--- /dev/null
+/* ebt_nflog
+ *
+ * Authors:
+ * Peter Warasin <peter@endian.com>
+ *
+ * February, 2008
+ *
+ * Based on:
+ * ebt_ulog.c, (C) 2004, Bart De Schuymer <bdschuym@pandora.be>
+ * libxt_NFLOG.c
+ *
+ * Adapted to libxtables for ebtables-compat in 2015 by
+ * Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <xtables.h>
+#include "iptables/nft.h"
+#include "iptables/nft-bridge.h"
+#include <linux/netfilter_bridge/ebt_nflog.h>
+
+enum {
+ NFLOG_GROUP = 0x1,
+ NFLOG_PREFIX = 0x2,
+ NFLOG_RANGE = 0x4,
+ NFLOG_THRESHOLD = 0x8,
+ NFLOG_NFLOG = 0x16,
+};
+
+static struct option brnflog_opts[] = {
+ { .name = "nflog-group", .has_arg = true, .val = NFLOG_GROUP},
+ { .name = "nflog-prefix", .has_arg = true, .val = NFLOG_PREFIX},
+ { .name = "nflog-range", .has_arg = true, .val = NFLOG_RANGE},
+ { .name = "nflog-threshold", .has_arg = true, .val = NFLOG_THRESHOLD},
+ { .name = "nflog", .has_arg = false, .val = NFLOG_NFLOG},
+ XT_GETOPT_TABLEEND,
+};
+
+static void brnflog_help(void)
+{
+ printf("nflog options:\n"
+ "--nflog : use the default nflog parameters\n"
+ "--nflog-prefix prefix : Prefix string for log message\n"
+ "--nflog-group group : NETLINK group used for logging\n"
+ "--nflog-range range : Number of byte to copy\n"
+ "--nflog-threshold : Message threshold of"
+ "in-kernel queue\n");
+}
+
+static void brnflog_init(struct xt_entry_target *t)
+{
+ struct ebt_nflog_info *info = (struct ebt_nflog_info *)t->data;
+
+ info->prefix[0] = '\0';
+ info->group = EBT_NFLOG_DEFAULT_GROUP;
+ info->threshold = EBT_NFLOG_DEFAULT_THRESHOLD;
+}
+
+static int brnflog_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct ebt_nflog_info *info = (struct ebt_nflog_info *)(*target)->data;
+ unsigned int i;
+
+ if (invert)
+ xtables_error(PARAMETER_PROBLEM,
+ "The use of '!' makes no sense for the"
+ " nflog watcher");
+
+ switch (c) {
+ case NFLOG_PREFIX:
+ EBT_CHECK_OPTION(flags, NFLOG_PREFIX);
+ if (strlen(optarg) > EBT_NFLOG_PREFIX_SIZE - 1)
+ xtables_error(PARAMETER_PROBLEM,
+ "Prefix too long for nflog-prefix");
+ strncpy(info->prefix, optarg, EBT_NFLOG_PREFIX_SIZE);
+ break;
+ case NFLOG_GROUP:
+ EBT_CHECK_OPTION(flags, NFLOG_GROUP);
+ if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "--nflog-group must be a number!");
+ info->group = i;
+ break;
+ case NFLOG_RANGE:
+ EBT_CHECK_OPTION(flags, NFLOG_RANGE);
+ if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "--nflog-range must be a number!");
+ info->len = i;
+ break;
+ case NFLOG_THRESHOLD:
+ EBT_CHECK_OPTION(flags, NFLOG_THRESHOLD);
+ if (!xtables_strtoui(optarg, NULL, &i, 1, UINT32_MAX))
+ xtables_error(PARAMETER_PROBLEM,
+ "--nflog-threshold must be a number!");
+ info->threshold = i;
+ break;
+ case NFLOG_NFLOG:
+ EBT_CHECK_OPTION(flags, NFLOG_NFLOG);
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void
+brnflog_print(const void *ip, const struct xt_entry_target *target,
+ int numeric)
+{
+ struct ebt_nflog_info *info = (struct ebt_nflog_info *)target->data;
+
+ if (info->prefix[0] != '\0')
+ printf("--nflog-prefix \"%s\" ", info->prefix);
+ if (info->group)
+ printf("--nflog-group %d ", info->group);
+ if (info->len)
+ printf("--nflog-range %d ", info->len);
+ if (info->threshold != EBT_NFLOG_DEFAULT_THRESHOLD)
+ printf("--nflog-threshold %d ", info->threshold);
+}
+
+static struct xtables_target brnflog_watcher = {
+ .name = "nflog",
+ .revision = 0,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_BRIDGE,
+ .size = XT_ALIGN(sizeof(struct ebt_nflog_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct ebt_nflog_info)),
+ .init = brnflog_init,
+ .help = brnflog_help,
+ .parse = brnflog_parse,
+ .print = brnflog_print,
+ .extra_opts = brnflog_opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&brnflog_watcher);
+}
projects / thirdparty / iptables.git / commitdiff
