summaryrefslogtreecommitdiffstats
path: root/iptables/xtables-events.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/xtables-events.c')
-rw-r--r--iptables/xtables-events.c213
1 files changed, 0 insertions, 213 deletions
diff --git a/iptables/xtables-events.c b/iptables/xtables-events.c
deleted file mode 100644
index df9a7b86..00000000
--- a/iptables/xtables-events.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * (C) 2012-2013 by Pablo Neira Ayuso <pablo@netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
- */
-
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <netinet/in.h>
-#include <getopt.h>
-
-#include <linux/netfilter/nfnetlink.h>
-#include <linux/netfilter/nf_tables.h>
-
-#include <libmnl/libmnl.h>
-#include <libnftnl/table.h>
-#include <libnftnl/chain.h>
-#include <libnftnl/rule.h>
-
-#include <include/xtables.h>
-#include "iptables.h" /* for xtables_globals */
-#include "xtables-multi.h"
-#include "nft.h"
-#include "nft-arp.h"
-
-static int table_cb(const struct nlmsghdr *nlh, int type)
-{
- struct nftnl_table *t;
- char buf[4096];
-
- t = nftnl_table_alloc();
- if (t == NULL)
- goto err;
-
- if (nftnl_table_nlmsg_parse(nlh, t) < 0)
- goto err_free;
-
- nftnl_table_snprintf(buf, sizeof(buf), t, NFTNL_OUTPUT_DEFAULT, 0);
- /* FIXME: define syntax to represent table events */
- printf("# [table: %s]\t%s\n", type == NFT_MSG_NEWTABLE ? "NEW" : "DEL", buf);
-
-err_free:
- nftnl_table_free(t);
-err:
- return MNL_CB_OK;
-}
-
-static bool counters;
-
-static int rule_cb(const struct nlmsghdr *nlh, int type)
-{
- struct iptables_command_state cs = {};
- struct arptables_command_state cs_arp = {};
- struct nftnl_rule *r;
- void *fw = NULL;
- uint8_t family;
-
- r = nftnl_rule_alloc();
- if (r == NULL)
- goto err;
-
- if (nftnl_rule_nlmsg_parse(nlh, r) < 0)
- goto err_free;
-
- family = nftnl_rule_get_u32(r, NFTNL_RULE_FAMILY);
- switch (family) {
- case AF_INET:
- case AF_INET6:
- printf("-%c ", family == AF_INET ? '4' : '6');
- nft_rule_to_iptables_command_state(r, &cs);
- fw = &cs;
- break;
- case NFPROTO_ARP:
- printf("-0 ");
- nft_rule_to_arptables_command_state(r, &cs_arp);
- fw = &cs_arp;
- break;
- default:
- goto err_free;
- }
-
-
- nft_rule_print_save(fw, r,
- type == NFT_MSG_NEWRULE ? NFT_RULE_APPEND :
- NFT_RULE_DEL,
- counters ? 0 : FMT_NOCOUNTS);
-err_free:
- nftnl_rule_free(r);
-err:
- return MNL_CB_OK;
-}
-
-static int chain_cb(const struct nlmsghdr *nlh, int type)
-{
- struct nftnl_chain *t;
- char buf[4096];
-
- t = nftnl_chain_alloc();
- if (t == NULL)
- goto err;
-
- if (nftnl_chain_nlmsg_parse(nlh, t) < 0)
- goto err_free;
-
- nftnl_chain_snprintf(buf, sizeof(buf), t, NFTNL_OUTPUT_DEFAULT, 0);
- /* FIXME: define syntax to represent chain events */
- printf("# [chain: %s]\t%s\n", type == NFT_MSG_NEWCHAIN ? "NEW" : "DEL", buf);
-
-err_free:
- nftnl_chain_free(t);
-err:
- return MNL_CB_OK;
-}
-
-static int events_cb(const struct nlmsghdr *nlh, void *data)
-{
- int ret = MNL_CB_OK;
- int type = nlh->nlmsg_type & 0xFF;
-
- switch(type) {
- case NFT_MSG_NEWTABLE:
- case NFT_MSG_DELTABLE:
- ret = table_cb(nlh, type);
- break;
- case NFT_MSG_NEWCHAIN:
- case NFT_MSG_DELCHAIN:
- ret = chain_cb(nlh, type);
- break;
- case NFT_MSG_NEWRULE:
- case NFT_MSG_DELRULE:
- ret = rule_cb(nlh, type);
- break;
- }
-
- return ret;
-}
-
-static const struct option options[] = {
- {.name = "counters", .has_arg = false, .val = 'c'},
- {NULL},
-};
-
-static void print_usage(const char *name, const char *version)
-{
- fprintf(stderr, "Usage: %s [-c]\n"
- " [ --counters ]\n", name);
- exit(EXIT_FAILURE);
-}
-
-int xtables_events_main(int argc, char *argv[])
-{
- struct mnl_socket *nl;
- char buf[MNL_SOCKET_BUFFER_SIZE];
- int ret, c;
-
- xtables_globals.program_name = "xtables-events";
- /* XXX xtables_init_all does several things we don't want */
- c = xtables_init_all(&xtables_globals, NFPROTO_IPV4);
- if (c < 0) {
- fprintf(stderr, "%s/%s Failed to initialize xtables\n",
- xtables_globals.program_name,
- xtables_globals.program_version);
- exit(1);
- }
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
- init_extensions4();
-#endif
-
- opterr = 0;
- while ((c = getopt_long(argc, argv, "c", options, NULL)) != -1) {
- switch (c) {
- case 'c':
- counters = true;
- break;
- default:
- print_usage(argv[0], XTABLES_VERSION);
- exit(EXIT_FAILURE);
- }
- }
-
- nl = mnl_socket_open(NETLINK_NETFILTER);
- if (nl == NULL) {
- perror("cannot open nfnetlink socket");
- exit(EXIT_FAILURE);
- }
-
- if (mnl_socket_bind(nl, (1 << (NFNLGRP_NFTABLES-1)), MNL_SOCKET_AUTOPID) < 0) {
- perror("cannot bind to nfnetlink socket");
- exit(EXIT_FAILURE);
- }
-
- ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
- while (ret > 0) {
- ret = mnl_cb_run(buf, ret, 0, 0, events_cb, NULL);
- if (ret <= 0)
- break;
- ret = mnl_socket_recvfrom(nl, buf, sizeof(buf));
- }
- if (ret == -1) {
- perror("cannot receive from nfnetlink socket");
- exit(EXIT_FAILURE);
- }
- mnl_socket_close(nl);
-
- return EXIT_SUCCESS;
-}