[ipt_ACCOUNT] / iptables / extensions / libipt_ACCOUNT.c

/* Shared library add-on to iptables to add ACCOUNT(ing) support.
   Author: Intra2net AG <opensource@intra2net.com>
*/

#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <syslog.h>
#include <getopt.h>
#include <stddef.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>

static struct option opts[] = {
    { .name = "addr",        .has_arg = 1, .flag = 0, .val = 'a' },
    { .name = "tname",       .has_arg = 1, .flag = 0, .val = 't' },
    { .name = 0 }
};

/* Compat glue for iptables 1.4.0 */
#ifndef XTABLES_VERSION
#define XTABLES_VERSION IPTABLES_VERSION
#endif

/* Function which prints out usage message. */
static void help(void)
{
    printf(
"ACCOUNT v%s options:\n"
" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
" --%s name\t\t\tTable name for the userspace library\n",
XTABLES_VERSION, opts[0].name, opts[1].name);
}

/* Initialize the target. */
static void
init(struct xt_entry_target *t)
{
    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)t->data;

    accountinfo->table_nr = -1;
}

#define IPT_ACCOUNT_OPT_ADDR 0x01
#define IPT_ACCOUNT_OPT_TABLE 0x02

/* Function which parses command options; returns true if it
   ate an option */

static int parse(int c, char **argv, int invert, unsigned int *flags,
                     const void *entry, struct xt_entry_target **target)
{
    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)(*target)->data;
    struct in_addr *addrs = NULL, mask;
    unsigned int naddrs = 0;

    switch (c) {
    case 'a':
        if (*flags & IPT_ACCOUNT_OPT_ADDR)
                xtables_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
                            opts[0].name);

        if (xtables_check_inverse(optarg, &invert, NULL, 0))
                xtables_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
                            opts[0].name);

#ifdef XTABLES_VERSION_CODE
        xtables_ipparse_any(optarg, &addrs, &mask, &naddrs);
#else
        parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);
#endif

        if (naddrs > 1)
                xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");

        accountinfo->net_ip = addrs[0].s_addr;
        accountinfo->net_mask = mask.s_addr;

        *flags |= IPT_ACCOUNT_OPT_ADDR;
        break;

    case 't':
            if (*flags & IPT_ACCOUNT_OPT_TABLE)
                    xtables_error(PARAMETER_PROBLEM,
                                "Can't specify --%s twice", opts[1].name);

            if (xtables_check_inverse(optarg, &invert, NULL, 0))
                    xtables_error(PARAMETER_PROBLEM,
                                "Unexpected `!' after --%s", opts[1].name);

            if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
                    xtables_error(PARAMETER_PROBLEM,
                                "Maximum table name length %u for --%s",
                                ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);

            strcpy(accountinfo->table_name, optarg);
            *flags |= IPT_ACCOUNT_OPT_TABLE;
            break;

    default:
            return 0;
    }
    return 1;
}

/* Final check; nothing. */
static void final_check(unsigned int flags)
{
    if (!(flags&IPT_ACCOUNT_OPT_ADDR) || !(flags&IPT_ACCOUNT_OPT_TABLE))
        xtables_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
                    opts[0].name, opts[1].name);
}

static const char *print_helper_ip(struct in_addr a)
{
#ifdef XTABLES_VERSION_CODE
    return xtables_ipaddr_to_numeric(&a);
#else
    return addr_to_dotted(&a);
#endif
}

static const char *print_helper_mask(struct in_addr a)
{
#ifdef XTABLES_VERSION_CODE
    return xtables_ipmask_to_numeric(&a);
#else
    return mask_to_dotted(&a);
#endif
}

static void print_it(const void *ip,
                     const struct xt_entry_target *target, char do_prefix)
{
    const struct ipt_acc_info *accountinfo
        = (const struct ipt_acc_info *)target->data;
    struct in_addr a;

    if (!do_prefix)
        printf("ACCOUNT ");

    // Network information
    if (do_prefix)
        printf("--");
    printf("%s ", opts[0].name);

    a.s_addr = accountinfo->net_ip;	
    printf("%s", print_helper_ip(a));
    a.s_addr = accountinfo->net_mask;
    printf("%s", print_helper_mask(a));

    printf(" ");
    if (do_prefix)
        printf("--");

    printf("%s %s", opts[1].name, accountinfo->table_name);
}


static void
print(const void *ip,
      const struct xt_entry_target *target,
      int numeric)
{
    print_it (ip, target, 0);
}

/* Saves the union ipt_targinfo in parsable form to stdout. */
static void
save(const void *ip, const struct xt_entry_target *target)
{
    print_it(ip, target, 1);
}

static
struct xtables_target account
= {
    .next          = NULL,
    .name          = "ACCOUNT",
    .family        = AF_INET,
    .version       = XTABLES_VERSION,
    .size          = IPT_ALIGN(sizeof(struct ipt_acc_info)),
    .userspacesize = offsetof(struct ipt_acc_info, table_nr),
    .help          = &help,
    .init          = &init,
    .parse         = &parse,
    .final_check   = &final_check,
    .print         = &print,
    .save          = &save,
    .extra_opts    = opts
};

void _init(void)
{
    xtables_register_target(&account);
}
Commit	Line	Data
146aa677 TJ	1	/* Shared library add-on to iptables to add ACCOUNT(ing) support.
	2	Author: Intra2net AG <opensource@intra2net.com>
	3	*/
	4
	5	#include <stdio.h>
	6	#include <netdb.h>
	7	#include <string.h>
	8	#include <stdlib.h>
	9	#include <syslog.h>
	10	#include <getopt.h>
e8bd93ad	11	#include <stddef.h>
146aa677 TJ	12	#include <iptables.h>
	13	#include <linux/netfilter_ipv4/ip_tables.h>
	14	#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>
	15
	16	static struct option opts[] = {
	17	{ .name = "addr", .has_arg = 1, .flag = 0, .val = 'a' },
	18	{ .name = "tname", .has_arg = 1, .flag = 0, .val = 't' },
	19	{ .name = 0 }
	20	};
	21
3843f704 TJ	22	/* Compat glue for iptables 1.4.0 */
	23	#ifndef XTABLES_VERSION
	24	#define XTABLES_VERSION IPTABLES_VERSION
	25	#endif
	26
146aa677 TJ	27	/* Function which prints out usage message. */
	28	static void help(void)
	29	{
	30	printf(
	31	"ACCOUNT v%s options:\n"
	32	" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
	33	" --%s name\t\t\tTable name for the userspace library\n",
3843f704	34	XTABLES_VERSION, opts[0].name, opts[1].name);
146aa677 TJ	35	}
	36
	37	/* Initialize the target. */
	38	static void
f05fa82a	39	init(struct xt_entry_target *t)
146aa677 TJ	40	{
	41	struct ipt_acc_info accountinfo = (struct ipt_acc_info )t->data;
	42
	43	accountinfo->table_nr = -1;
146aa677 TJ	44	}
	45
	46	#define IPT_ACCOUNT_OPT_ADDR 0x01
	47	#define IPT_ACCOUNT_OPT_TABLE 0x02
	48
	49	/* Function which parses command options; returns true if it
	50	ate an option */
f05fa82a TJ	51
	52	static int parse(int c, char *argv, int invert, unsigned int flags,
	53	const void entry, struct xt_entry_target *target)
146aa677 TJ	54	{
	55	struct ipt_acc_info accountinfo = (struct ipt_acc_info )(*target)->data;
	56	struct in_addr *addrs = NULL, mask;
	57	unsigned int naddrs = 0;
	58
	59	switch (c) {
	60	case 'a':
	61	if (*flags & IPT_ACCOUNT_OPT_ADDR)
fb4dd1a0	62	xtables_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
146aa677 TJ	63	opts[0].name);
146aa677 TJ	64
fb4dd1a0 TJ	65	if (xtables_check_inverse(optarg, &invert, NULL, 0))
fb4dd1a0 TJ	66	xtables_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
146aa677 TJ	67	opts[0].name);
146aa677 TJ	68
3843f704	69	#ifdef XTABLES_VERSION_CODE
fb4dd1a0	70	xtables_ipparse_any(optarg, &addrs, &mask, &naddrs);
3843f704	71	#else
146aa677	72	parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);
3843f704	73	#endif
f05fa82a	74
146aa677	75	if (naddrs > 1)
fb4dd1a0	76	xtables_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");
f05fa82a	77
146aa677 TJ	78	accountinfo->net_ip = addrs[0].s_addr;
146aa677 TJ	79	accountinfo->net_mask = mask.s_addr;
f05fa82a	80
146aa677 TJ	81	*flags \|= IPT_ACCOUNT_OPT_ADDR;
	82	break;
	83
	84	case 't':
	85	if (*flags & IPT_ACCOUNT_OPT_TABLE)
fb4dd1a0	86	xtables_error(PARAMETER_PROBLEM,
146aa677 TJ	87	"Can't specify --%s twice", opts[1].name);
146aa677 TJ	88
fb4dd1a0 TJ	89	if (xtables_check_inverse(optarg, &invert, NULL, 0))
fb4dd1a0 TJ	90	xtables_error(PARAMETER_PROBLEM,
146aa677 TJ	91	"Unexpected `!' after --%s", opts[1].name);
	92
	93	if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
fb4dd1a0	94	xtables_error(PARAMETER_PROBLEM,
146aa677 TJ	95	"Maximum table name length %u for --%s",
	96	ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);
	97
	98	strcpy(accountinfo->table_name, optarg);
	99	*flags \|= IPT_ACCOUNT_OPT_TABLE;
	100	break;
f05fa82a	101
146aa677 TJ	102	default:
	103	return 0;
	104	}
	105	return 1;
	106	}
	107
	108	/* Final check; nothing. */
	109	static void final_check(unsigned int flags)
	110	{
	111	if (!(flags&IPT_ACCOUNT_OPT_ADDR) \|\| !(flags&IPT_ACCOUNT_OPT_TABLE))
fb4dd1a0	112	xtables_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
146aa677 TJ	113	opts[0].name, opts[1].name);
	114	}
	115
3843f704 TJ	116	static const char *print_helper_ip(struct in_addr a)
	117	{
	118	#ifdef XTABLES_VERSION_CODE
fb4dd1a0	119	return xtables_ipaddr_to_numeric(&a);
3843f704 TJ	120	#else
	121	return addr_to_dotted(&a);
	122	#endif
	123	}
	124
	125	static const char *print_helper_mask(struct in_addr a)
	126	{
	127	#ifdef XTABLES_VERSION_CODE
fb4dd1a0	128	return xtables_ipmask_to_numeric(&a);
3843f704 TJ	129	#else
	130	return mask_to_dotted(&a);
	131	#endif
	132	}
	133
f05fa82a TJ	134	static void print_it(const void *ip,
f05fa82a TJ	135	const struct xt_entry_target *target, char do_prefix)
146aa677 TJ	136	{
	137	const struct ipt_acc_info *accountinfo
	138	= (const struct ipt_acc_info *)target->data;
	139	struct in_addr a;
	140
	141	if (!do_prefix)
	142	printf("ACCOUNT ");
f05fa82a	143
146aa677 TJ	144	// Network information
146aa677 TJ	145	if (do_prefix)
f05fa82a	146	printf("--");
146aa677	147	printf("%s ", opts[0].name);
f05fa82a	148
146aa677	149	a.s_addr = accountinfo->net_ip;
3843f704	150	printf("%s", print_helper_ip(a));
146aa677	151	a.s_addr = accountinfo->net_mask;
3843f704	152	printf("%s", print_helper_mask(a));
146aa677 TJ	153
	154	printf(" ");
	155	if (do_prefix)
f05fa82a	156	printf("--");
146aa677 TJ	157
	158	printf("%s %s", opts[1].name, accountinfo->table_name);
	159	}
	160
f05fa82a	161
146aa677	162	static void
f05fa82a TJ	163	print(const void *ip,
f05fa82a TJ	164	const struct xt_entry_target *target,
146aa677 TJ	165	int numeric)
	166	{
	167	print_it (ip, target, 0);
	168	}
	169
	170	/* Saves the union ipt_targinfo in parsable form to stdout. */
	171	static void
f05fa82a	172	save(const void ip, const struct xt_entry_target target)
146aa677 TJ	173	{
	174	print_it(ip, target, 1);
	175	}
	176
	177	static
3843f704	178	struct xtables_target account
146aa677 TJ	179	= {
	180	.next = NULL,
	181	.name = "ACCOUNT",
9491a5f5	182	.family = AF_INET,
3843f704	183	.version = XTABLES_VERSION,
146aa677	184	.size = IPT_ALIGN(sizeof(struct ipt_acc_info)),
e8bd93ad	185	.userspacesize = offsetof(struct ipt_acc_info, table_nr),
146aa677 TJ	186	.help = &help,
	187	.init = &init,
	188	.parse = &parse,
	189	.final_check = &final_check,
	190	.print = &print,
	191	.save = &save,
	192	.extra_opts = opts
	193	};
	194
	195	void _init(void)
	196	{
3843f704	197	xtables_register_target(&account);
146aa677	198	}