diff options
Diffstat (limited to 'extensions/libebt_log.c')
-rw-r--r-- | extensions/libebt_log.c | 139 |
1 files changed, 39 insertions, 100 deletions
diff --git a/extensions/libebt_log.c b/extensions/libebt_log.c index 8858cf0e..dc2357c0 100644 --- a/extensions/libebt_log.c +++ b/extensions/libebt_log.c @@ -14,19 +14,11 @@ #include <stdlib.h> #include <syslog.h> #include <string.h> -#include <getopt.h> #include <xtables.h> #include <linux/netfilter_bridge/ebt_log.h> #define LOG_DEFAULT_LEVEL LOG_INFO -#define LOG_PREFIX '1' -#define LOG_LEVEL '2' -#define LOG_ARP '3' -#define LOG_IP '4' -#define LOG_LOG '5' -#define LOG_IP6 '6' - struct code { char *c_name; int c_val; @@ -43,26 +35,26 @@ static struct code eight_priority[] = { { "debug", LOG_DEBUG } }; -static int name_to_loglevel(const char *arg) -{ - int i; - - for (i = 0; i < 8; i++) - if (!strcmp(arg, eight_priority[i].c_name)) - return eight_priority[i].c_val; - - /* return bad loglevel */ - return 9; -} +enum { + /* first three must correspond with bit pos in respective EBT_LOG_* */ + O_LOG_IP = 0, + O_LOG_ARP = 1, + O_LOG_IP6 = 3, + O_LOG_PREFIX, + O_LOG_LEVEL, + O_LOG_LOG, +}; -static const struct option brlog_opts[] = { - { .name = "log-prefix", .has_arg = true, .val = LOG_PREFIX }, - { .name = "log-level", .has_arg = true, .val = LOG_LEVEL }, - { .name = "log-arp", .has_arg = false, .val = LOG_ARP }, - { .name = "log-ip", .has_arg = false, .val = LOG_IP }, - { .name = "log", .has_arg = false, .val = LOG_LOG }, - { .name = "log-ip6", .has_arg = false, .val = LOG_IP6 }, - XT_GETOPT_TABLEEND, +static const struct xt_option_entry brlog_opts[] = { + { .name = "log-prefix", .id = O_LOG_PREFIX, .type = XTTYPE_STRING, + .flags = XTOPT_PUT, XTOPT_POINTER(struct ebt_log_info, prefix) }, + { .name = "log-level", .id = O_LOG_LEVEL, .type = XTTYPE_SYSLOGLEVEL, + .flags = XTOPT_PUT, XTOPT_POINTER(struct ebt_log_info, loglevel) }, + { .name = "log-arp", .id = O_LOG_ARP, .type = XTTYPE_NONE }, + { .name = "log-ip", .id = O_LOG_IP, .type = XTTYPE_NONE }, + { .name = "log", .id = O_LOG_LOG, .type = XTTYPE_NONE }, + { .name = "log-ip6", .id = O_LOG_IP6, .type = XTTYPE_NONE }, + XTOPT_TABLEEND, }; static void brlog_help(void) @@ -87,73 +79,21 @@ static void brlog_init(struct xt_entry_target *t) { struct ebt_log_info *loginfo = (struct ebt_log_info *)t->data; - loginfo->bitmask = 0; - loginfo->prefix[0] = '\0'; loginfo->loglevel = LOG_NOTICE; } -static unsigned int log_chk_inv(int inv, unsigned int bit, const char *suffix) -{ - if (inv) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!' after --log%s", suffix); - return bit; -} - -static int brlog_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_target **target) +static void brlog_parse(struct xt_option_call *cb) { - struct ebt_log_info *loginfo = (struct ebt_log_info *)(*target)->data; - long int i; - char *end; - - switch (c) { - case LOG_PREFIX: - if (invert) - xtables_error(PARAMETER_PROBLEM, - "Unexpected `!` after --log-prefix"); - if (strlen(optarg) > sizeof(loginfo->prefix) - 1) - xtables_error(PARAMETER_PROBLEM, - "Prefix too long"); - if (strchr(optarg, '\"')) - xtables_error(PARAMETER_PROBLEM, - "Use of \\\" is not allowed" - " in the prefix"); - strcpy((char *)loginfo->prefix, (char *)optarg); - break; - case LOG_LEVEL: - i = strtol(optarg, &end, 16); - if (*end != '\0' || i < 0 || i > 7) - loginfo->loglevel = name_to_loglevel(optarg); - else - loginfo->loglevel = i; - - if (loginfo->loglevel == 9) - xtables_error(PARAMETER_PROBLEM, - "Problem with the log-level"); + struct ebt_log_info *loginfo = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_LOG_IP: + case O_LOG_ARP: + case O_LOG_IP6: + loginfo->bitmask |= 1 << cb->entry->id; break; - case LOG_IP: - loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP, "-ip"); - break; - case LOG_ARP: - loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_ARP, "-arp"); - break; - case LOG_LOG: - loginfo->bitmask |= log_chk_inv(invert, 0, ""); - break; - case LOG_IP6: - loginfo->bitmask |= log_chk_inv(invert, EBT_LOG_IP6, "-ip6"); - break; - default: - return 0; } - - *flags |= loginfo->bitmask; - return 1; -} - -static void brlog_final_check(unsigned int flags) -{ } static void brlog_print(const void *ip, const struct xt_entry_target *target, @@ -161,9 +101,10 @@ static void brlog_print(const void *ip, const struct xt_entry_target *target, { struct ebt_log_info *loginfo = (struct ebt_log_info *)target->data; - printf("--log-level %s --log-prefix \"%s\"", - eight_priority[loginfo->loglevel].c_name, - loginfo->prefix); + printf("--log-level %s", eight_priority[loginfo->loglevel].c_name); + + if (loginfo->prefix[0]) + printf(" --log-prefix \"%s\"", loginfo->prefix); if (loginfo->bitmask & EBT_LOG_IP) printf(" --log-ip"); @@ -180,16 +121,14 @@ static int brlog_xlate(struct xt_xlate *xl, const struct ebt_log_info *loginfo = (const void *)params->target->data; xt_xlate_add(xl, "log"); - if (loginfo->prefix[0]) { - if (params->escape_quotes) - xt_xlate_add(xl, " prefix \\\"%s\\\"", loginfo->prefix); - else - xt_xlate_add(xl, " prefix \"%s\"", loginfo->prefix); - } + if (loginfo->prefix[0]) + xt_xlate_add(xl, " prefix \"%s\"", loginfo->prefix); if (loginfo->loglevel != LOG_DEFAULT_LEVEL) xt_xlate_add(xl, " level %s", eight_priority[loginfo->loglevel].c_name); + /* ebt_log always decodes MAC header, nft_log always decodes upper header - + * so set flags ether and ignore EBT_LOG_IP, EBT_LOG_ARP and EBT_LOG_IP6 */ xt_xlate_add(xl, " flags ether "); return 1; @@ -198,17 +137,17 @@ static int brlog_xlate(struct xt_xlate *xl, static struct xtables_target brlog_target = { .name = "log", .revision = 0, + .ext_flags = XTABLES_EXT_WATCHER, .version = XTABLES_VERSION, .family = NFPROTO_BRIDGE, .size = XT_ALIGN(sizeof(struct ebt_log_info)), .userspacesize = XT_ALIGN(sizeof(struct ebt_log_info)), .init = brlog_init, .help = brlog_help, - .parse = brlog_parse, - .final_check = brlog_final_check, + .x6_parse = brlog_parse, .print = brlog_print, .xlate = brlog_xlate, - .extra_opts = brlog_opts, + .x6_options = brlog_opts, }; void _init(void) |