SOURCES: iptables24-account.patch (NEW), ipt_account_iptables.diff...

gotar gotar at pld-linux.org
Fri Feb 24 15:14:44 CET 2006


Author: gotar                        Date: Fri Feb 24 14:14:44 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- account match from 1.2.11

---- Files affected:
SOURCES:
   iptables24-account.patch (NONE -> 1.1)  (NEW), ipt_account_iptables.diff (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/iptables24-account.patch
diff -u /dev/null SOURCES/iptables24-account.patch:1.1
--- /dev/null	Fri Feb 24 15:14:44 2006
+++ SOURCES/iptables24-account.patch	Fri Feb 24 15:14:39 2006
@@ -0,0 +1,267 @@
+diff -urN iptables-1.2.11/extensions/Makefile iptables-1.2.11.account/extensions/Makefile
+--- iptables-1.2.11/extensions/Makefile	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.2.11.account/extensions/Makefile	2004-03-17 15:27:08.000000000 +0100
+@@ -5,7 +5,7 @@
+ # header files are present in the include/linux directory of this iptables
+ # package (HW)
+ #
+-PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp stealth unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
++PF_EXT_SLIB:=ah account connlimit connmark conntrack dscp ecn esp helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp stealth unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+ PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp LOG MARK TRACE
+ 
+ # Optionals
+diff -urN iptables-1.2.11/extensions/.account-test iptables-1.2.11.account/extensions/.account-test
+--- iptables-1.2.11/extensions/.account-test	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.2.11.account/extensions/.account-test	2004-03-17 15:27:08.000000000 +0100
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if account match patch is applied.
++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_account.h ] && echo account
+diff -urN iptables-1.2.11/extensions/libipt_account.c iptables-1.2.11.account/extensions/libipt_account.c
+--- iptables-1.2.11/extensions/libipt_account.c	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.2.11.account/extensions/libipt_account.c	2004-03-17 15:27:08.000000000 +0100
+@@ -0,0 +1,244 @@
++/* 
++ * accounting match helper (libipt_account.c)
++ * (C) 2003,2004 by Piotr Gasidło (quaker at barbara.eu.org)
++ *
++ * Version: 0.1.5
++ *
++ * This software is distributed under the terms of GNU GPL
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <iptables.h>
++#include <string.h>
++#include <getopt.h>
++
++#include <linux/netfilter_ipv4/ipt_account.h>
++
++#ifndef HIPQUAD
++#define HIPQUAD(addr) \
++	((unsigned char *)&addr)[3], \
++	((unsigned char *)&addr)[2], \
++	((unsigned char *)&addr)[1], \
++	((unsigned char *)&addr)[0]
++#endif
++				
++static void help(void) {
++	printf(
++			"account v%s options:\n"
++			"--aaddr network/netmask\n"
++			"	defines network/netmask for which make statistics.\n"
++			"--aname name\n"
++			"	defines name of list where statistics will be kept. If no is\n"
++			"	specified DEFAULT will be used.\n"
++
++	, 
++	IPTABLES_VERSION);
++};
++
++static struct option opts[] = {
++	{ "aaddr", 1, NULL, 201 },
++	{ "aname", 1, NULL, 202 },
++	{ 0 }
++};
++
++/* Helper functions for parse_network */
++int parseip(const char *parameter, u_int32_t *ip) {
++	
++	char buffer[16], *bufferptr, *dot;
++	unsigned int i, shift, part;
++
++	if (strlen(parameter) > 15)
++		return 0;
++
++	strncpy(buffer, parameter, 15);
++	buffer[15] = 0;
++
++	bufferptr = buffer;
++
++	for (i = 0, shift = 24, *ip = 0; i < 3; i++, shift -= 8) {
++		/* no dot */
++		if ((dot = strchr(bufferptr, '.')) == NULL)
++			return 0;
++		/* not a number */
++		if ((part = strtol(bufferptr, (char**)NULL, 10)) < 0) 
++			return 0;	
++		/* to big number */
++		if (part > 255)
++			return 0;
++		*ip |= part << shift;		
++		bufferptr = dot + 1;
++	}
++	/* not a number */
++	if ((part = strtol(bufferptr, (char**)NULL, 10)) < 0) 
++		return 0;
++	/* to big number */
++	if (part > 255)
++		return 0;
++	*ip |= part;
++	return 1;
++}
++
++static void parsenetwork(const char *parameter, u_int32_t *network) {
++	if (!parseip(parameter, network))
++		exit_error(PARAMETER_PROBLEM, "account: wrong ip in network");
++}
++
++static void parsenetmaskasbits(const char *parameter, u_int32_t *netmask) {
++	
++	u_int32_t bits;
++	
++	if ((bits = strtol(parameter, (char **)NULL, 10)) < 0 || bits > 32)
++		exit_error(PARAMETER_PROBLEM, "account: wrong netmask");
++
++	*netmask = 0xffffffff << (32 - bits);
++}
++
++static void parsenetmaskasip(const char *parameter, u_int32_t *netmask) {
++	if (!parseip(parameter, netmask))
++		exit_error(PARAMETER_PROBLEM, "account: wrong ip in netmask");
++}
++
++static void parsenetmask(const char *parameter, u_int32_t *netmask) 
++{
++	if (strchr(parameter, '.') != NULL)
++		parsenetmaskasip(parameter, netmask);
++	else
++		parsenetmaskasbits(parameter, netmask);
++}
++
++static void parsenetworkandnetmask(const char *parameter, u_int32_t *network, u_int32_t *netmask) 
++{
++	
++	char buffer[32], *slash;
++
++	if (strlen(parameter) > 31)
++		/* text is to long, even for 255.255.255.255/255.255.255.255 */
++		exit_error(PARAMETER_PROBLEM, "account: wrong network/netmask");
++
++	strncpy(buffer, parameter, 31);
++	buffer[31] = 0;
++
++	/* check whether netmask is given */
++	if ((slash = strchr(buffer, '/')) != NULL) {
++		parsenetmask(slash + 1, netmask);
++		*slash = 0;
++	} else
++		*netmask = 0xffffffff;
++	parsenetwork(buffer, network);
++
++	if ((*network & *netmask) != *network)
++		exit_error(PARAMETER_PROBLEM, "account: wrong network/netmask");
++}
++
++
++/* Function gets network & netmask from argument after --aaddr */
++static void parse_network(const char *parameter, struct t_ipt_account_info *info) {
++
++	parsenetworkandnetmask(parameter, &info->network, &info->netmask);
++	
++}
++
++/* Function initializes match */
++static void init(struct ipt_entry_match *match, 
++		 unsigned int *nfcache) {
++	
++	struct t_ipt_account_info *info = (struct t_ipt_account_info *)(match)->data;
++
++	*nfcache |= NFC_UNKNOWN;
++
++	/* set default table name to DEFAULT */
++	strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
++	
++}
++
++/* Function parses match's arguments */
++static int parse(int c, char **argv, 
++		  int invert, 
++		  unsigned int *flags,
++                  const struct ipt_entry *entry,
++                  unsigned int *nfcache,
++                  struct ipt_entry_match **match) {
++	
++	struct t_ipt_account_info *info = (struct t_ipt_account_info *)(*match)->data;
++
++	switch (c) {
++		
++		/* --aaddr */
++		case 201:
++			parse_network(optarg, info);			
++			*flags = 1;
++			break;
++			
++		/* --aname */
++		case 202:
++			if (strlen(optarg) < IPT_ACCOUNT_NAME_LEN)
++				strncpy(info->name, optarg, IPT_ACCOUNT_NAME_LEN);
++			else
++				exit_error(PARAMETER_PROBLEM, "account: Too long list name");			
++			break;	
++		default:
++			return 0;			
++	}
++	return 1;	
++}
++
++/* Final check whether network/netmask was specified */
++static void final_check(unsigned int flags) {
++	if (!flags)
++		exit_error(PARAMETER_PROBLEM, "account: You need specify '--aaddr' parameter");
++}
++
++/* Function used for printing rule with account match for iptables -L */
++static void print(const struct ipt_ip *ip,
++                  const struct ipt_entry_match *match, 
++		  int numeric) {
++	
++	struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
++	
++	printf("account: ");
++	printf("network/netmask: ");
++	printf("%u.%u.%u.%u/%u.%u.%u.%u ",
++			HIPQUAD(info->network),
++			HIPQUAD(info->netmask)
++	      );
++	
++	printf("name: %s ", info->name);
++}
++
++/* Function used for saving rule containing account match */
++static void save(const struct ipt_ip *ip, 
++		 const struct ipt_entry_match *match) {
++
++	struct t_ipt_account_info *info = (struct t_ipt_account_info *)match->data;
++	
++	printf("--aaddr ");
++	printf("%u.%u.%u.%u/%u.%u.%u.%u ",
++			 HIPQUAD(info->network),
++			 HIPQUAD(info->netmask)
++	       );
++	
++	printf("--aname %s ", info->name);
++}
++	
++static struct iptables_match account = {
++	NULL,			/* struct iptables_match *next; */
++	"account",		/* ipt_chainlabel name; */
++	IPTABLES_VERSION,	/* const char *version; */
++	IPT_ALIGN(sizeof(struct t_ipt_account_info)),		/* Size of match data. */
++	IPT_ALIGN(sizeof(struct t_ipt_account_info)),		/* Size of match data relevent for userspace comparison purposes */
++	&help,			/* Function which prints out usage message. */
++	&init,			/* Initialize the match. */
++	&parse,			/* Function which parses command options; returns true if it ate an option */
++	&final_check,		/* Final check; exit if not ok. */
++	&print,			/* Prints out the match iff non-NULL: put space at end */
++	&save,			/* Saves the match info in parsable form to stdout. */
++	opts			/* Pointer to list of extra command-line options */
++};
++
++/* Function which registers match */
++void _init(void)
++{
++	register_match(&account);
++}
++	

================================================================
Index: SOURCES/ipt_account_iptables.diff
diff -u /dev/null SOURCES/ipt_account_iptables.diff:1.1
--- /dev/null	Fri Feb 24 15:14:44 2006
+++ SOURCES/ipt_account_iptables.diff	Fri Feb 24 15:14:39 2006
@@ -0,0 +1,140 @@
+diff -uNr iptables.clean/extensions/libipt_account.c iptables.1/extensions/libipt_account.c
+--- iptables.clean/extensions/libipt_account.c	2004-03-17 15:40:03.000000000 +0100
++++ iptables.1/extensions/libipt_account.c	2004-07-15 13:30:00.000000000 +0200
+@@ -2,7 +2,7 @@
+  * accounting match helper (libipt_account.c)
+  * (C) 2003,2004 by Piotr Gasidło (quaker at barbara.eu.org)
+  *
+- * Version: 0.1.5
++ * Version: 0.1.6
+  *
+  * This software is distributed under the terms of GNU GPL
+  */
+@@ -31,15 +31,18 @@
+ 			"--aname name\n"
+ 			"	defines name of list where statistics will be kept. If no is\n"
+ 			"	specified DEFAULT will be used.\n"
+-
++			"--ashort\n"
++			"       table will colect only short statistics (only total counters\n"
++			"       without splitting it into protocols.\n"
+ 	, 
+ 	IPTABLES_VERSION);
+ };
+ 
+ static struct option opts[] = {
+-	{ "aaddr", 1, NULL, 201 },
+-	{ "aname", 1, NULL, 202 },
+-	{ 0 }
++	{ .name = "aaddr",  .has_arg = 1, .flag = NULL, .val = 201 },
++	{ .name = "aname",  .has_arg = 1, .flag = NULL, .val = 202 },
++	{ .name = "ashort", .has_arg = 0, .flag = NULL, .val = 203 },
++	{ .name = 0, .has_arg = 0, .flag = 0, .val = 0 }
+ };
+ 
+ /* Helper functions for parse_network */
+@@ -139,6 +142,26 @@
+ 	
+ }
+ 
++/* validate netmask */
++inline int valid_netmask(u_int32_t netmask) {
++	while (netmask & 0x80000000)
++		netmask <<= 1;
++	if (netmask != 0)
++		return 0;
++        return 1;
++}
++
++/* validate network/netmask pair */
++inline int valid_network_and_netmask(struct t_ipt_account_info *info) {
++	if (!valid_netmask(info->netmask))
++		return 0;
++	if ((info->network & info->netmask) != info->network)
++		return 0;
++	return 1;
++}
++
++
++
+ /* Function initializes match */
+ static void init(struct ipt_entry_match *match, 
+ 		 unsigned int *nfcache) {
+@@ -149,6 +172,7 @@
+ 
+ 	/* set default table name to DEFAULT */
+ 	strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
++	info->shortlisting = 0;
+ 	
+ }
+ 
+@@ -166,7 +190,9 @@
+ 		
+ 		/* --aaddr */
+ 		case 201:
+-			parse_network(optarg, info);			
++			parse_network(optarg, info);
++			if (!valid_network_and_netmask(info))
++				exit_error(PARAMETER_PROBLEM, "account: wrong network/netmask");
+ 			*flags = 1;
+ 			break;
+ 			
+@@ -175,8 +201,12 @@
+ 			if (strlen(optarg) < IPT_ACCOUNT_NAME_LEN)
+ 				strncpy(info->name, optarg, IPT_ACCOUNT_NAME_LEN);
+ 			else
+-				exit_error(PARAMETER_PROBLEM, "account: Too long list name");			
++				exit_error(PARAMETER_PROBLEM, "account: Too long table name");			
+ 			break;	
++		/* --ashort */
++		case 203:
++			info->shortlisting = 1;
++			break;
+ 		default:
+ 			return 0;			
+ 	}
+@@ -204,6 +234,8 @@
+ 	      );
+ 	
+ 	printf("name: %s ", info->name);
++	if (info->shortlisting)
++		printf("short-listing ");
+ }
+ 
+ /* Function used for saving rule containing account match */
+@@ -219,21 +251,23 @@
+ 	       );
+ 	
+ 	printf("--aname %s ", info->name);
++	if (info->shortlisting)
++		printf("--ashort ");
+ }
+ 	
+ static struct iptables_match account = {
+-	NULL,			/* struct iptables_match *next; */
+-	"account",		/* ipt_chainlabel name; */
+-	IPTABLES_VERSION,	/* const char *version; */
+-	IPT_ALIGN(sizeof(struct t_ipt_account_info)),		/* Size of match data. */
+-	IPT_ALIGN(sizeof(struct t_ipt_account_info)),		/* Size of match data relevent for userspace comparison purposes */
+-	&help,			/* Function which prints out usage message. */
+-	&init,			/* Initialize the match. */
+-	&parse,			/* Function which parses command options; returns true if it ate an option */
+-	&final_check,		/* Final check; exit if not ok. */
+-	&print,			/* Prints out the match iff non-NULL: put space at end */
+-	&save,			/* Saves the match info in parsable form to stdout. */
+-	opts			/* Pointer to list of extra command-line options */
++	.next = NULL,
++	.name = "account",
++	.version = IPTABLES_VERSION,
++	.size = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
++	.userspacesize = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
++	.help = &help,
++	.init = &init,
++	.parse = &parse,
++	.final_check = &final_check,
++	.print = &print,
++	.save = &save,
++	.extra_opts = opts
+ };
+ 
+ /* Function which registers match */
================================================================


More information about the pld-cvs-commit mailing list