From bc397495427db984ec8c0d5ebad8b31604bc4d61 Mon Sep 17 00:00:00 2001 From: "/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org" Date: Sat, 4 Aug 2007 08:28:23 +0000 Subject: Add IPv6 support to statistic match --- extensions/.statistic-test | 2 - extensions/.statistic-testx | 2 + extensions/libipt_statistic.c | 184 -------------------------------------- extensions/libxt_statistic.c | 200 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 202 insertions(+), 186 deletions(-) delete mode 100755 extensions/.statistic-test create mode 100755 extensions/.statistic-testx delete mode 100644 extensions/libipt_statistic.c create mode 100644 extensions/libxt_statistic.c diff --git a/extensions/.statistic-test b/extensions/.statistic-test deleted file mode 100755 index 843cb41..0000000 --- a/extensions/.statistic-test +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -[ -f $KERNEL_DIR/net/netfilter/xt_statistic.c -a -f $KERNEL_DIR/include/linux/netfilter/xt_statistic.h ] && echo statistic diff --git a/extensions/.statistic-testx b/extensions/.statistic-testx new file mode 100755 index 0000000..843cb41 --- /dev/null +++ b/extensions/.statistic-testx @@ -0,0 +1,2 @@ +#!/bin/sh +[ -f $KERNEL_DIR/net/netfilter/xt_statistic.c -a -f $KERNEL_DIR/include/linux/netfilter/xt_statistic.h ] && echo statistic diff --git a/extensions/libipt_statistic.c b/extensions/libipt_statistic.c deleted file mode 100644 index 2112259..0000000 --- a/extensions/libipt_statistic.c +++ /dev/null @@ -1,184 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include -#include - -static void -help(void) -{ - printf( -"statistic match v%s options:\n" -" --mode mode Match mode (random, nth)\n" -" random mode:\n" -" --probability p Probability\n" -" nth mode:\n" -" --every n Match every nth packet\n" -" --packet p Initial counter value (0 <= p <= n-1, default 0)\n" -"\n", -IPTABLES_VERSION); -} - -static const struct option opts[] = { - { "mode", 1, 0, '1' }, - { "probability", 1, 0, '2' }, - { "every", 1, 0, '3' }, - { "packet", 1, 0, '4' }, - { 0 } -}; - -static struct xt_statistic_info *info; - -static int -parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, - unsigned int *nfcache, - struct xt_entry_match **match) -{ - double prob; - - info = (void *)(*match)->data; - - if (invert) - info->flags |= XT_STATISTIC_INVERT; - - switch (c) { - case '1': - if (*flags & 0x1) - exit_error(PARAMETER_PROBLEM, "double --mode"); - if (!strcmp(optarg, "random")) - info->mode = XT_STATISTIC_MODE_RANDOM; - else if (!strcmp(optarg, "nth")) - info->mode = XT_STATISTIC_MODE_NTH; - else - exit_error(PARAMETER_PROBLEM, "Bad mode `%s'", optarg); - *flags |= 0x1; - break; - case '2': - if (*flags & 0x2) - exit_error(PARAMETER_PROBLEM, "double --probability"); - prob = atof(optarg); - if (prob < 0 || prob > 1) - exit_error(PARAMETER_PROBLEM, - "--probability must be between 0 and 1"); - info->u.random.probability = 0x80000000 * prob; - *flags |= 0x2; - break; - case '3': - if (*flags & 0x4) - exit_error(PARAMETER_PROBLEM, "double --every"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, - &info->u.nth.every) == -1) - exit_error(PARAMETER_PROBLEM, - "cannot parse --every `%s'", optarg); - if (info->u.nth.every == 0) - exit_error(PARAMETER_PROBLEM, "--every cannot be 0"); - info->u.nth.every--; - *flags |= 0x4; - break; - case '4': - if (*flags & 0x8) - exit_error(PARAMETER_PROBLEM, "double --packet"); - if (string_to_number(optarg, 0, 0xFFFFFFFF, - &info->u.nth.packet) == -1) - exit_error(PARAMETER_PROBLEM, - "cannot parse --packet `%s'", optarg); - *flags |= 0x8; - break; - default: - return 0; - } - return 1; -} - -/* Final check; must have specified --mark. */ -static void -final_check(unsigned int flags) -{ - if (!(flags & 0x1)) - exit_error(PARAMETER_PROBLEM, "no mode specified"); - if ((flags & 0x2) && (flags & (0x4 | 0x8))) - exit_error(PARAMETER_PROBLEM, - "both nth and random parameters given"); - if (flags & 0x2 && info->mode != XT_STATISTIC_MODE_RANDOM) - exit_error(PARAMETER_PROBLEM, - "--probability can only be used in random mode"); - if (flags & 0x4 && info->mode != XT_STATISTIC_MODE_NTH) - exit_error(PARAMETER_PROBLEM, - "--every can only be used in nth mode"); - if (flags & 0x8 && info->mode != XT_STATISTIC_MODE_NTH) - exit_error(PARAMETER_PROBLEM, - "--packet can only be used in nth mode"); - if ((flags & 0x8) && !(flags & 0x4)) - exit_error(PARAMETER_PROBLEM, - "--packet can only be used with --every"); - /* at this point, info->u.nth.every have been decreased. */ - if (!(info->u.nth.packet >= 0 && info->u.nth.packet <= info->u.nth.every)) - exit_error(PARAMETER_PROBLEM, - "the --packet p must be 0 <= p <= n-1"); - - - info->u.nth.count = info->u.nth.every - info->u.nth.packet; -} - -/* Prints out the matchinfo. */ -static void print_match(const struct xt_statistic_info *info, char *prefix) -{ - if (info->flags & XT_STATISTIC_INVERT) - printf("! "); - - switch (info->mode) { - case XT_STATISTIC_MODE_RANDOM: - printf("%smode random %sprobability %f ", prefix, prefix, - 1.0 * info->u.random.probability / 0x80000000); - break; - case XT_STATISTIC_MODE_NTH: - printf("%smode nth %severy %u ", prefix, prefix, - info->u.nth.every + 1); - if (info->u.nth.packet) - printf("%spacket %u ", prefix, info->u.nth.packet); - break; - } -} - -static void -print(const void *ip, - const struct xt_entry_match *match, - int numeric) -{ - struct xt_statistic_info *info = (struct xt_statistic_info *)match->data; - - printf("statistic "); - print_match(info, ""); -} - -/* Saves the union ipt_matchinfo in parsable form to stdout. */ -static void -save(const void *ip, const struct xt_entry_match *match) -{ - struct xt_statistic_info *info = (struct xt_statistic_info *)match->data; - - print_match(info, "--"); -} - -static struct iptables_match statistic = { - .name = "statistic", - .version = IPTABLES_VERSION, - .size = IPT_ALIGN(sizeof(struct xt_statistic_info)), - .userspacesize = offsetof(struct xt_statistic_info, u.nth.count), - .help = help, - .parse = parse, - .final_check = final_check, - .print = print, - .save = save, - .extra_opts = opts -}; - -void _init(void) -{ - register_match(&statistic); -} diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c new file mode 100644 index 0000000..6f88c45 --- /dev/null +++ b/extensions/libxt_statistic.c @@ -0,0 +1,200 @@ +#include +#include +#include +#include +#include +#include + +#include +#include + +static void +help(void) +{ + printf( +"statistic match v%s options:\n" +" --mode mode Match mode (random, nth)\n" +" random mode:\n" +" --probability p Probability\n" +" nth mode:\n" +" --every n Match every nth packet\n" +" --packet p Initial counter value (0 <= p <= n-1, default 0)\n" +"\n", +IPTABLES_VERSION); +} + +static const struct option opts[] = { + { "mode", 1, 0, '1' }, + { "probability", 1, 0, '2' }, + { "every", 1, 0, '3' }, + { "packet", 1, 0, '4' }, + { 0 } +}; + +static struct xt_statistic_info *info; + +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, + unsigned int *nfcache, + struct xt_entry_match **match) +{ + double prob; + + info = (void *)(*match)->data; + + if (invert) + info->flags |= XT_STATISTIC_INVERT; + + switch (c) { + case '1': + if (*flags & 0x1) + exit_error(PARAMETER_PROBLEM, "double --mode"); + if (!strcmp(optarg, "random")) + info->mode = XT_STATISTIC_MODE_RANDOM; + else if (!strcmp(optarg, "nth")) + info->mode = XT_STATISTIC_MODE_NTH; + else + exit_error(PARAMETER_PROBLEM, "Bad mode `%s'", optarg); + *flags |= 0x1; + break; + case '2': + if (*flags & 0x2) + exit_error(PARAMETER_PROBLEM, "double --probability"); + prob = atof(optarg); + if (prob < 0 || prob > 1) + exit_error(PARAMETER_PROBLEM, + "--probability must be between 0 and 1"); + info->u.random.probability = 0x80000000 * prob; + *flags |= 0x2; + break; + case '3': + if (*flags & 0x4) + exit_error(PARAMETER_PROBLEM, "double --every"); + if (string_to_number(optarg, 0, 0xFFFFFFFF, + &info->u.nth.every) == -1) + exit_error(PARAMETER_PROBLEM, + "cannot parse --every `%s'", optarg); + if (info->u.nth.every == 0) + exit_error(PARAMETER_PROBLEM, "--every cannot be 0"); + info->u.nth.every--; + *flags |= 0x4; + break; + case '4': + if (*flags & 0x8) + exit_error(PARAMETER_PROBLEM, "double --packet"); + if (string_to_number(optarg, 0, 0xFFFFFFFF, + &info->u.nth.packet) == -1) + exit_error(PARAMETER_PROBLEM, + "cannot parse --packet `%s'", optarg); + *flags |= 0x8; + break; + default: + return 0; + } + return 1; +} + +/* Final check; must have specified --mark. */ +static void +final_check(unsigned int flags) +{ + if (!(flags & 0x1)) + exit_error(PARAMETER_PROBLEM, "no mode specified"); + if ((flags & 0x2) && (flags & (0x4 | 0x8))) + exit_error(PARAMETER_PROBLEM, + "both nth and random parameters given"); + if (flags & 0x2 && info->mode != XT_STATISTIC_MODE_RANDOM) + exit_error(PARAMETER_PROBLEM, + "--probability can only be used in random mode"); + if (flags & 0x4 && info->mode != XT_STATISTIC_MODE_NTH) + exit_error(PARAMETER_PROBLEM, + "--every can only be used in nth mode"); + if (flags & 0x8 && info->mode != XT_STATISTIC_MODE_NTH) + exit_error(PARAMETER_PROBLEM, + "--packet can only be used in nth mode"); + if ((flags & 0x8) && !(flags & 0x4)) + exit_error(PARAMETER_PROBLEM, + "--packet can only be used with --every"); + /* at this point, info->u.nth.every have been decreased. */ + if (!(info->u.nth.packet >= 0 && info->u.nth.packet <= info->u.nth.every)) + exit_error(PARAMETER_PROBLEM, + "the --packet p must be 0 <= p <= n-1"); + + + info->u.nth.count = info->u.nth.every - info->u.nth.packet; +} + +/* Prints out the matchinfo. */ +static void print_match(const struct xt_statistic_info *info, char *prefix) +{ + if (info->flags & XT_STATISTIC_INVERT) + printf("! "); + + switch (info->mode) { + case XT_STATISTIC_MODE_RANDOM: + printf("%smode random %sprobability %f ", prefix, prefix, + 1.0 * info->u.random.probability / 0x80000000); + break; + case XT_STATISTIC_MODE_NTH: + printf("%smode nth %severy %u ", prefix, prefix, + info->u.nth.every + 1); + if (info->u.nth.packet) + printf("%spacket %u ", prefix, info->u.nth.packet); + break; + } +} + +static void +print(const void *ip, + const struct xt_entry_match *match, + int numeric) +{ + struct xt_statistic_info *info = (struct xt_statistic_info *)match->data; + + printf("statistic "); + print_match(info, ""); +} + +/* Saves the union ipt_matchinfo in parsable form to stdout. */ +static void +save(const void *ip, const struct xt_entry_match *match) +{ + struct xt_statistic_info *info = (struct xt_statistic_info *)match->data; + + print_match(info, "--"); +} + +static struct xtables_match statistic = { + .family = AF_INET, + .name = "statistic", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_statistic_info)), + .userspacesize = offsetof(struct xt_statistic_info, u.nth.count), + .help = help, + .parse = parse, + .final_check = final_check, + .print = print, + .save = save, + .extra_opts = opts +}; + +static struct xtables_match statistic6 = { + .family = AF_INET6, + .name = "statistic", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_statistic_info)), + .userspacesize = offsetof(struct xt_statistic_info, u.nth.count), + .help = help, + .parse = parse, + .final_check = final_check, + .print = print, + .save = save, + .extra_opts = opts +}; + +void _init(void) +{ + xtables_register_match(&statistic); + xtables_register_match(&statistic6); +} -- cgit v1.2.3