| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* Shared library add-on to iptables to add CONNLOG target support. */ |
| 2 | #include <stdio.h> |
| 3 | #include <stdlib.h> |
| 4 | #include <getopt.h> |
| 5 | #include <xtables.h> |
| 6 | #include <linux/netfilter_ipv4/ipt_CONNLOG.h> |
| 7 | |
| 8 | static void |
| 9 | help(void) |
| 10 | { |
| 11 | printf( |
| 12 | "CONNLOG target options:\n" |
| 13 | " --confirm Log confirm events\n" |
| 14 | " --destroy Log destroy events\n"); |
| 15 | } |
| 16 | |
| 17 | static struct option opts[] = { |
| 18 | { "confirm", 0, 0, '1' }, |
| 19 | { "destroy", 0, 0, '2' }, |
| 20 | { .name = NULL } |
| 21 | }; |
| 22 | |
| 23 | static void |
| 24 | init(struct xt_entry_target *t) |
| 25 | { |
| 26 | } |
| 27 | |
| 28 | static int |
| 29 | parse(int c, char **argv, int invert, unsigned int *flags, |
| 30 | const void *entry, |
| 31 | struct xt_entry_target **target) |
| 32 | { |
| 33 | struct ipt_connlog_target_info *loginfo |
| 34 | = (struct ipt_connlog_target_info *)(*target)->data; |
| 35 | |
| 36 | switch (c) { |
| 37 | case '1': |
| 38 | loginfo->events |= IPT_CONNLOG_CONFIRM; |
| 39 | break; |
| 40 | case '2': |
| 41 | loginfo->events |= IPT_CONNLOG_DESTROY; |
| 42 | break; |
| 43 | default: |
| 44 | return 0; |
| 45 | } |
| 46 | |
| 47 | return 1; |
| 48 | } |
| 49 | |
| 50 | static void |
| 51 | final_check(unsigned int flags) |
| 52 | { |
| 53 | } |
| 54 | |
| 55 | static void |
| 56 | print(const void *ip, |
| 57 | const struct xt_entry_target *target, |
| 58 | int numeric) |
| 59 | { |
| 60 | const struct ipt_connlog_target_info *loginfo = |
| 61 | (const struct ipt_connlog_target_info *)target->data; |
| 62 | |
| 63 | printf("CONNLOG"); |
| 64 | if (loginfo->events & IPT_CONNLOG_CONFIRM) |
| 65 | printf(" confirm"); |
| 66 | if (loginfo->events & IPT_CONNLOG_DESTROY) |
| 67 | printf(" destroy"); |
| 68 | } |
| 69 | |
| 70 | static void |
| 71 | save(const void *ip, const struct xt_entry_target *target) |
| 72 | { |
| 73 | const struct ipt_connlog_target_info *loginfo = |
| 74 | (const struct ipt_connlog_target_info *)target->data; |
| 75 | |
| 76 | if (loginfo->events & IPT_CONNLOG_CONFIRM) |
| 77 | printf("--confirm "); |
| 78 | if (loginfo->events & IPT_CONNLOG_DESTROY) |
| 79 | printf("--destroy "); |
| 80 | } |
| 81 | |
| 82 | static struct xtables_target connlog_target = { |
| 83 | .name = "CONNLOG", |
| 84 | .version = XTABLES_VERSION, |
| 85 | .family = NFPROTO_IPV4, |
| 86 | .size = XT_ALIGN(sizeof(struct ipt_connlog_target_info)), |
| 87 | .userspacesize = XT_ALIGN(sizeof(struct ipt_connlog_target_info)), |
| 88 | .help = &help, |
| 89 | .init = &init, |
| 90 | .parse = &parse, |
| 91 | .final_check = &final_check, |
| 92 | .print = &print, |
| 93 | .save = &save, |
| 94 | .extra_opts = opts |
| 95 | }; |
| 96 | |
| 97 | void _init(void) |
| 98 | { |
| 99 | xtables_register_target(&connlog_target); |
| 100 | } |