libxt_NFLOG.c revision e88a7c2c7175742b58b6aa03f2b5aba2d80330a1
1#include <stdbool.h> 2#include <stdlib.h> 3#include <stdio.h> 4#include <string.h> 5#include <getopt.h> 6#include <xtables.h> 7 8#include <linux/netfilter/x_tables.h> 9#include <linux/netfilter/xt_NFLOG.h> 10 11enum { 12 NFLOG_GROUP = 0x1, 13 NFLOG_PREFIX = 0x2, 14 NFLOG_RANGE = 0x4, 15 NFLOG_THRESHOLD = 0x8, 16}; 17 18static const struct option NFLOG_opts[] = { 19 {.name = "nflog-group", .has_arg = true, .val = NFLOG_GROUP}, 20 {.name = "nflog-prefix", .has_arg = true, .val = NFLOG_PREFIX}, 21 {.name = "nflog-range", .has_arg = true, .val = NFLOG_RANGE}, 22 {.name = "nflog-threshold", .has_arg = true, .val = NFLOG_THRESHOLD}, 23 XT_GETOPT_TABLEEND, 24}; 25 26static void NFLOG_help(void) 27{ 28 printf("NFLOG target options:\n" 29 " --nflog-group NUM NETLINK group used for logging\n" 30 " --nflog-range NUM Number of byte to copy\n" 31 " --nflog-threshold NUM Message threshold of in-kernel queue\n" 32 " --nflog-prefix STRING Prefix string for log messages\n"); 33} 34 35static void NFLOG_init(struct xt_entry_target *t) 36{ 37 struct xt_nflog_info *info = (struct xt_nflog_info *)t->data; 38 39 info->threshold = XT_NFLOG_DEFAULT_THRESHOLD; 40} 41 42static int NFLOG_parse(int c, char **argv, int invert, unsigned int *flags, 43 const void *entry, struct xt_entry_target **target) 44{ 45 struct xt_nflog_info *info = (struct xt_nflog_info *)(*target)->data; 46 int n; 47 size_t length; 48 49 switch (c) { 50 case NFLOG_GROUP: 51 if (*flags & NFLOG_GROUP) 52 xtables_error(PARAMETER_PROBLEM, 53 "Can't specify --nflog-group twice"); 54 if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) 55 xtables_error(PARAMETER_PROBLEM, 56 "Unexpected `!' after --nflog-group"); 57 58 n = atoi(optarg); 59 if (n < 0) 60 xtables_error(PARAMETER_PROBLEM, 61 "--nflog-group can not be negative"); 62 info->group = n; 63 break; 64 case NFLOG_PREFIX: 65 if (*flags & NFLOG_PREFIX) 66 xtables_error(PARAMETER_PROBLEM, 67 "Can't specify --nflog-prefix twice"); 68 if (xtables_check_inverse(optarg, &invert, NULL, 0, argv)) 69 xtables_error(PARAMETER_PROBLEM, 70 "Unexpected `!' after --nflog-prefix"); 71 72 length = strlen(optarg); 73 if (length == 0) 74 xtables_error(PARAMETER_PROBLEM, 75 "No prefix specified for --nflog-prefix"); 76 if (length >= sizeof(info->prefix)) 77 xtables_error(PARAMETER_PROBLEM, 78 "--nflog-prefix too long, max %Zu characters", 79 sizeof(info->prefix) - 1); 80 if (length != strlen(strtok(optarg, "\n"))) 81 xtables_error(PARAMETER_PROBLEM, 82 "Newlines are not allowed in --nflog-prefix"); 83 strcpy(info->prefix, optarg); 84 break; 85 case NFLOG_RANGE: 86 if (*flags & NFLOG_RANGE) 87 xtables_error(PARAMETER_PROBLEM, 88 "Can't specify --nflog-range twice"); 89 n = atoi(optarg); 90 if (n < 0) 91 xtables_error(PARAMETER_PROBLEM, 92 "Invalid --nflog-range, must be >= 0"); 93 info->len = n; 94 break; 95 case NFLOG_THRESHOLD: 96 if (*flags & NFLOG_THRESHOLD) 97 xtables_error(PARAMETER_PROBLEM, 98 "Can't specify --nflog-threshold twice"); 99 n = atoi(optarg); 100 if (n < 1) 101 xtables_error(PARAMETER_PROBLEM, 102 "Invalid --nflog-threshold, must be >= 1"); 103 info->threshold = n; 104 break; 105 } 106 *flags |= c; 107 return 1; 108} 109 110static void nflog_print(const struct xt_nflog_info *info, char *prefix) 111{ 112 if (info->prefix[0] != '\0') { 113 printf(" %snflog-prefix ", prefix); 114 xtables_save_string(info->prefix); 115 } 116 if (info->group) 117 printf(" %snflog-group %u", prefix, info->group); 118 if (info->len) 119 printf(" %snflog-range %u", prefix, info->len); 120 if (info->threshold != XT_NFLOG_DEFAULT_THRESHOLD) 121 printf(" %snflog-threshold %u", prefix, info->threshold); 122} 123 124static void NFLOG_print(const void *ip, const struct xt_entry_target *target, 125 int numeric) 126{ 127 const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; 128 129 nflog_print(info, ""); 130} 131 132static void NFLOG_save(const void *ip, const struct xt_entry_target *target) 133{ 134 const struct xt_nflog_info *info = (struct xt_nflog_info *)target->data; 135 136 nflog_print(info, "--"); 137} 138 139static struct xtables_target nflog_target = { 140 .family = NFPROTO_UNSPEC, 141 .name = "NFLOG", 142 .version = XTABLES_VERSION, 143 .size = XT_ALIGN(sizeof(struct xt_nflog_info)), 144 .userspacesize = XT_ALIGN(sizeof(struct xt_nflog_info)), 145 .help = NFLOG_help, 146 .init = NFLOG_init, 147 .parse = NFLOG_parse, 148 .print = NFLOG_print, 149 .save = NFLOG_save, 150 .extra_opts = NFLOG_opts, 151}; 152 153void _init(void) 154{ 155 xtables_register_target(&nflog_target); 156} 157