#define BUILD_MATCH
#define MODULE_DATATYPE struct ipt_iplimit_info
#define MODULE_NAME "iplimit"
#define __USE_GNU
#include "../module_iface.h"
#include <string.h>
#include <stdio.h>
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ipt_iplimit.h>
#include <netinet/in.h>
static void setup(void *myinfo, unsigned int *nfcache) {
MODULE_DATATYPE *info = (void *)((MODULE_ENTRYTYPE *)myinfo)->data;
*nfcache |= NFC_UNKNOWN;
info->mask = htonl(UINT_MAX);
}
static int parse_field(char *field, SV *value, void *myinfo,
unsigned int *nfcache, struct ipt_entry *entry, int *flags) {
MODULE_DATATYPE *info = (void *)(*(MODULE_ENTRYTYPE **)myinfo)->data;
if(!strcmp(field, "iplimit-above")) {
if(SvIOK(value))
info->limit = SvIV(value);
else if(SvPOK(value)) {
char *base, *str, *temp, *extent;
int val;
STRLEN len;
temp = SvPV(value, len);
base = str = malloc(len + 1);
strncpy(str, temp, len);
str[len] = '\0';
if(*str == INVCHAR) {
info->inverse = 1;
str++;
}
val = strtoul(str, &extent, 10);
if(extent < str + strlen(str)) {
SET_ERRSTR("%s: Couldn't parse arg", field);
free(base);
return(FALSE);
}
free(base);
info->limit = val;
}
else {
SET_ERRSTR("%s: Arg must be integer or string", field);
return(FALSE);
}
*flags |= 1;
}
else if(!strcmp(field, "iplimit-mask")) {
int val;
if(!SvIOK(value)) {
SET_ERRSTR("%s: Must have integer arg", field);
return(FALSE);
}
val = SvIV(value);
if(val < 0 || val >= 32) {
SET_ERRSTR("%s: Value out of range", field);
return(FALSE);
}
info->mask = htonl(UINT_MAX << (32 - val));
*flags |= 2;
}
else
return(FALSE);
return(TRUE);
}
static void get_fields(HV *ent_hash, void *myinfo, struct ipt_entry *entry) {
MODULE_DATATYPE *info = (void *)((MODULE_ENTRYTYPE *)myinfo)->data;
SV *sv;
if(info->inverse)
sv = newSVpvf("%c%u", INVCHAR, info->limit);
else
sv = newSViv(info->limit);
hv_store(ent_hash, "iplimit-above", 13, sv, 0);
if(ntohl(info->mask) != UINT_MAX) {
int i;
/* This should work - a little black magic... */
for(i = 0; (~ntohl(info->mask)) >> i; i++);
hv_store(ent_hash, "iplimit-mask", 12, newSViv(i), 0);
}
}
int final_check(void *myinfo, int flags) {
if(!(flags & 1)) {
SET_ERRSTR("iplimit match requires 'iplimit-above'");
return(FALSE);
}
return(TRUE);
}
static ModuleDef _module = {
.type = MODULE_TYPE,
.name = MODULE_NAME,
.size = IPT_ALIGN(sizeof(MODULE_DATATYPE)),
.size_uspace = IPT_ALIGN(sizeof(MODULE_DATATYPE)),
.setup = setup,
.parse_field = parse_field,
.get_fields = get_fields,
.final_check = final_check,
};
ModuleDef *init(void) {
return(&_module);
}
/* vim: ts=4
*/