[ipt_ACCOUNT] / iptables.patch

diff -u -r -p --new-file iptables-1.3.6/extensions/libipt_ACCOUNT.c iptables.ACCOUNT/extensions/libipt_ACCOUNT.c
--- iptables-1.3.6/extensions/libipt_ACCOUNT.c	1970-01-01 01:00:00.000000000 +0100
+++ iptables.ACCOUNT/extensions/libipt_ACCOUNT.c	2006-10-26 12:17:57.000000000 +0200
@@ -0,0 +1,174 @@
+/* Shared library add-on to iptables to add ACCOUNT(ing) support.
+   Author: Intra2net AG <opensource@intra2net.com>
+*/
+
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <getopt.h>
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>
+
+static struct option opts[] = {
+    { .name = "addr",        .has_arg = 1, .flag = 0, .val = 'a' },
+    { .name = "tname",       .has_arg = 1, .flag = 0, .val = 't' },
+    { .name = 0 }
+};
+
+/* Function which prints out usage message. */
+static void help(void)
+{
+    printf(
+"ACCOUNT v%s options:\n"
+" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
+" --%s name\t\t\tTable name for the userspace library\n",
+IPTABLES_VERSION, opts[0].name, opts[1].name);
+}
+
+/* Initialize the target. */
+static void
+init(struct ipt_entry_target *t, unsigned int *nfcache)
+{
+    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)t->data;
+
+    accountinfo->table_nr = -1;
+
+    /* Can't cache this */
+    *nfcache |= NFC_UNKNOWN;
+}
+
+#define IPT_ACCOUNT_OPT_ADDR 0x01
+#define IPT_ACCOUNT_OPT_TABLE 0x02
+
+/* Function which parses command options; returns true if it
+   ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ipt_entry *entry,
+      struct ipt_entry_target **target)
+{
+    struct ipt_acc_info *accountinfo = (struct ipt_acc_info *)(*target)->data;
+    struct in_addr *addrs = NULL, mask;
+    unsigned int naddrs = 0;
+
+    switch (c) {
+    case 'a':
+        if (*flags & IPT_ACCOUNT_OPT_ADDR)
+                exit_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
+                            opts[0].name);
+
+        if (check_inverse(optarg, &invert, NULL, 0))
+                exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
+                            opts[0].name);
+
+        //loginfo->level = parse_level(optarg);
+        parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);
+        
+        if (naddrs > 1)
+                exit_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");
+        
+        accountinfo->net_ip = addrs[0].s_addr;
+        accountinfo->net_mask = mask.s_addr;
+                
+        *flags |= IPT_ACCOUNT_OPT_ADDR;
+        break;
+
+    case 't':
+            if (*flags & IPT_ACCOUNT_OPT_TABLE)
+                    exit_error(PARAMETER_PROBLEM,
+                                "Can't specify --%s twice", opts[1].name);
+
+            if (check_inverse(optarg, &invert, NULL, 0))
+                    exit_error(PARAMETER_PROBLEM,
+                                "Unexpected `!' after --%s", opts[1].name);
+
+            if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
+                    exit_error(PARAMETER_PROBLEM,
+                                "Maximum table name length %u for --%s",
+                                ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);
+
+            strcpy(accountinfo->table_name, optarg);
+            *flags |= IPT_ACCOUNT_OPT_TABLE;
+            break;
+    
+    default:
+            return 0;
+    }
+    return 1;
+}
+
+/* Final check; nothing. */
+static void final_check(unsigned int flags)
+{
+    if (!(flags&IPT_ACCOUNT_OPT_ADDR) || !(flags&IPT_ACCOUNT_OPT_TABLE))
+        exit_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
+                    opts[0].name, opts[1].name);
+}
+
+static void print_it(const struct ipt_ip *ip,
+                     const struct ipt_entry_target *target, char do_prefix)
+{
+    const struct ipt_acc_info *accountinfo
+        = (const struct ipt_acc_info *)target->data;
+    struct in_addr a;
+
+    if (!do_prefix)
+        printf("ACCOUNT ");
+    
+    // Network information
+    if (do_prefix)
+	printf("--");
+    printf("%s ", opts[0].name);
+    
+    a.s_addr = accountinfo->net_ip;	
+    printf("%s", addr_to_dotted(&a));
+    a.s_addr = accountinfo->net_mask;
+    printf("%s", mask_to_dotted(&a));
+
+    printf(" ");
+    if (do_prefix)
+	printf("--");
+
+    printf("%s %s", opts[1].name, accountinfo->table_name);
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ipt_ip *ip,
+      const struct ipt_entry_target *target,
+      int numeric)
+{
+    print_it (ip, target, 0);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+{
+    print_it(ip, target, 1);
+}
+
+static
+struct iptables_target account
+= {
+    .next          = NULL,
+    .name          = "ACCOUNT",
+    .version       = IPTABLES_VERSION,
+    .size          = IPT_ALIGN(sizeof(struct ipt_acc_info)),
+    .userspacesize = IPT_ALIGN(sizeof(struct ipt_acc_info)),
+    .help          = &help,
+    .init          = &init,
+    .parse         = &parse,
+    .final_check   = &final_check,
+    .print         = &print,
+    .save          = &save,
+    .extra_opts    = opts
+};
+
+void _init(void)
+{
+    register_target(&account);
+}
diff -u -r -p --new-file iptables-1.3.6/extensions/Makefile iptables.ACCOUNT/extensions/Makefile
--- iptables-1.3.6/extensions/Makefile	2006-09-28 18:40:32.000000000 +0200
+++ iptables.ACCOUNT/extensions/Makefile	2007-02-09 11:31:24.000000000 +0100
@@ -5,7 +5,7 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean ACCOUNT CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
 PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
 
 ifeq ($(DO_SELINUX), 1)
Commit	Line	Data
	1	diff -u -r -p --new-file iptables-1.3.6/extensions/libipt_ACCOUNT.c iptables.ACCOUNT/extensions/libipt_ACCOUNT.c
	2	--- iptables-1.3.6/extensions/libipt_ACCOUNT.c 1970-01-01 01:00:00.000000000 +0100
	3	+++ iptables.ACCOUNT/extensions/libipt_ACCOUNT.c 2006-10-26 12:17:57.000000000 +0200
	4	@@ -0,0 +1,174 @@
	5	+/* Shared library add-on to iptables to add ACCOUNT(ing) support.
	6	+ Author: Intra2net AG <opensource@intra2net.com>
	7	+*/
	8	+
	9	+#include <stdio.h>
	10	+#include <netdb.h>
	11	+#include <string.h>
	12	+#include <stdlib.h>
	13	+#include <syslog.h>
	14	+#include <getopt.h>
	15	+#include <iptables.h>
	16	+#include <linux/netfilter_ipv4/ip_tables.h>
	17	+#include <linux/netfilter_ipv4/ipt_ACCOUNT.h>
	18	+
	19	+static struct option opts[] = {
	20	+ { .name = "addr", .has_arg = 1, .flag = 0, .val = 'a' },
	21	+ { .name = "tname", .has_arg = 1, .flag = 0, .val = 't' },
	22	+ { .name = 0 }
	23	+};
	24	+
	25	+/* Function which prints out usage message. */
	26	+static void help(void)
	27	+{
	28	+ printf(
	29	+"ACCOUNT v%s options:\n"
	30	+" --%s ip/netmask\t\tBase network IP and netmask used for this table\n"
	31	+" --%s name\t\t\tTable name for the userspace library\n",
	32	+IPTABLES_VERSION, opts[0].name, opts[1].name);
	33	+}
	34	+
	35	+/* Initialize the target. */
	36	+static void
	37	+init(struct ipt_entry_target t, unsigned int nfcache)
	38	+{
	39	+ struct ipt_acc_info accountinfo = (struct ipt_acc_info )t->data;
	40	+
	41	+ accountinfo->table_nr = -1;
	42	+
	43	+ /* Can't cache this */
	44	+ *nfcache \|= NFC_UNKNOWN;
	45	+}
	46	+
	47	+#define IPT_ACCOUNT_OPT_ADDR 0x01
	48	+#define IPT_ACCOUNT_OPT_TABLE 0x02
	49	+
	50	+/* Function which parses command options; returns true if it
	51	+ ate an option */
	52	+static int
	53	+parse(int c, char *argv, int invert, unsigned int flags,
	54	+ const struct ipt_entry *entry,
	55	+ struct ipt_entry_target **target)
	56	+{
	57	+ struct ipt_acc_info accountinfo = (struct ipt_acc_info )(*target)->data;
	58	+ struct in_addr *addrs = NULL, mask;
	59	+ unsigned int naddrs = 0;
	60	+
	61	+ switch (c) {
	62	+ case 'a':
	63	+ if (*flags & IPT_ACCOUNT_OPT_ADDR)
	64	+ exit_error(PARAMETER_PROBLEM, "Can't specify --%s twice",
	65	+ opts[0].name);
	66	+
	67	+ if (check_inverse(optarg, &invert, NULL, 0))
	68	+ exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --%s",
	69	+ opts[0].name);
	70	+
	71	+ //loginfo->level = parse_level(optarg);
	72	+ parse_hostnetworkmask(optarg, &addrs, &mask, &naddrs);
	73	+
	74	+ if (naddrs > 1)
	75	+ exit_error(PARAMETER_PROBLEM, "multiple IP addresses not allowed");
	76	+
	77	+ accountinfo->net_ip = addrs[0].s_addr;
	78	+ accountinfo->net_mask = mask.s_addr;
	79	+
	80	+ *flags \|= IPT_ACCOUNT_OPT_ADDR;
	81	+ break;
	82	+
	83	+ case 't':
	84	+ if (*flags & IPT_ACCOUNT_OPT_TABLE)
	85	+ exit_error(PARAMETER_PROBLEM,
	86	+ "Can't specify --%s twice", opts[1].name);
	87	+
	88	+ if (check_inverse(optarg, &invert, NULL, 0))
	89	+ exit_error(PARAMETER_PROBLEM,
	90	+ "Unexpected `!' after --%s", opts[1].name);
	91	+
	92	+ if (strlen(optarg) > ACCOUNT_TABLE_NAME_LEN - 1)
	93	+ exit_error(PARAMETER_PROBLEM,
	94	+ "Maximum table name length %u for --%s",
	95	+ ACCOUNT_TABLE_NAME_LEN - 1, opts[1].name);
	96	+
	97	+ strcpy(accountinfo->table_name, optarg);
	98	+ *flags \|= IPT_ACCOUNT_OPT_TABLE;
	99	+ break;
	100	+
	101	+ default:
	102	+ return 0;
	103	+ }
	104	+ return 1;
	105	+}
	106	+
	107	+/* Final check; nothing. */
	108	+static void final_check(unsigned int flags)
	109	+{
	110	+ if (!(flags&IPT_ACCOUNT_OPT_ADDR) \|\| !(flags&IPT_ACCOUNT_OPT_TABLE))
	111	+ exit_error(PARAMETER_PROBLEM, "ACCOUNT: needs --%s and --%s",
	112	+ opts[0].name, opts[1].name);
	113	+}
	114	+
	115	+static void print_it(const struct ipt_ip *ip,
	116	+ const struct ipt_entry_target *target, char do_prefix)
	117	+{
	118	+ const struct ipt_acc_info *accountinfo
	119	+ = (const struct ipt_acc_info *)target->data;
	120	+ struct in_addr a;
	121	+
	122	+ if (!do_prefix)
	123	+ printf("ACCOUNT ");
	124	+
	125	+ // Network information
	126	+ if (do_prefix)
	127	+ printf("--");
	128	+ printf("%s ", opts[0].name);
	129	+
	130	+ a.s_addr = accountinfo->net_ip;
	131	+ printf("%s", addr_to_dotted(&a));
	132	+ a.s_addr = accountinfo->net_mask;
	133	+ printf("%s", mask_to_dotted(&a));
	134	+
	135	+ printf(" ");
	136	+ if (do_prefix)
	137	+ printf("--");
	138	+
	139	+ printf("%s %s", opts[1].name, accountinfo->table_name);
	140	+}
	141	+
	142	+/* Prints out the targinfo. */
	143	+static void
	144	+print(const struct ipt_ip *ip,
	145	+ const struct ipt_entry_target *target,
	146	+ int numeric)
	147	+{
	148	+ print_it (ip, target, 0);
	149	+}
	150	+
	151	+/* Saves the union ipt_targinfo in parsable form to stdout. */
	152	+static void
	153	+save(const struct ipt_ip ip, const struct ipt_entry_target target)
	154	+{
	155	+ print_it(ip, target, 1);
	156	+}
	157	+
	158	+static
	159	+struct iptables_target account
	160	+= {
	161	+ .next = NULL,
	162	+ .name = "ACCOUNT",
	163	+ .version = IPTABLES_VERSION,
	164	+ .size = IPT_ALIGN(sizeof(struct ipt_acc_info)),
	165	+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_acc_info)),
	166	+ .help = &help,
	167	+ .init = &init,
	168	+ .parse = &parse,
	169	+ .final_check = &final_check,
	170	+ .print = &print,
	171	+ .save = &save,
	172	+ .extra_opts = opts
	173	+};
	174	+
	175	+void _init(void)
	176	+{
	177	+ register_target(&account);
	178	+}
	179	diff -u -r -p --new-file iptables-1.3.6/extensions/Makefile iptables.ACCOUNT/extensions/Makefile
	180	--- iptables-1.3.6/extensions/Makefile 2006-09-28 18:40:32.000000000 +0200
	181	+++ iptables.ACCOUNT/extensions/Makefile 2007-02-09 11:31:24.000000000 +0100
	182	@@ -5,7 +5,7 @@
	183	# header files are present in the include/linux directory of this iptables
	184	# package (HW)
	185	#
	186	-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
	187	+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean ACCOUNT CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
	188	PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
	189
	190	ifeq ($(DO_SELINUX), 1)