1/* 2 Shared library add-on to iptables to add match support for the fuzzy match. 3 4 This file is distributed under the terms of the GNU General Public 5 License (GPL). Copies of the GPL can be obtained from: 6 ftp://prep.ai.mit.edu/pub/gnu/GPL 7 82002-08-07 Hime Aguiar e Oliveira Jr. <hime@engineer.com> : Initial version. 92003-04-08 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port 102003-06-09 Hime Aguiar e Oliveira Jr. <hime@engineer.com> : Bug corrections in 11the save function , thanks to information given by Jean-Francois Patenaude. 12 13*/ 14 15#include <stdio.h> 16#include <netdb.h> 17#include <string.h> 18#include <stdlib.h> 19#include <syslog.h> 20#include <getopt.h> 21#include <ip6tables.h> 22#include <linux/netfilter_ipv6/ip6_tables.h> 23#include <linux/netfilter_ipv6/ip6t_fuzzy.h> 24 25 26static void 27help(void) 28{ 29 printf( 30"fuzzy v%s options:\n" 31" --lower-limit number (in packets per second)\n" 32" --upper-limit number\n" 33,IPTABLES_VERSION); 34}; 35 36static struct option opts[] = { 37 { .name = "lower-limit", .has_arg = 1, .flag = 0, .val = '1' }, 38 { .name = "upper-limit", .has_arg = 1, .flag = 0, .val = '2' }, 39 { .name = 0 } 40}; 41 42/* Initialize data structures */ 43static void 44init(struct ip6t_entry_match *m, unsigned int *nfcache) 45{ 46 struct ip6t_fuzzy_info *presentinfo = (struct ip6t_fuzzy_info *)(m)->data; 47 /* 48 * Default rates ( I'll improve this very soon with something based 49 * on real statistics of the running machine ) . 50 */ 51 52 presentinfo->minimum_rate = 1000; 53 presentinfo->maximum_rate = 2000; 54} 55 56#define IP6T_FUZZY_OPT_MINIMUM 0x01 57#define IP6T_FUZZY_OPT_MAXIMUM 0x02 58 59static int 60parse(int c, char **argv, int invert, unsigned int *flags, 61 const struct ip6t_entry *entry, 62 unsigned int *nfcache, 63 struct ip6t_entry_match **match) 64{ 65 struct ip6t_fuzzy_info *fuzzyinfo = 66 (struct ip6t_fuzzy_info *)(*match)->data; 67 68 u_int32_t num; 69 70 switch (c) { 71 72 case '1': 73 74 if (invert) 75 exit_error(PARAMETER_PROBLEM,"Can't specify ! --lower-limit"); 76 77 if (*flags & IP6T_FUZZY_OPT_MINIMUM) 78 exit_error(PARAMETER_PROBLEM,"Can't specify --lower-limit twice"); 79 80 if (string_to_number(optarg,1,MAXFUZZYRATE,&num) == -1 || num < 1) 81 exit_error(PARAMETER_PROBLEM,"BAD --lower-limit"); 82 83 fuzzyinfo->minimum_rate = num ; 84 85 *flags |= IP6T_FUZZY_OPT_MINIMUM; 86 87 break; 88 89 case '2': 90 91 if (invert) 92 exit_error(PARAMETER_PROBLEM,"Can't specify ! --upper-limit"); 93 94 if (*flags & IP6T_FUZZY_OPT_MAXIMUM) 95 exit_error(PARAMETER_PROBLEM,"Can't specify --upper-limit twice"); 96 97 if (string_to_number(optarg,1,MAXFUZZYRATE,&num) == -1 || num < 1) 98 exit_error(PARAMETER_PROBLEM,"BAD --upper-limit"); 99 100 fuzzyinfo->maximum_rate = num; 101 102 *flags |= IP6T_FUZZY_OPT_MAXIMUM; 103 104 break ; 105 106 default: 107 return 0; 108 } 109 return 1; 110} 111 112static void final_check(unsigned int flags) 113{ 114} 115 116static void 117print(const struct ip6t_ip6 *ipv6, 118 const struct ip6t_entry_match *match, 119 int numeric) 120{ 121 const struct ip6t_fuzzy_info *fuzzyinfo 122 = (const struct ip6t_fuzzy_info *)match->data; 123 124 printf(" fuzzy: lower limit = %u pps - upper limit = %u pps ", 125 fuzzyinfo->minimum_rate, fuzzyinfo->maximum_rate); 126} 127 128/* Saves the union ip6t_targinfo in parsable form to stdout. */ 129static void 130save(const struct ip6t_ip6 *ipv6, const struct ip6t_entry_match *match) 131{ 132 const struct ip6t_fuzzy_info *fuzzyinfo 133 = (const struct ip6t_fuzzy_info *)match->data; 134 135 printf("--lower-limit %u --upper-limit %u ", 136 fuzzyinfo->minimum_rate, fuzzyinfo->maximum_rate); 137} 138 139struct ip6tables_match fuzzy_match = { 140 .name = "fuzzy", 141 .version = IPTABLES_VERSION, 142 .size = IP6T_ALIGN(sizeof(struct ip6t_fuzzy_info)), 143 .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_fuzzy_info)), 144 .help = &help, 145 .init = &init, 146 .parse = &parse, 147 .final_check = &final_check, 148 .print = &print, 149 .save = &save, 150 .extra_opts = opts 151}; 152 153void _init(void) 154{ 155 register_match6(&fuzzy_match); 156} 157