From fea3814c696b7c93990d2a6325e8ca777f55914f Mon Sep 17 00:00:00 2001 From: "/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org" Date: Tue, 31 Jul 2007 16:47:38 +0000 Subject: Moves libip{,6}t_connlimit to libxt. Also fixes an option parsing bug (connlimit_parse() may receive a 'c' that is not from the connlimit options table). Signed-off-by: Jan Engelhardt --- extensions/libipt_connlimit.c | 128 ------------------------------------------ 1 file changed, 128 deletions(-) delete mode 100644 extensions/libipt_connlimit.c (limited to 'extensions/libipt_connlimit.c') diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c deleted file mode 100644 index f6d1039..0000000 --- a/extensions/libipt_connlimit.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Shared library add-on to iptables to add connection limit support. */ -#include -#include -#include -#include -#include -#include -#include -#include "../include/linux/netfilter/xt_connlimit.h" - -/* Function which prints out usage message. */ -static void connlimit_help(void) -{ - printf( -"connlimit v%s options:\n" -"[!] --connlimit-above n match if the number of existing " -" connections is (not) above n\n" -" --connlimit-mask n group hosts using mask\n" -"\n", IPTABLES_VERSION); -} - -static const struct option connlimit_opts[] = { - {"connlimit-above", 1, NULL, 1}, - {"connlimit-mask", 1, NULL, 2}, - {NULL}, -}; - -static void connlimit_init(struct ipt_entry_match *match, unsigned int *nfc) -{ - struct xt_connlimit_info *info = (void *)match->data; - info->v4_mask = 0xFFFFFFFF; -} - -static int connlimit_parse(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - unsigned int *nfcache, - struct ipt_entry_match **match) -{ - struct xt_connlimit_info *info = (void *)(*match)->data; - char *err; - int i; - - if (*flags & c) - exit_error(PARAMETER_PROBLEM, - "--connlimit-above and/or --connlimit-mask may " - "only be given once"); - - switch (c) { - case 1: - check_inverse(optarg, &invert, &optind, 0); - info->limit = strtoul(argv[optind-1], NULL, 0); - info->inverse = invert; - break; - case 2: - i = strtoul(argv[optind-1], &err, 0); - if (i > 32 || *err != '\0') - exit_error(PARAMETER_PROBLEM, - "--connlimit-mask must be between 0 and 32"); - if (i == 0) - info->v4_mask = 0; - else - info->v4_mask = htonl(0xFFFFFFFF << (32 - i)); - break; - default: - return 0; - } - - *flags |= c; - return 1; -} - -/* Final check */ -static void connlimit_check(unsigned int flags) -{ - if (!(flags & 1)) - exit_error(PARAMETER_PROBLEM, - "You must specify \"--connlimit-above\""); -} - -static unsigned int count_bits(u_int32_t mask) -{ - unsigned int bits = 0; - - for (mask = ~ntohl(mask); mask != 0; mask >>= 1) - ++bits; - - return 32 - bits; -} - -/* Prints out the matchinfo. */ -static void connlimit_print(const struct ipt_ip *ip, - const struct ipt_entry_match *match, int numeric) -{ - const struct xt_connlimit_info *info = (const void *)match->data; - - printf("#conn/%u %s %u ", count_bits(info->v4_mask), - info->inverse ? "<" : ">", info->limit); -} - -/* Saves the matchinfo in parsable form to stdout. */ -static void connlimit_save(const struct ipt_ip *ip, - const struct ipt_entry_match *match) -{ - const struct xt_connlimit_info *info = (const void *)match->data; - - printf("%s--connlimit-above %u --connlimit-mask %u ", - info->inverse ? "! " : "", info->limit, - count_bits(info->v4_mask)); -} - -static struct iptables_match connlimit_reg = { - .name = "connlimit", - .version = IPTABLES_VERSION, - .size = IPT_ALIGN(sizeof(struct xt_connlimit_info)), - .userspacesize = offsetof(struct xt_connlimit_info, data), - .help = connlimit_help, - .init = connlimit_init, - .parse = connlimit_parse, - .final_check = connlimit_check, - .print = connlimit_print, - .save = connlimit_save, - .extra_opts = connlimit_opts, -}; - -void _init(void) -{ - register_match(&connlimit_reg); -} -- cgit v1.2.3