summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_NFLOG.c
blob: e31a3c4b318d1cc16e367deb6704a2916bdb6402 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#include <stdbool.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <getopt.h>
#include <xtables.h>

#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_NFLOG.h>

enum {
	O_GROUP = 0,
	O_PREFIX,
	O_RANGE,
	O_THRESHOLD,
};

#define s struct xt_nflog_info
static const struct xt_option_entry NFLOG_opts[] = {
	{.name = "nflog-group", .id = O_GROUP, .type = XTTYPE_UINT16,
	 .flags = XTOPT_PUT, XTOPT_POINTER(s, group)},
	{.name = "nflog-prefix", .id = O_PREFIX, .type = XTTYPE_STRING,
	 .min = 1, .flags = XTOPT_PUT, XTOPT_POINTER(s, prefix)},
	{.name = "nflog-range", .id = O_RANGE, .type = XTTYPE_UINT32,
	 .flags = XTOPT_PUT, XTOPT_POINTER(s, len)},
	{.name = "nflog-threshold", .id = O_THRESHOLD, .type = XTTYPE_UINT16,
	 .flags = XTOPT_PUT, XTOPT_POINTER(s, threshold)},
	XTOPT_TABLEEND,
};
#undef s

static void NFLOG_help(void)
{
	printf("NFLOG target options:\n"
	       " --nflog-group NUM		NETLINK group used for logging\n"
	       " --nflog-range NUM		Number of byte to copy\n"
	       " --nflog-threshold NUM		Message threshold of in-kernel queue\n"
	       " --nflog-prefix STRING		Prefix string for log messages\n");
}

static void NFLOG_init(struct xt_entry_target *t)
{
	struct xt_nflog_info *info = (struct xt_nflog_info *)t->data;

	info->threshold	= XT_NFLOG_DEFAULT_THRESHOLD;
}

static void NFLOG_parse(struct xt_option_call *cb)
{
	xtables_option_parse(cb);
	switch (cb->entry->id) {
	case O_PREFIX:
		if (strchr(cb->arg, '\n') != NULL)
			xtables_error(PARAMETER_PROBLEM,
				   "Newlines not allowed in --log-prefix");
		break;
	}
}

static void nflog_print(const struct xt_nflog_info *info, char *prefix)
{
	if (info->prefix[0] != '\0') {
		printf(" %snflog-prefix ", prefix);
		xtables_save_string(info->prefix);
	}
	if (info->group)
		printf(" %snflog-group %u", prefix, info->group);
	if (info->len)
		printf(" %snflog-range %u", prefix, info->len);
	if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
		printf(" %snflog-threshold %u", prefix, info->threshold);
}

static void NFLOG_print(const void *ip, const struct xt_entry_target *target,
			int numeric)
{
	const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;

	nflog_print(info, "");
}

static void NFLOG_save(const void *ip, const struct xt_entry_target *target)
{
	const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;

	nflog_print(info, "--");
}

static void nflog_print_xlate(const struct xt_nflog_info *info,
			      struct xt_xlate *xl)
{
	xt_xlate_add(xl, "log ");
	if (info->prefix[0] != '\0')
		xt_xlate_add(xl, "prefix \\\"%s\\\" ", info->prefix);
	if (info->len)
		xt_xlate_add(xl, "snaplen %u ", info->len);
	if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD)
		xt_xlate_add(xl, "queue-threshold %u ", info->threshold);
	xt_xlate_add(xl, "group %u ", info->group);
}

static int NFLOG_xlate(const struct xt_entry_target *target,
		       struct xt_xlate *xl, int numeric)
{
	const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data;

	nflog_print_xlate(info, xl);

	return 1;
}

static struct xtables_target nflog_target = {
	.family		= NFPROTO_UNSPEC,
	.name		= "NFLOG",
	.version	= XTABLES_VERSION,
	.size		= XT_ALIGN(sizeof(struct xt_nflog_info)),
	.userspacesize	= XT_ALIGN(sizeof(struct xt_nflog_info)),
	.help		= NFLOG_help,
	.init		= NFLOG_init,
	.x6_parse	= NFLOG_parse,
	.print		= NFLOG_print,
	.save		= NFLOG_save,
	.x6_options	= NFLOG_opts,
	.xlate		= NFLOG_xlate,
};

void _init(void)
{
	xtables_register_target(&nflog_target);
}