1#include <math.h>
2#include <stdio.h>
3#include <string.h>
4#include <xtables.h>
5#include <linux/netfilter/xt_statistic.h>
6
7enum {
8	O_MODE = 0,
9	O_PROBABILITY,
10	O_EVERY,
11	O_PACKET,
12	F_PROBABILITY = 1 << O_PROBABILITY,
13	F_EVERY       = 1 << O_EVERY,
14	F_PACKET      = 1 << O_PACKET,
15};
16
17static void statistic_help(void)
18{
19	printf(
20"statistic match options:\n"
21" --mode mode                    Match mode (random, nth)\n"
22" random mode:\n"
23"[!] --probability p		 Probability\n"
24" nth mode:\n"
25"[!] --every n			 Match every nth packet\n"
26" --packet p			 Initial counter value (0 <= p <= n-1, default 0)\n");
27}
28
29#define s struct xt_statistic_info
30static const struct xt_option_entry statistic_opts[] = {
31	{.name = "mode", .id = O_MODE, .type = XTTYPE_STRING,
32	 .flags = XTOPT_MAND},
33	{.name = "probability", .id = O_PROBABILITY, .type = XTTYPE_DOUBLE,
34	 .flags = XTOPT_INVERT, .min = 0, .max = 1,
35	 .excl = F_EVERY | F_PACKET},
36	{.name = "every", .id = O_EVERY, .type = XTTYPE_UINT32, .min = 1,
37	 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, u.nth.every),
38	 .excl = F_PROBABILITY, .also = F_PACKET},
39	{.name = "packet", .id = O_PACKET, .type = XTTYPE_UINT32,
40	 .flags = XTOPT_PUT, XTOPT_POINTER(s, u.nth.packet),
41	 .excl = F_PROBABILITY, .also = F_EVERY},
42	XTOPT_TABLEEND,
43};
44#undef s
45
46static void statistic_parse(struct xt_option_call *cb)
47{
48	struct xt_statistic_info *info = cb->data;
49
50	if (cb->invert)
51		info->flags |= XT_STATISTIC_INVERT;
52
53	xtables_option_parse(cb);
54	switch (cb->entry->id) {
55	case O_MODE:
56		if (strcmp(cb->arg, "random") == 0)
57			info->mode = XT_STATISTIC_MODE_RANDOM;
58		else if (strcmp(cb->arg, "nth") == 0)
59			info->mode = XT_STATISTIC_MODE_NTH;
60		else
61			xtables_error(PARAMETER_PROBLEM, "Bad mode \"%s\"",
62				cb->arg);
63		break;
64	case O_PROBABILITY:
65		info->u.random.probability = lround(0x80000000 * cb->val.dbl);
66		break;
67	case O_EVERY:
68		--info->u.nth.every;
69		break;
70	}
71}
72
73static void statistic_check(struct xt_fcheck_call *cb)
74{
75	struct xt_statistic_info *info = cb->data;
76
77	if (info->mode == XT_STATISTIC_MODE_RANDOM &&
78	    !(cb->xflags & F_PROBABILITY))
79		xtables_error(PARAMETER_PROBLEM,
80			"--probability must be specified when using "
81			"random mode");
82	if (info->mode == XT_STATISTIC_MODE_NTH &&
83	    !(cb->xflags & (F_EVERY | F_PACKET)))
84		xtables_error(PARAMETER_PROBLEM,
85			"--every and --packet must be specified when "
86			"using nth mode");
87
88	/* at this point, info->u.nth.every have been decreased. */
89	if (info->u.nth.packet > info->u.nth.every)
90		xtables_error(PARAMETER_PROBLEM,
91			  "the --packet p must be 0 <= p <= n-1");
92
93	info->u.nth.count = info->u.nth.every - info->u.nth.packet;
94}
95
96static void print_match(const struct xt_statistic_info *info, char *prefix)
97{
98	switch (info->mode) {
99	case XT_STATISTIC_MODE_RANDOM:
100		printf(" %smode random%s %sprobability %.11f", prefix,
101		       (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
102		       prefix,
103		       1.0 * info->u.random.probability / 0x80000000);
104		break;
105	case XT_STATISTIC_MODE_NTH:
106		printf(" %smode nth%s %severy %u", prefix,
107		       (info->flags & XT_STATISTIC_INVERT) ? " !" : "",
108		       prefix,
109		       info->u.nth.every + 1);
110		if (info->u.nth.packet)
111			printf(" %spacket %u", prefix, info->u.nth.packet);
112		break;
113	}
114}
115
116static void
117statistic_print(const void *ip, const struct xt_entry_match *match, int numeric)
118{
119	const struct xt_statistic_info *info = (const void *)match->data;
120
121	printf(" statistic");
122	print_match(info, "");
123}
124
125static void statistic_save(const void *ip, const struct xt_entry_match *match)
126{
127	const struct xt_statistic_info *info = (const void *)match->data;
128
129	print_match(info, "--");
130}
131
132static struct xtables_match statistic_match = {
133	.family		= NFPROTO_UNSPEC,
134	.name		= "statistic",
135	.version	= XTABLES_VERSION,
136	.size		= XT_ALIGN(sizeof(struct xt_statistic_info)),
137	.userspacesize	= offsetof(struct xt_statistic_info, u.nth.count),
138	.help		= statistic_help,
139	.x6_parse	= statistic_parse,
140	.x6_fcheck	= statistic_check,
141	.print		= statistic_print,
142	.save		= statistic_save,
143	.x6_options	= statistic_opts,
144};
145
146void _init(void)
147{
148	xtables_register_match(&statistic_match);
149}
150