Blame - extensions/ebt_limit.c - platform_external_ebtables

blob: 1c5c32bbe02e78906d09a9484da28ac204c714fa [file] [log] [blame]

Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	1	/* Shared library add-on to ebtables to add limit support.
				2	*
				3	* Swipted from iptables' limit match.
				4	*/
				5
				6	#include <stdio.h>
				7	#include <stdlib.h>
				8	#include <string.h>
				9	#include <getopt.h>
				10	#include "../include/ebtables_u.h"
				11	#include <linux/netfilter_bridge/ebt_limit.h>
				12
				13	#define EBT_LIMIT_AVG "3/hour"
				14	#define EBT_LIMIT_BURST 5
				15
				16	/* from iptables.c */
				17	#include <errno.h>
				18	int
				19	string_to_number(const char *s, unsigned int min, unsigned int max,
				20	unsigned int *ret)
				21	{
				22	long number;
				23	char *end;
				24
				25	/* Handle hex, octal, etc. */
				26	errno = 0;
				27	number = strtol(s, &end, 0);
				28	if (*end == '\0' && end != s) {
				29	/* we parsed a number, let's see if we want this */
				30	if (errno != ERANGE && min <= number && number <= max) {
				31	*ret = number;
				32	return 0;
				33	}
				34	}
				35	return -1;
				36	}
				37
				38	#define FLAG_LIMIT 0x01
				39	#define FLAG_LIMIT_BURST 0x02
				40
				41	#define ARG_LIMIT '1'
				42	#define ARG_LIMIT_BURST '2'
				43
				44	static struct option opts[] =
				45	{
				46	{ "limit", required_argument, 0, ARG_LIMIT },
				47	{ "limit-burst", required_argument, 0, ARG_LIMIT_BURST },
				48	{ 0 }
				49	};
				50
				51	static void print_help(void)
				52	{
				53	printf(
				54	"limit options:\n"
				55	"--limit avg max average match rate: default "EBT_LIMIT_AVG"\n"
				56	" [Packets per second unless followed by \n"
				57	" /sec /minute /hour /day postfixes]\n"
				58	"--limit-burst number number to match in a burst, -1 < number < 10001,\n"
				59	" default %u\n"
				60	"\n", EBT_LIMIT_BURST);
				61	}
				62
				63	static int parse_rate(const char rate, u_int32_t val)
				64	{
				65	const char *delim;
				66	u_int32_t r;
				67	u_int32_t mult = 1; /* Seconds by default. */
				68
				69	delim = strchr(rate, '/');
				70	if (delim) {
				71	if (strlen(delim+1) == 0)
				72	return 0;
				73
				74	if (strncasecmp(delim+1, "second", strlen(delim+1)) == 0)
				75	mult = 1;
				76	else if (strncasecmp(delim+1, "minute", strlen(delim+1)) == 0)
				77	mult = 60;
				78	else if (strncasecmp(delim+1, "hour", strlen(delim+1)) == 0)
				79	mult = 60*60;
				80	else if (strncasecmp(delim+1, "day", strlen(delim+1)) == 0)
				81	mult = 246060;
				82	else
				83	return 0;
				84	}
				85	r = atoi(rate);
				86	if (!r)
				87	return 0;
				88
				89	/* This would get mapped to infinite (1/day is minimum they
				90	can specify, so we're ok at that end). */
				91	if (r / mult > EBT_LIMIT_SCALE)
				92	return 0;
				93
				94	val = EBT_LIMIT_SCALE mult / r;
				95	return 1;
				96	}
				97
				98	/* Initialize the match. */
				99	static void init(struct ebt_entry_match *m)
				100	{
				101	struct ebt_limit_info r = (struct ebt_limit_info )m->data;
				102
				103	parse_rate(EBT_LIMIT_AVG, &r->avg);
				104	r->burst = EBT_LIMIT_BURST;
				105	}
				106
				107	/* FIXME: handle overflow:
				108	if (r->avg*r->burst/r->burst != r->avg)
				109	exit_error(PARAMETER_PROBLEM,
				110	"Sorry: burst too large for that avg rate.\n");
				111	*/
				112
				113	static int parse(int c, char **argv, int argc,
				114	const struct ebt_u_entry *entry,
				115	unsigned int *flags,
				116	struct ebt_entry_match **match)
				117	{
				118	struct ebt_limit_info r = (struct ebt_limit_info )(*match)->data;
				119	unsigned int num;
				120
				121	switch(c) {
				122	case ARG_LIMIT:
Bart De Schuymer	8339ff1	2004-01-14 20:05:27 +0000	[diff] [blame]	123	ebt_check_option(flags, FLAG_LIMIT);
				124	if (ebt_check_inverse(optarg))
Bart De Schuymer	64182a3	2004-01-21 20:39:54 +0000	[diff] [blame]	125	ebt_print_error("Unexpected `!' after --limit");
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	126	if (!parse_rate(optarg, &r->avg))
Bart De Schuymer	64182a3	2004-01-21 20:39:54 +0000	[diff] [blame]	127	ebt_print_error("bad rate `%s'", optarg);
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	128	break;
				129
				130	case ARG_LIMIT_BURST:
Bart De Schuymer	8339ff1	2004-01-14 20:05:27 +0000	[diff] [blame]	131	ebt_check_option(flags, FLAG_LIMIT_BURST);
				132	if (ebt_check_inverse(optarg))
Bart De Schuymer	64182a3	2004-01-21 20:39:54 +0000	[diff] [blame]	133	ebt_print_error("Unexpected `!' after --limit-burst");
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	134
				135	if (string_to_number(optarg, 0, 10000, &num) == -1)
Bart De Schuymer	64182a3	2004-01-21 20:39:54 +0000	[diff] [blame]	136	ebt_print_error("bad --limit-burst `%s'", optarg);
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	137	r->burst = num;
				138	break;
				139
				140	default:
				141	return 0;
				142	}
				143
				144	return 1;
				145	}
				146
Bart De Schuymer	519ebb7	2003-11-02 16:37:07 +0000	[diff] [blame]	147	static void final_check(const struct ebt_u_entry *entry,
				148	const struct ebt_entry_match match, const char name,
				149	unsigned int hookmask, unsigned int time)
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	150	{
				151	/* empty */
				152	}
				153
				154	struct rates
				155	{
				156	const char *name;
				157	u_int32_t mult;
				158	};
				159
				160	static struct rates g_rates[] =
				161	{
				162	{ "day", EBT_LIMIT_SCALE2460*60 },
				163	{ "hour", EBT_LIMIT_SCALE6060 },
				164	{ "min", EBT_LIMIT_SCALE*60 },
				165	{ "sec", EBT_LIMIT_SCALE }
				166	};
				167
				168	static void print_rate(u_int32_t period)
				169	{
				170	unsigned int i;
				171
				172	for (i = 1; i < sizeof(g_rates)/sizeof(struct rates); i++)
				173	if (period > g_rates[i].mult \|\|
				174	g_rates[i].mult/period < g_rates[i].mult%period)
				175	break;
				176
				177	printf("%u/%s ", g_rates[i-1].mult / period, g_rates[i-1].name);
				178	}
				179
				180	/* Prints out the matchinfo. */
				181	static void
				182	print(const struct ebt_u_entry entry, const struct ebt_entry_match match)
				183	{
				184	struct ebt_limit_info r = (struct ebt_limit_info )match->data;
				185
				186	printf("limit: avg "); print_rate(r->avg);
				187	printf("burst %u ", r->burst);
				188	}
				189
				190	static int compare(const struct ebt_entry_match* m1, const struct ebt_entry_match *m2)
				191	{
				192	struct ebt_limit_info* li1 = (struct ebt_limit_info*)m1->data;
				193	struct ebt_limit_info* li2 = (struct ebt_limit_info*)m2->data;
				194
				195	if (li1->avg != li2->avg)
				196	return 0;
				197
				198	if (li1->burst != li2->burst)
				199	return 0;
				200
				201	return 1;
				202	}
				203
				204	static struct ebt_u_match limit_match =
				205	{
				206	.name EBT_LIMIT_MATCH,
				207	.size sizeof(struct ebt_limit_info),
				208	.help print_help,
				209	.init init,
				210	.parse parse,
				211	.final_check final_check,
				212	.print print,
				213	.compare compare,
				214	.extra_ops opts,
				215	};
				216
Bart De Schuymer	64182a3	2004-01-21 20:39:54 +0000	[diff] [blame]	217	void _init(void)
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	218	{
Bart De Schuymer	8339ff1	2004-01-14 20:05:27 +0000	[diff] [blame]	219	ebt_register_match(&limit_match);
Bart De Schuymer	6697e43	2003-09-18 19:08:03 +0000	[diff] [blame]	220	}