summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_connlimit.c
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/libipt_connlimit.c')
-rw-r--r--extensions/libipt_connlimit.c132
1 files changed, 0 insertions, 132 deletions
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
deleted file mode 100644
index 17b4d13b..00000000
--- a/extensions/libipt_connlimit.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/* Shared library add-on to iptables to add connection limit support. */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <getopt.h>
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
-#include <linux/netfilter_ipv4/ipt_connlimit.h>
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"connlimit v%s options:\n"
-"[!] --connlimit-above n match if the number of existing tcp connections is (not) above n\n"
-" --connlimit-mask n group hosts using mask\n"
-"\n", IPTABLES_VERSION);
-}
-
-static struct option opts[] = {
- { "connlimit-above", 1, 0, '1' },
- { "connlimit-mask", 1, 0, '2' },
- {0}
-};
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
- unsigned int *nfcache,
- struct ipt_entry_match **match)
-{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
- int i;
-
- if (0 == (*flags & 2)) {
- /* set default mask unless we've already seen a mask option */
- info->mask = htonl(0xFFFFFFFF);
- }
-
- switch (c) {
- case '1':
- check_inverse(optarg, &invert, &optind, 0);
- info->limit = atoi(argv[optind-1]);
- info->inverse = invert;
- *flags |= 1;
- break;
-
- case '2':
- i = atoi(argv[optind-1]);
- if ((i < 0) || (i > 32))
- exit_error(PARAMETER_PROBLEM,
- "--connlimit-mask must be between 0 and 32");
-
- if (i == 0)
- info->mask = 0;
- else
- info->mask = htonl(0xFFFFFFFF << (32 - i));
- *flags |= 2;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-/* Final check */
-static void final_check(unsigned int flags)
-{
- if (!flags & 1)
- exit_error(PARAMETER_PROBLEM, "You must specify `--connlimit-above'");
-}
-
-static int
-count_bits(u_int32_t mask)
-{
- int i, bits;
-
- for (bits = 0, i = 31; i >= 0; i--) {
- if (mask & htonl((u_int32_t)1 << i)) {
- bits++;
- continue;
- }
- break;
- }
- return bits;
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
- int numeric)
-{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
-
- printf("#conn/%d %s %d ", count_bits(info->mask),
- info->inverse ? "<" : ">", info->limit);
-}
-
-/* Saves the matchinfo in parsable form to stdout. */
-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
-{
- struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)match->data;
-
- printf("%s--connlimit-above %d ",info->inverse ? "! " : "",info->limit);
- printf("--connlimit-mask %d ",count_bits(info->mask));
-}
-
-static struct iptables_match connlimit = {
- .name = "connlimit",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connlimit_info)),
- .userspacesize = offsetof(struct ipt_connlimit_info,data),
- .help = help,
- .parse = parse,
- .final_check = final_check,
- .print = print,
- .save = save,
- .extra_opts = opts
-};
-
-void _init(void)
-{
- register_match(&connlimit);
-}