diff options
author | Yasuyuki KOZAKAI <yasuyuki@netfilter.org> | 2007-08-04 08:19:38 +0000 |
---|---|---|
committer | Yasuyuki KOZAKAI <yasuyuki@netfilter.org> | 2007-08-04 08:19:38 +0000 |
commit | 9bbf867821db55bd6e109934b9aa871322405767 (patch) | |
tree | 3d79589d55ae44a039b79939c256cf4a570a0451 /extensions | |
parent | 8338c88a83ac3828459b36332d340cbaa8e0607f (diff) |
Revert commit 6990.
That log is not correct and .NF_LOG-testx has incorrect mode.
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/.NFLOG-test | 2 | ||||
-rw-r--r-- | extensions/.NFLOG-test6 | 2 | ||||
-rw-r--r-- | extensions/.NFLOG-testx | 2 | ||||
-rw-r--r-- | extensions/libip6t_NFLOG.c | 162 | ||||
-rw-r--r-- | extensions/libipt_NFLOG.c | 162 | ||||
-rw-r--r-- | extensions/libxt_NFLOG.c | 179 |
6 files changed, 328 insertions, 181 deletions
diff --git a/extensions/.NFLOG-test b/extensions/.NFLOG-test new file mode 100644 index 00000000..25f0dee7 --- /dev/null +++ b/extensions/.NFLOG-test @@ -0,0 +1,2 @@ +#! /bin/sh +[ -f $KERNEL_DIR/include/linux/netfilter/xt_NFLOG.h ] && echo NFLOG diff --git a/extensions/.NFLOG-test6 b/extensions/.NFLOG-test6 new file mode 100644 index 00000000..25f0dee7 --- /dev/null +++ b/extensions/.NFLOG-test6 @@ -0,0 +1,2 @@ +#! /bin/sh +[ -f $KERNEL_DIR/include/linux/netfilter/xt_NFLOG.h ] && echo NFLOG diff --git a/extensions/.NFLOG-testx b/extensions/.NFLOG-testx index 25f0dee7..e69de29b 100644 --- a/extensions/.NFLOG-testx +++ b/extensions/.NFLOG-testx @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter/xt_NFLOG.h ] && echo NFLOG diff --git a/extensions/libip6t_NFLOG.c b/extensions/libip6t_NFLOG.c new file mode 100644 index 00000000..42e20819 --- /dev/null +++ b/extensions/libip6t_NFLOG.c @@ -0,0 +1,162 @@ +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <getopt.h> +#include <ip6tables.h> + +#include <linux/netfilter_ipv6/ip6_tables.h> +#include <linux/netfilter/xt_NFLOG.h> + +enum { + NFLOG_GROUP = 0x1, + NFLOG_PREFIX = 0x2, + NFLOG_RANGE = 0x4, + NFLOG_THRESHOLD = 0x8, +}; + +static const struct option opts[] = { + { "nflog-group", 1, 0, NFLOG_GROUP }, + { "nflog-prefix", 1, 0, NFLOG_PREFIX }, + { "nflog-range", 1, 0, NFLOG_RANGE }, + { "nflog-threshold", 1, 0, NFLOG_THRESHOLD }, + {NULL}, +}; + +static void help(void) +{ + printf("NFLOG v%s options:\n" + " --nflog-group NUM NETLINK group used for logging\n" + " --nflog-range NUM Number of byte to copy\n" + " --nflog-threshold NUM Message threshold of in-kernel queue\n" + " --nflog-prefix STRING Prefix string for log messages\n\n", + IPTABLES_VERSION); +} + +static void init(struct ip6t_entry_target *t, unsigned int *nfcache) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)t->data; + + info->group = 0; + info->threshold = XT_NFLOG_DEFAULT_THRESHOLD; +} + +static int parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, + struct xt_entry_target **target) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data; + int n; + + switch (c) { + case NFLOG_GROUP: + if (*flags & NFLOG_GROUP) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-group twice"); + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-group"); + + n = atoi(optarg); + if (n < 0) + exit_error(PARAMETER_PROBLEM, + "--nflog-group can not be negative"); + info->group = n; + break; + case NFLOG_PREFIX: + if (*flags & NFLOG_PREFIX) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-prefix twice"); + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-prefix"); + + n = strlen(optarg); + if (n == 0) + exit_error(PARAMETER_PROBLEM, + "No prefix specified for --nflog-prefix"); + if (n >= sizeof(info->prefix)) + exit_error(PARAMETER_PROBLEM, + "--nflog-prefix too long, max %Zu characters", + sizeof(info->prefix) - 1); + if (n != strlen(strtok(optarg, "\n"))) + exit_error(PARAMETER_PROBLEM, + "Newlines are not allowed in --nflog-prefix"); + strcpy(info->prefix, optarg); + break; + case NFLOG_RANGE: + if (*flags & NFLOG_RANGE) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-range twice"); + n = atoi(optarg); + if (n < 0) + exit_error(PARAMETER_PROBLEM, + "Invalid --nflog-range, must be >= 0"); + info->len = n; + break; + case NFLOG_THRESHOLD: + if (*flags & NFLOG_THRESHOLD) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-threshold twice"); + n = atoi(optarg); + if (n < 1) + exit_error(PARAMETER_PROBLEM, + "Invalid --nflog-threshold, must be >= 1"); + info->threshold = n; + break; + default: + return 0; + } + *flags |= c; + return 1; +} + +static void final_check(unsigned int flags) +{ + return; +} + +static void nflog_print(const struct xt_nflog_info *info, char *prefix) +{ + if (info->prefix[0] != '\0') + printf("%snflog-prefix \"%s\" ", prefix, info->prefix); + if (info->group) + printf("%snflog-group %u ", prefix, info->group); + if (info->len) + printf("%snflog-range %u ", prefix, info->len); + if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) + printf("%snflog-threshold %u ", prefix, info->threshold); +} + +static void print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, ""); +} + +static void save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, "--"); +} + +static struct ip6tables_target nflog = { + .name = "NFLOG", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_nflog_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), + .help = help, + .init = init, + .parse = parse, + .final_check = final_check, + .print = print, + .save = save, + .extra_opts = opts, +}; + +void _init(void) +{ + register_target6(&nflog); +} diff --git a/extensions/libipt_NFLOG.c b/extensions/libipt_NFLOG.c new file mode 100644 index 00000000..a672e2d3 --- /dev/null +++ b/extensions/libipt_NFLOG.c @@ -0,0 +1,162 @@ +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <getopt.h> +#include <iptables.h> + +#include <linux/netfilter_ipv4/ip_tables.h> +#include <linux/netfilter/xt_NFLOG.h> + +enum { + NFLOG_GROUP = 0x1, + NFLOG_PREFIX = 0x2, + NFLOG_RANGE = 0x4, + NFLOG_THRESHOLD = 0x8, +}; + +static const struct option opts[] = { + { "nflog-group", 1, 0, NFLOG_GROUP }, + { "nflog-prefix", 1, 0, NFLOG_PREFIX }, + { "nflog-range", 1, 0, NFLOG_RANGE }, + { "nflog-threshold", 1, 0, NFLOG_THRESHOLD }, + {NULL}, +}; + +static void help(void) +{ + printf("NFLOG v%s options:\n" + " --nflog-group NUM NETLINK group used for logging\n" + " --nflog-range NUM Number of byte to copy\n" + " --nflog-threshold NUM Message threshold of in-kernel queue\n" + " --nflog-prefix STRING Prefix string for log messages\n\n", + IPTABLES_VERSION); +} + +static void init(struct xt_entry_target *t, unsigned int *nfcache) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)t->data; + + info->group = 0; + info->threshold = XT_NFLOG_DEFAULT_THRESHOLD; +} + +static int parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, + struct xt_entry_target **target) +{ + struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data; + int n; + + switch (c) { + case NFLOG_GROUP: + if (*flags & NFLOG_GROUP) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-group twice"); + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-group"); + + n = atoi(optarg); + if (n < 0) + exit_error(PARAMETER_PROBLEM, + "--nflog-group can not be negative"); + info->group = n; + break; + case NFLOG_PREFIX: + if (*flags & NFLOG_PREFIX) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-prefix twice"); + if (check_inverse(optarg, &invert, NULL, 0)) + exit_error(PARAMETER_PROBLEM, + "Unexpected `!' after --nflog-prefix"); + + n = strlen(optarg); + if (n == 0) + exit_error(PARAMETER_PROBLEM, + "No prefix specified for --nflog-prefix"); + if (n >= sizeof(info->prefix)) + exit_error(PARAMETER_PROBLEM, + "--nflog-prefix too long, max %Zu characters", + sizeof(info->prefix) - 1); + if (n != strlen(strtok(optarg, "\n"))) + exit_error(PARAMETER_PROBLEM, + "Newlines are not allowed in --nflog-prefix"); + strcpy(info->prefix, optarg); + break; + case NFLOG_RANGE: + if (*flags & NFLOG_RANGE) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-range twice"); + n = atoi(optarg); + if (n < 0) + exit_error(PARAMETER_PROBLEM, + "Invalid --nflog-range, must be >= 0"); + info->len = n; + break; + case NFLOG_THRESHOLD: + if (*flags & NFLOG_THRESHOLD) + exit_error(PARAMETER_PROBLEM, + "Can't specify --nflog-threshold twice"); + n = atoi(optarg); + if (n < 1) + exit_error(PARAMETER_PROBLEM, + "Invalid --nflog-threshold, must be >= 1"); + info->threshold = n; + break; + default: + return 0; + } + *flags |= c; + return 1; +} + +static void final_check(unsigned int flags) +{ + return; +} + +static void nflog_print(const struct xt_nflog_info *info, char *prefix) +{ + if (info->prefix[0] != '\0') + printf("%snflog-prefix \"%s\" ", prefix, info->prefix); + if (info->group) + printf("%snflog-group %u ", prefix, info->group); + if (info->len) + printf("%snflog-range %u ", prefix, info->len); + if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) + printf("%snflog-threshold %u ", prefix, info->threshold); +} + +static void print(const void *ip, const struct xt_entry_target *target, + int numeric) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, ""); +} + +static void save(const void *ip, const struct xt_entry_target *target) +{ + const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; + + nflog_print(info, "--"); +} + +static struct iptables_target nflog = { + .name = "NFLOG", + .version = IPTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_nflog_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), + .help = help, + .init = init, + .parse = parse, + .final_check = final_check, + .print = print, + .save = save, + .extra_opts = opts, +}; + +void _init(void) +{ + register_target(&nflog); +} diff --git a/extensions/libxt_NFLOG.c b/extensions/libxt_NFLOG.c index 9c5ea099..e69de29b 100644 --- a/extensions/libxt_NFLOG.c +++ b/extensions/libxt_NFLOG.c @@ -1,179 +0,0 @@ -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <getopt.h> -#include <xtables.h> - -#include <linux/netfilter/x_tables.h> -#include <linux/netfilter/xt_NFLOG.h> - -enum { - NFLOG_GROUP = 0x1, - NFLOG_PREFIX = 0x2, - NFLOG_RANGE = 0x4, - NFLOG_THRESHOLD = 0x8, -}; - -static const struct option opts[] = { - { "nflog-group", 1, 0, NFLOG_GROUP }, - { "nflog-prefix", 1, 0, NFLOG_PREFIX }, - { "nflog-range", 1, 0, NFLOG_RANGE }, - { "nflog-threshold", 1, 0, NFLOG_THRESHOLD }, - {NULL}, -}; - -static void help(void) -{ - printf("NFLOG v%s options:\n" - " --nflog-group NUM NETLINK group used for logging\n" - " --nflog-range NUM Number of byte to copy\n" - " --nflog-threshold NUM Message threshold of in-kernel queue\n" - " --nflog-prefix STRING Prefix string for log messages\n\n", - IPTABLES_VERSION); -} - -static void init(struct xt_entry_target *t, unsigned int *nfcache) -{ - struct xt_nflog_info *info = (struct xt_nflog_info *)t->data; - - info->group = 0; - info->threshold = XT_NFLOG_DEFAULT_THRESHOLD; -} - -static int parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, - struct xt_entry_target **target) -{ - struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data; - int n; - - switch (c) { - case NFLOG_GROUP: - if (*flags & NFLOG_GROUP) - exit_error(PARAMETER_PROBLEM, - "Can't specify --nflog-group twice"); - if (check_inverse(optarg, &invert, NULL, 0)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --nflog-group"); - - n = atoi(optarg); - if (n < 0) - exit_error(PARAMETER_PROBLEM, - "--nflog-group can not be negative"); - info->group = n; - break; - case NFLOG_PREFIX: - if (*flags & NFLOG_PREFIX) - exit_error(PARAMETER_PROBLEM, - "Can't specify --nflog-prefix twice"); - if (check_inverse(optarg, &invert, NULL, 0)) - exit_error(PARAMETER_PROBLEM, - "Unexpected `!' after --nflog-prefix"); - - n = strlen(optarg); - if (n == 0) - exit_error(PARAMETER_PROBLEM, - "No prefix specified for --nflog-prefix"); - if (n >= sizeof(info->prefix)) - exit_error(PARAMETER_PROBLEM, - "--nflog-prefix too long, max %Zu characters", - sizeof(info->prefix) - 1); - if (n != strlen(strtok(optarg, "\n"))) - exit_error(PARAMETER_PROBLEM, - "Newlines are not allowed in --nflog-prefix"); - strcpy(info->prefix, optarg); - break; - case NFLOG_RANGE: - if (*flags & NFLOG_RANGE) - exit_error(PARAMETER_PROBLEM, - "Can't specify --nflog-range twice"); - n = atoi(optarg); - if (n < 0) - exit_error(PARAMETER_PROBLEM, - "Invalid --nflog-range, must be >= 0"); - info->len = n; - break; - case NFLOG_THRESHOLD: - if (*flags & NFLOG_THRESHOLD) - exit_error(PARAMETER_PROBLEM, - "Can't specify --nflog-threshold twice"); - n = atoi(optarg); - if (n < 1) - exit_error(PARAMETER_PROBLEM, - "Invalid --nflog-threshold, must be >= 1"); - info->threshold = n; - break; - default: - return 0; - } - *flags |= c; - return 1; -} - -static void final_check(unsigned int flags) -{ - return; -} - -static void nflog_print(const struct xt_nflog_info *info, char *prefix) -{ - if (info->prefix[0] != '\0') - printf("%snflog-prefix \"%s\" ", prefix, info->prefix); - if (info->group) - printf("%snflog-group %u ", prefix, info->group); - if (info->len) - printf("%snflog-range %u ", prefix, info->len); - if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) - printf("%snflog-threshold %u ", prefix, info->threshold); -} - -static void print(const void *ip, const struct xt_entry_target *target, - int numeric) -{ - const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; - - nflog_print(info, ""); -} - -static void save(const void *ip, const struct xt_entry_target *target) -{ - const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; - - nflog_print(info, "--"); -} - -static struct xtables_target nflog = { - .family = AF_INET, - .name = "NFLOG", - .version = IPTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_nflog_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), - .help = help, - .init = init, - .parse = parse, - .final_check = final_check, - .print = print, - .save = save, - .extra_opts = opts, -}; - -static struct xtables_target nflog6 = { - .family = AF_INET6, - .name = "NFLOG", - .version = IPTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_nflog_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), - .help = help, - .init = init, - .parse = parse, - .final_check = final_check, - .print = print, - .save = save, - .extra_opts = opts, -}; - -void _init(void) -{ - xtables_register_target(&nflog); - xtables_register_target(&nflog6); -} |