val = 't' },
	19	{ .name = 0 }
	20	};
	21
	22	/* Function which prints out usage message. */
	23	static void help(void)
	24	{
	25	printf(
	26	"ACCOUNT v%s options:\n"
	27	" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
	28	" --%s name\t\t\tTable name for the userspace library\n",
	29	IPTABLES_VERSION, opts[0].name, opts[1].name);
	30	}
	31
	32	/* Initialize the target. */
	33	static void
f05fa82a	34	init(struct xt_entry_target *t)
146aa677 TJ	35	{
	36	struct ipt_acc_info accountinfo = (struct ipt_acc_info )t->data;
	37
	38	accountinfo->table_nr = -1;
146aa677 TJ	39	}
	40
	41	#define IPT_ACCOUNT_OPT_ADDR 0x01
	42	#define IPT_ACCOUNT_OPT_TABLE 0x02
	43
	44	/* Function which parses command options; returns true if it
	45	ate an option */
f05fa82a TJ	46
	47	static int parse(int c, char *argv, int invert, unsigned int flags,
	48	const void entry, struct xt_entry_target *target)
146aa677 TJ	49	{
	50	struct ipt_acc_info accountinfo = (struct ipt_acc_info )(*target)->data;
	51	struct in_addr *addrs = NULL, mask;
	52	unsigned int naddrs = 0;
	53
	54	switch (c) {
	55	case 'a':
	56	if (*flags & IPT_ACCOUNT_OPT_ADDR)
	57	exit_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
	58	opts[0].name);
	59
	60	if (check_inverse(optarg, &invert, NULL, 0))
	61	exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
	62	opts[0].name);
	63
	64	//loginfo->level = parse_level(optarg);
	65	parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);
f05fa82a	66
146aa677 TJ	67	if (naddrs > 1)
146aa677 TJ	68	exit_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");
f05fa82a	69
146aa677 TJ	70	accountinfo->net_ip = addrs[0].s_addr;
146aa677 TJ	71	accountinfo->net_mask = mask.s_addr;
f05fa82a	72
146aa677 TJ	73	*flags \|= IPT_ACCOUNT_OPT_ADDR;
	74	break;
	75
	76	case 't':
	77	if (*flags & IPT_ACCOUNT_OPT_TABLE)
	78	exit_error(PARAMETER_PROBLEM,
	79	"Can't specify --%s twice", opts[1].name);
	80
	81	if (check_inverse(optarg, &invert, NULL, 0))
	82	exit_error(PARAMETER_PROBLEM,
	83	"Unexpected `!' after --%s", opts[1].name);
	84
	85	if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
	86	exit_error(PARAMETER_PROBLEM,
	87	"Maximum table name length %u for --%s",
	88	ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);
	89
	90	strcpy(accountinfo->table_name, optarg);
	91	*flags \|= IPT_ACCOUNT_OPT_TABLE;
	92	break;
f05fa82a	93
146aa677 TJ	94	default:
	95	return 0;
	96	}
	97	return 1;
	98	}
	99
	100	/* Final check; nothing. */
	101	static void final_check(unsigned int flags)
	102	{
	103	if (!(flags&IPT_ACCOUNT_OPT_ADDR) \|\| !(flags&IPT_ACCOUNT_OPT_TABLE))
	104	exit_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
	105	opts[0].name, opts[1].name);
	106	}
	107
f05fa82a TJ	108	static void print_it(const void *ip,
f05fa82a TJ	109	const struct xt_entry_target *target, char do_prefix)
146aa677 TJ	110	{
	111	const struct ipt_acc_info *accountinfo
	112	= (const struct ipt_acc_info *)target->data;
	113	struct in_addr a;
	114
	115	if (!do_prefix)
	116	printf("ACCOUNT ");
f05fa82a	117
146aa677 TJ	118	// Network information
146aa677 TJ	119	if (do_prefix)
f05fa82a	120	printf("--");
146aa677	121	printf("%s ", opts[0].name);
f05fa82a	122
146aa677 TJ	123	a.s_addr = accountinfo->net_ip;
	124	printf("%s", addr_to_dotted(&a));
	125	a.s_addr = accountinfo->net_mask;
	126	printf("%s", mask_to_dotted(&a));
	127
	128	printf(" ");
	129	if (do_prefix)
f05fa82a	130	printf("--");
146aa677 TJ	131
	132	printf("%s %s", opts[1].name, accountinfo->table_name);
	133	}
	134
f05fa82a	135
146aa677	136	static void
f05fa82a TJ	137	print(const void *ip,
f05fa82a TJ	138	const struct xt_entry_target *target,
146aa677 TJ	139	int numeric)
	140	{
	141	print_it (ip, target, 0);
	142	}
	143
	144	/* Saves the union ipt_targinfo in parsable form to stdout. */
	145	static void
f05fa82a	146	save(const void ip, const struct xt_entry_target target)
146aa677 TJ	147	{
	148	print_it(ip, target, 1);
	149	}
	150
	151	static
	152	struct iptables_target account
	153	= {
	154	.next = NULL,
	155	.name = "ACCOUNT",
	156	.version = IPTABLES_VERSION,
	157	.size = IPT_ALIGN(sizeof(struct ipt_acc_info)),
e8bd93ad	158	.userspacesize = offsetof(struct ipt_acc_info, table_nr),
146aa677 TJ	159	.help = &help,
	160	.init = &init,
	161	.parse = &parse,
	162	.final_check = &final_check,
	163	.print = &print,
	164	.save = &save,
	165	.extra_opts = opts
	166	};
	167
	168	void _init(void)
	169	{
	170	register_target(&account);
	171	}