From 9d1afc426890d93786b216ef25e5676ecb3bd95c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 11 Sep 2009 21:46:12 +0200 Subject: [PATCH 01/11] ACCOUNT: fix compile error on realtime kernels xt_ACCOUNT.c:1040: error: implicit declaration of function 'init_MUTEX' --- extensions/xt_ACCOUNT.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extensions/xt_ACCOUNT.c b/extensions/xt_ACCOUNT.c index 0455d1a..16dcead 100644 --- a/extensions/xt_ACCOUNT.c +++ b/extensions/xt_ACCOUNT.c @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -1037,7 +1038,7 @@ static struct nf_sockopt_ops ipt_acc_sockopts = { static int __init account_tg_init(void) { - init_MUTEX(&ipt_acc_userspace_mutex); + sema_init(&ipt_acc_userspace_mutex, 1); if ((ipt_acc_tables = kmalloc(ACCOUNT_MAX_TABLES * From 0c963dee06922eda191021ccebe3069197029b1a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 12 Sep 2009 02:27:26 +0200 Subject: [PATCH 02/11] ACCOUNT: fix pre-2.6.27 compilation error xt_ACCOUNT.c:33:29: fatal error: linux/semaphore.h: No such file or directory compilation terminated. --- extensions/xt_ACCOUNT.c | 1 - 1 file changed, 1 deletion(-) diff --git a/extensions/xt_ACCOUNT.c b/extensions/xt_ACCOUNT.c index 16dcead..9cdb5d4 100644 --- a/extensions/xt_ACCOUNT.c +++ b/extensions/xt_ACCOUNT.c @@ -30,7 +30,6 @@ #include #include -#include #include #include #include From 63a1e5329f4fa59fc4ff5580721449019b0d2a4e Mon Sep 17 00:00:00 2001 From: Jan Rafaj Date: Tue, 1 Sep 2009 19:52:48 +0200 Subject: [PATCH 03/11] ACCOUNT: add Kconfig file --- extensions/xt_ACCOUNT.Kconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 extensions/xt_ACCOUNT.Kconfig diff --git a/extensions/xt_ACCOUNT.Kconfig b/extensions/xt_ACCOUNT.Kconfig new file mode 100644 index 0000000..6fb5b12 --- /dev/null +++ b/extensions/xt_ACCOUNT.Kconfig @@ -0,0 +1,13 @@ +config NETFILTER_XT_TARGET_ACCOUNT + tristate "ACCOUNT target support" + depends on NETFILTER_XTABLES + ---help--- + This module implements an ACCOUNT target + + The ACCOUNT target is a high performance accounting system for large + local networks. It allows per-IP accounting in whole prefixes of IPv4 + addresses with size of up to /8 without the need to add individual + accouting rule for each IP address. + + For more information go to: + http://www.intra2net.com/de/produkte/opensource/ipt_account/ From 5cb36ed213c4b8c5e016620b4b03f7b7405effb0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 00:44:39 +0200 Subject: [PATCH 04/11] ACCOUNT: move xt_ACCOUNT into its own subdirectory Will be adding related userspace programs shortly, and an extra directory for the same reason it is for ipset/. --- configure.ac | 3 ++- extensions/ACCOUNT/Kbuild | 5 +++++ extensions/ACCOUNT/Makefile.am | 3 +++ extensions/ACCOUNT/Mbuild | 3 +++ extensions/{ => ACCOUNT}/libxt_ACCOUNT.c | 0 extensions/{ => ACCOUNT}/xt_ACCOUNT.c | 0 extensions/{ => ACCOUNT}/xt_ACCOUNT.h | 0 extensions/Kbuild | 2 +- extensions/Mbuild | 2 +- 9 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 extensions/ACCOUNT/Kbuild create mode 100644 extensions/ACCOUNT/Makefile.am create mode 100644 extensions/ACCOUNT/Mbuild rename extensions/{ => ACCOUNT}/libxt_ACCOUNT.c (100%) rename extensions/{ => ACCOUNT}/xt_ACCOUNT.c (100%) rename extensions/{ => ACCOUNT}/xt_ACCOUNT.h (100%) diff --git a/configure.ac b/configure.ac index 72ba18c..5cae633 100644 --- a/configure.ac +++ b/configure.ac @@ -104,5 +104,6 @@ AC_SUBST([kbuilddir]) AC_SUBST([ksourcedir]) AC_SUBST([xtlibdir]) AC_CONFIG_FILES([Makefile Makefile.iptrules Makefile.mans - extensions/Makefile extensions/ipset/Makefile]) + extensions/Makefile extensions/ACCOUNT/Makefile + extensions/ipset/Makefile]) AC_OUTPUT diff --git a/extensions/ACCOUNT/Kbuild b/extensions/ACCOUNT/Kbuild new file mode 100644 index 0000000..e71e80b --- /dev/null +++ b/extensions/ACCOUNT/Kbuild @@ -0,0 +1,5 @@ +# -*- Makefile -*- + +EXTRA_CFLAGS = -I${src}/.. + +obj-m += xt_ACCOUNT.o diff --git a/extensions/ACCOUNT/Makefile.am b/extensions/ACCOUNT/Makefile.am new file mode 100644 index 0000000..af3f625 --- /dev/null +++ b/extensions/ACCOUNT/Makefile.am @@ -0,0 +1,3 @@ +# -*- Makefile -*- + +include ../../Makefile.extra diff --git a/extensions/ACCOUNT/Mbuild b/extensions/ACCOUNT/Mbuild new file mode 100644 index 0000000..e385471 --- /dev/null +++ b/extensions/ACCOUNT/Mbuild @@ -0,0 +1,3 @@ +# -*- Makefile -*- + +obj-${build_ACCOUNT} += libxt_ACCOUNT.so diff --git a/extensions/libxt_ACCOUNT.c b/extensions/ACCOUNT/libxt_ACCOUNT.c similarity index 100% rename from extensions/libxt_ACCOUNT.c rename to extensions/ACCOUNT/libxt_ACCOUNT.c diff --git a/extensions/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c similarity index 100% rename from extensions/xt_ACCOUNT.c rename to extensions/ACCOUNT/xt_ACCOUNT.c diff --git a/extensions/xt_ACCOUNT.h b/extensions/ACCOUNT/xt_ACCOUNT.h similarity index 100% rename from extensions/xt_ACCOUNT.h rename to extensions/ACCOUNT/xt_ACCOUNT.h diff --git a/extensions/Kbuild b/extensions/Kbuild index 4ff2ed9..ab3dfdd 100644 --- a/extensions/Kbuild +++ b/extensions/Kbuild @@ -5,7 +5,7 @@ include ${XA_ABSTOPSRCDIR}/mconfig obj-m += compat_xtables.o -obj-${build_ACCOUNT} += xt_ACCOUNT.o +obj-${build_ACCOUNT} += ACCOUNT/ obj-${build_CHAOS} += xt_CHAOS.o obj-${build_DELUDE} += xt_DELUDE.o obj-${build_DHCPMAC} += xt_DHCPMAC.o diff --git a/extensions/Mbuild b/extensions/Mbuild index a1fb901..65ae18f 100644 --- a/extensions/Mbuild +++ b/extensions/Mbuild @@ -1,6 +1,6 @@ # -*- Makefile -*- -obj-${build_ACCOUNT} += libxt_ACCOUNT.so +obj-${build_ACCOUNT} += ACCOUNT/ obj-${build_CHAOS} += libxt_CHAOS.so obj-${build_DELUDE} += libxt_DELUDE.so obj-${build_DHCPMAC} += libxt_DHCPMAC.so libxt_dhcpmac.so From a260e3349fde99f6a92f18551fc1e2da1566f8f5 Mon Sep 17 00:00:00 2001 From: Jan Rafaj Date: Tue, 1 Sep 2009 19:52:48 +0200 Subject: [PATCH 05/11] ACCOUNT: import userspace utilities --- extensions/ACCOUNT/Makefile.am | 5 + extensions/ACCOUNT/iptaccount.c | 221 ++++++++++++++++++++++++++ extensions/ACCOUNT/libxt_ACCOUNT_cl.c | 199 +++++++++++++++++++++++ extensions/ACCOUNT/libxt_ACCOUNT_cl.h | 60 +++++++ 4 files changed, 485 insertions(+) create mode 100644 extensions/ACCOUNT/iptaccount.c create mode 100644 extensions/ACCOUNT/libxt_ACCOUNT_cl.c create mode 100644 extensions/ACCOUNT/libxt_ACCOUNT_cl.h diff --git a/extensions/ACCOUNT/Makefile.am b/extensions/ACCOUNT/Makefile.am index af3f625..2e56bf0 100644 --- a/extensions/ACCOUNT/Makefile.am +++ b/extensions/ACCOUNT/Makefile.am @@ -1,3 +1,8 @@ # -*- Makefile -*- include ../../Makefile.extra + +sbin_PROGRAMS = iptaccount +iptaccount_LDADD = libxt_ACCOUNT_cl.la + +lib_LTLIBRARIES = libxt_ACCOUNT_cl.la diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c new file mode 100644 index 0000000..367d056 --- /dev/null +++ b/extensions/ACCOUNT/iptaccount.c @@ -0,0 +1,221 @@ +/*************************************************************************** + * Copyright (C) 2004-2006 by Intra2net AG * + * opensource@intra2net.com * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU Lesser General Public License * + * version 2.1 as published by the Free Software Foundation; * + * * + ***************************************************************************/ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include + +char exit_now = 0; +static void sig_term(int signr) +{ + signal(SIGINT, SIG_IGN); + signal(SIGQUIT, SIG_IGN); + signal(SIGTERM, SIG_IGN); + + exit_now=1; +} + +char *addr_to_dotted(unsigned int); +char *addr_to_dotted(unsigned int addr) +{ + static char buf[17]; + const unsigned char *bytep; + + bytep = (const unsigned char *) &addr; + snprintf(buf, 16, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]); + buf[16] = 0; + return buf; +} + +static void show_usage(void) +{ + printf ("Unknown command line option. Try: [-u] [-h] [-a] [-f] [-c] [-s] [-l name]\n"); + printf("[-u] show kernel handle usage\n"); + printf("[-h] free all kernel handles (experts only!)\n\n"); + printf("[-a] list all table names\n"); + printf("[-l name] show data in table \n"); + printf("[-f] flush data after showing\n"); + printf("[-c] loop every second (abort with CTRL+C)\n"); + printf("[-s] CSV output (for spreadsheet import)\n"); + printf("\n"); +} + +int main(int argc, char *argv[]) +{ + struct ipt_ACCOUNT_context ctx; + struct ipt_acc_handle_ip *entry; + int i; + char optchar, doHandleUsage=0, doHandleFree=0, doTableNames=0, + doFlush=0, doContinue=0, doCSV=0; + + char *table_name = NULL; + const char *name; + + printf("\nlibxt_ACCOUNT_cl userspace accounting tool v%s\n\n", + LIBXT_ACCOUNT_VERSION); + + if (argc == 1) + { + show_usage(); + exit(0); + } + + while ((optchar = getopt (argc, argv, "uhacfsl:")) != -1) + { + switch (optchar) + { + case 'u': + doHandleUsage=1; + break; + case 'h': + doHandleFree=1; + break; + case 'a': + doTableNames=1; + break; + case 'f': + doFlush=1; + break; + case 'c': + doContinue=1; + break; + case 's': + doCSV=1; + break; + case 'l': + table_name = (char *)strdup(optarg); + break; + case '?': + default: + show_usage(); + exit (0); + break; + } + } + + // install exit handler + if (signal(SIGTERM, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGTERM\n"); + exit (-1); + } + if (signal(SIGINT, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGINT\n"); + exit (-1); + } + if (signal(SIGQUIT, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGQUIT\n"); + exit (-1); + } + + if(ipt_ACCOUNT_init(&ctx)) + { + printf("Init failed: %s\n", ctx.error_str); + exit (-1); + } + + // Get handle usage? + if (doHandleUsage) + { + int rtn = ipt_ACCOUNT_get_handle_usage(&ctx); + if (rtn < 0) + { + printf("get_handle_usage failed: %s\n", ctx.error_str); + exit (-1); + } + + printf("Current kernel handle usage: %d\n", ctx.handle.itemcount); + } + + if (doHandleFree) + { + int rtn = ipt_ACCOUNT_free_all_handles(&ctx); + if (rtn < 0) + { + printf("handle_free_all failed: %s\n", ctx.error_str); + exit (-1); + } + + printf("Freed all handles in kernel space\n"); + } + + if (doTableNames) + { + int rtn = ipt_ACCOUNT_get_table_names(&ctx); + if (rtn < 0) + { + printf("get_table_names failed: %s\n", ctx.error_str); + exit (-1); + } + while ((name = ipt_ACCOUNT_get_next_name(&ctx)) != 0) + printf("Found table: %s\n", name); + } + + if (table_name) + { + // Read out data + if (doCSV) + printf("IP;SRC packets;SRC bytes;DST packets;DST bytes\n"); + else + printf("Showing table: %s\n", table_name); + + i = 0; + while (!exit_now) + { + // Get entries from table test + if (ipt_ACCOUNT_read_entries(&ctx, table_name, !doFlush)) + { + printf("Read failed: %s\n", ctx.error_str); + ipt_ACCOUNT_deinit(&ctx); + exit (-1); + } + + if (!doCSV) + printf("Run #%d - %u %s found\n", i, ctx.handle.itemcount, + ctx.handle.itemcount == 1 ? "item" : "items"); + + // Output and free entries + while ((entry = ipt_ACCOUNT_get_next_entry(&ctx)) != NULL) + { + if (doCSV) + printf("%s;%u;%u;%u;%u\n", + addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, + entry->dst_packets, entry->dst_bytes); + else + printf("IP: %s SRC packets: %u bytes: %u DST packets: %u bytes: %u\n", + addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, + entry->dst_packets, entry->dst_bytes); + } + + if (doContinue) + { + sleep(1); + i++; + } else + exit_now = 1; + } + } + + printf("Finished.\n"); + ipt_ACCOUNT_deinit(&ctx); + exit (0); +} diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c new file mode 100644 index 0000000..6fecc96 --- /dev/null +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c @@ -0,0 +1,199 @@ +/*************************************************************************** + * Copyright (C) 2004 by Intra2net AG * + * opensource@intra2net.com * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU Lesser General Public License * + * version 2.1 as published by the Free Software Foundation; * + * * + ***************************************************************************/ + +#include +#include +#include +#include +#include + +#include +#include + +#include + +int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) +{ + memset (ctx, 0, sizeof(struct ipt_ACCOUNT_context)); + ctx->handle.handle_nr = -1; + + ctx->sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); + if (ctx->sockfd < 0) { + ctx->sockfd = -1; + ctx->error_str = "Can't open socket to kernel. " + "Permission denied or ipt_ACCOUNT module not loaded"; + return -1; + } + + // 4096 bytes default buffer should save us from reallocations + // as it fits 200 concurrent active clients + if((ctx->data = (void *)malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { + close (ctx->sockfd); + ctx->sockfd = -1; + ctx->error_str = "Out of memory for data buffer"; + return -1; + } + ctx->data_size = IPT_ACCOUNT_MIN_BUFSIZE; + + return 0; +} + +void ipt_ACCOUNT_free_entries(struct ipt_ACCOUNT_context *ctx) +{ + if (ctx->handle.handle_nr != -1) { + setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, + &ctx->handle, sizeof (struct ipt_acc_handle_sockopt)); + ctx->handle.handle_nr = -1; + } + + ctx->handle.itemcount = 0; + ctx->pos = 0; +} + +void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx) +{ + free(ctx->data); + ctx->data = NULL; + + ipt_ACCOUNT_free_entries(ctx); + + close(ctx->sockfd); + ctx->sockfd =-1; +} + +int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, + const char *table, char dont_flush) +{ + unsigned int s = sizeof (struct ipt_acc_handle_sockopt); + unsigned int new_size; + int rtn; + + strncpy(ctx->handle.name, table, ACCOUNT_TABLE_NAME_LEN-1); + + // Get table information + if (!dont_flush) + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_PREPARE_READ_FLUSH, &ctx->handle, &s); + else + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_PREPARE_READ, + &ctx->handle, &s); + + if (rtn < 0) { + ctx->error_str = "Can't get table information from kernel. " + "Does it exist?"; + return -1; + } + + // Check data buffer size + ctx->pos = 0; + new_size = ctx->handle.itemcount * sizeof(struct ipt_acc_handle_ip); + // We want to prevent reallocations all the time + if (new_size < IPT_ACCOUNT_MIN_BUFSIZE) + new_size = IPT_ACCOUNT_MIN_BUFSIZE; + + // Reallocate if it's too small or twice as big + if (ctx->data_size < new_size || ctx->data_size > new_size*2) { + // Free old buffer + free (ctx->data); + ctx->data_size = 0; + + if ((ctx->data = (void*)malloc(new_size)) == NULL) { + ctx->error_str = "Out of memory for data buffer"; + ipt_ACCOUNT_free_entries(ctx); + return -1; + } + + ctx->data_size = new_size; + } + + // Copy data from kernel + memcpy(ctx->data, &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_GET_DATA, + ctx->data, &ctx->data_size); + if (rtn < 0) { + ctx->error_str = "Can't get data from kernel. " + "Check /var/log/messages for details."; + ipt_ACCOUNT_free_entries(ctx); + return -1; + } + + // Free kernel handle but don't reset pos/itemcount + setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, + &ctx->handle, sizeof (struct ipt_acc_handle_sockopt)); + ctx->handle.handle_nr = -1; + + return 0; +} + +struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry(struct ipt_ACCOUNT_context *ctx) +{ + struct ipt_acc_handle_ip *rtn; + + // Empty or no more items left to return? + if (!ctx->handle.itemcount || ctx->pos >= ctx->handle.itemcount) + return NULL; + + // Get next entry + rtn = (struct ipt_acc_handle_ip *)(ctx->data + ctx->pos + * sizeof(struct ipt_acc_handle_ip)); + ctx->pos++; + + return rtn; +} + +int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx) +{ + unsigned int s = sizeof (struct ipt_acc_handle_sockopt); + if (getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_GET_HANDLE_USAGE, &ctx->handle, &s) < 0) { + ctx->error_str = "Can't get handle usage information from kernel"; + return -1; + } + ctx->handle.handle_nr = -1; + + return ctx->handle.itemcount; + } + +int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx) +{ + if (setsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_SET_ACCOUNT_HANDLE_FREE_ALL, NULL, 0) < 0) { + ctx->error_str = "Can't free all kernel handles"; + return -1; + } + + return 0; +} + +int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx) +{ + int rtn = getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES, + ctx->data, &ctx->data_size); + if (rtn < 0) { + ctx->error_str = "Can't get table names from kernel. Out of memory, " + "MINBUFISZE too small?"; + return -1; + } + ctx->pos = 0; + return 0; +} + +const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx) +{ + const char *rtn; + if (((char *)ctx->data)[ctx->pos] == 0) + return 0; + + rtn = ctx->data + ctx->pos; + ctx->pos += strlen(ctx->data+ctx->pos) + 1; + + return rtn; +} diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.h b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h new file mode 100644 index 0000000..8769fe9 --- /dev/null +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h @@ -0,0 +1,60 @@ +/*************************************************************************** + * Copyright (C) 2004 by Intra2net AG * + * opensource@intra2net.com * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU Lesser General Public License * + * version 2.1 as published by the Free Software Foundation; * + * * + ***************************************************************************/ + +#ifndef _xt_ACCOUNT_cl_H +#define _xt_ACCOUNT_cl_H + +#include + +#define LIBXT_ACCOUNT_VERSION "1.3" + +/* Don't set this below the size of struct ipt_account_handle_sockopt */ +#define IPT_ACCOUNT_MIN_BUFSIZE 4096 + +struct ipt_ACCOUNT_context +{ + int sockfd; + struct ipt_acc_handle_sockopt handle; + + unsigned int data_size; + void *data; + unsigned int pos; + + char *error_str; +}; + +#ifdef __cplusplus +extern "C" { +#endif + + int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx); + void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx); + + void ipt_ACCOUNT_free_entries(struct ipt_ACCOUNT_context *ctx); + int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, + const char *table, char dont_flush); + struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry( + struct ipt_ACCOUNT_context *ctx); + + /* ipt_ACCOUNT_free_entries is for internal use only function as this library + is constructed to be used in a loop -> Don't allocate memory all the time. + The data buffer is freed on deinit() */ + + int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx); + int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx); + int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx); + const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx); + +#ifdef __cplusplus +} +#endif + + +#endif From e1193500006dd1c35b1705e51bfa1921d7033b53 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:35:45 +0200 Subject: [PATCH 06/11] ACCOUNT/userspace: remove trailing whitespace --- extensions/ACCOUNT/iptaccount.c | 2 +- extensions/ACCOUNT/libxt_ACCOUNT_cl.c | 42 +++++++++++++-------------- extensions/ACCOUNT/libxt_ACCOUNT_cl.h | 14 ++++----- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c index 367d056..0fdcc35 100644 --- a/extensions/ACCOUNT/iptaccount.c +++ b/extensions/ACCOUNT/iptaccount.c @@ -76,7 +76,7 @@ int main(int argc, char *argv[]) show_usage(); exit(0); } - + while ((optchar = getopt (argc, argv, "uhacfsl:")) != -1) { switch (optchar) diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c index 6fecc96..a075794 100644 --- a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c @@ -23,7 +23,7 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) { memset (ctx, 0, sizeof(struct ipt_ACCOUNT_context)); ctx->handle.handle_nr = -1; - + ctx->sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if (ctx->sockfd < 0) { ctx->sockfd = -1; @@ -31,7 +31,7 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) "Permission denied or ipt_ACCOUNT module not loaded"; return -1; } - + // 4096 bytes default buffer should save us from reallocations // as it fits 200 concurrent active clients if((ctx->data = (void *)malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { @@ -41,7 +41,7 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) return -1; } ctx->data_size = IPT_ACCOUNT_MIN_BUFSIZE; - + return 0; } @@ -63,7 +63,7 @@ void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx) ctx->data = NULL; ipt_ACCOUNT_free_entries(ctx); - + close(ctx->sockfd); ctx->sockfd =-1; } @@ -74,9 +74,9 @@ int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, unsigned int s = sizeof (struct ipt_acc_handle_sockopt); unsigned int new_size; int rtn; - + strncpy(ctx->handle.name, table, ACCOUNT_TABLE_NAME_LEN-1); - + // Get table information if (!dont_flush) rtn = getsockopt(ctx->sockfd, IPPROTO_IP, @@ -84,35 +84,35 @@ int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, else rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_PREPARE_READ, &ctx->handle, &s); - + if (rtn < 0) { ctx->error_str = "Can't get table information from kernel. " "Does it exist?"; return -1; } - + // Check data buffer size ctx->pos = 0; new_size = ctx->handle.itemcount * sizeof(struct ipt_acc_handle_ip); // We want to prevent reallocations all the time if (new_size < IPT_ACCOUNT_MIN_BUFSIZE) new_size = IPT_ACCOUNT_MIN_BUFSIZE; - + // Reallocate if it's too small or twice as big if (ctx->data_size < new_size || ctx->data_size > new_size*2) { // Free old buffer free (ctx->data); ctx->data_size = 0; - + if ((ctx->data = (void*)malloc(new_size)) == NULL) { ctx->error_str = "Out of memory for data buffer"; ipt_ACCOUNT_free_entries(ctx); return -1; } - + ctx->data_size = new_size; } - + // Copy data from kernel memcpy(ctx->data, &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_GET_DATA, @@ -128,23 +128,23 @@ int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, &ctx->handle, sizeof (struct ipt_acc_handle_sockopt)); ctx->handle.handle_nr = -1; - + return 0; } struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry(struct ipt_ACCOUNT_context *ctx) { struct ipt_acc_handle_ip *rtn; - + // Empty or no more items left to return? if (!ctx->handle.itemcount || ctx->pos >= ctx->handle.itemcount) return NULL; - + // Get next entry rtn = (struct ipt_acc_handle_ip *)(ctx->data + ctx->pos * sizeof(struct ipt_acc_handle_ip)); ctx->pos++; - + return rtn; } @@ -157,10 +157,10 @@ int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx) return -1; } ctx->handle.handle_nr = -1; - + return ctx->handle.itemcount; } - + int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx) { if (setsockopt(ctx->sockfd, IPPROTO_IP, @@ -168,10 +168,10 @@ int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx) ctx->error_str = "Can't free all kernel handles"; return -1; } - + return 0; } - + int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx) { int rtn = getsockopt(ctx->sockfd, IPPROTO_IP, @@ -194,6 +194,6 @@ const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx) rtn = ctx->data + ctx->pos; ctx->pos += strlen(ctx->data+ctx->pos) + 1; - + return rtn; } diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.h b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h index 8769fe9..5b31343 100644 --- a/extensions/ACCOUNT/libxt_ACCOUNT_cl.h +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h @@ -7,7 +7,7 @@ * version 2.1 as published by the Free Software Foundation; * * * ***************************************************************************/ - + #ifndef _xt_ACCOUNT_cl_H #define _xt_ACCOUNT_cl_H @@ -22,11 +22,11 @@ struct ipt_ACCOUNT_context { int sockfd; struct ipt_acc_handle_sockopt handle; - + unsigned int data_size; void *data; unsigned int pos; - + char *error_str; }; @@ -42,11 +42,11 @@ extern "C" { const char *table, char dont_flush); struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry( struct ipt_ACCOUNT_context *ctx); - + /* ipt_ACCOUNT_free_entries is for internal use only function as this library is constructed to be used in a loop -> Don't allocate memory all the time. The data buffer is freed on deinit() */ - + int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx); int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx); int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx); @@ -55,6 +55,6 @@ extern "C" { #ifdef __cplusplus } #endif - - + + #endif From 504f1089fb3e682a641c88603327e5e83887ce93 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:40:32 +0200 Subject: [PATCH 07/11] ACCOUNT/userspace: simple reformat, use tabs instead of spaces --- extensions/ACCOUNT/iptaccount.c | 320 +++++++++++++------------- extensions/ACCOUNT/libxt_ACCOUNT_cl.c | 238 +++++++++---------- extensions/ACCOUNT/libxt_ACCOUNT_cl.h | 40 ++-- 3 files changed, 299 insertions(+), 299 deletions(-) diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c index 0fdcc35..8b78fa4 100644 --- a/extensions/ACCOUNT/iptaccount.c +++ b/extensions/ACCOUNT/iptaccount.c @@ -25,197 +25,197 @@ char exit_now = 0; static void sig_term(int signr) { - signal(SIGINT, SIG_IGN); - signal(SIGQUIT, SIG_IGN); - signal(SIGTERM, SIG_IGN); + signal(SIGINT, SIG_IGN); + signal(SIGQUIT, SIG_IGN); + signal(SIGTERM, SIG_IGN); - exit_now=1; + exit_now = 1; } char *addr_to_dotted(unsigned int); char *addr_to_dotted(unsigned int addr) { - static char buf[17]; - const unsigned char *bytep; + static char buf[17]; + const unsigned char *bytep; - bytep = (const unsigned char *) &addr; - snprintf(buf, 16, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]); - buf[16] = 0; - return buf; + bytep = (const unsigned char *)&addr; + snprintf(buf, 16, "%u.%u.%u.%u", bytep[0], bytep[1], bytep[2], bytep[3]); + buf[16] = 0; + return buf; } static void show_usage(void) { - printf ("Unknown command line option. Try: [-u] [-h] [-a] [-f] [-c] [-s] [-l name]\n"); - printf("[-u] show kernel handle usage\n"); - printf("[-h] free all kernel handles (experts only!)\n\n"); - printf("[-a] list all table names\n"); - printf("[-l name] show data in table \n"); - printf("[-f] flush data after showing\n"); - printf("[-c] loop every second (abort with CTRL+C)\n"); - printf("[-s] CSV output (for spreadsheet import)\n"); - printf("\n"); + printf("Unknown command line option. Try: [-u] [-h] [-a] [-f] [-c] [-s] [-l name]\n"); + printf("[-u] show kernel handle usage\n"); + printf("[-h] free all kernel handles (experts only!)\n\n"); + printf("[-a] list all table names\n"); + printf("[-l name] show data in table \n"); + printf("[-f] flush data after showing\n"); + printf("[-c] loop every second (abort with CTRL+C)\n"); + printf("[-s] CSV output (for spreadsheet import)\n"); + printf("\n"); } int main(int argc, char *argv[]) { - struct ipt_ACCOUNT_context ctx; - struct ipt_acc_handle_ip *entry; - int i; - char optchar, doHandleUsage=0, doHandleFree=0, doTableNames=0, - doFlush=0, doContinue=0, doCSV=0; + struct ipt_ACCOUNT_context ctx; + struct ipt_acc_handle_ip *entry; + int i; + char optchar, doHandleUsage = 0, doHandleFree = 0, doTableNames = 0; + char doFlush = 0, doContinue = 0, doCSV = 0; - char *table_name = NULL; - const char *name; + char *table_name = NULL; + const char *name; - printf("\nlibxt_ACCOUNT_cl userspace accounting tool v%s\n\n", + printf("\nlibxt_ACCOUNT_cl userspace accounting tool v%s\n\n", LIBXT_ACCOUNT_VERSION); - if (argc == 1) - { - show_usage(); - exit(0); - } + if (argc == 1) + { + show_usage(); + exit(0); + } - while ((optchar = getopt (argc, argv, "uhacfsl:")) != -1) - { - switch (optchar) - { - case 'u': - doHandleUsage=1; - break; - case 'h': - doHandleFree=1; - break; - case 'a': - doTableNames=1; - break; - case 'f': - doFlush=1; - break; - case 'c': - doContinue=1; - break; - case 's': - doCSV=1; - break; - case 'l': - table_name = (char *)strdup(optarg); - break; - case '?': - default: - show_usage(); - exit (0); - break; - } - } + while ((optchar = getopt(argc, argv, "uhacfsl:")) != -1) + { + switch (optchar) + { + case 'u': + doHandleUsage = 1; + break; + case 'h': + doHandleFree = 1; + break; + case 'a': + doTableNames = 1; + break; + case 'f': + doFlush = 1; + break; + case 'c': + doContinue = 1; + break; + case 's': + doCSV = 1; + break; + case 'l': + table_name = (char *)strdup(optarg); + break; + case '?': + default: + show_usage(); + exit(0); + break; + } + } - // install exit handler - if (signal(SIGTERM, sig_term) == SIG_ERR) - { - printf("can't install signal handler for SIGTERM\n"); - exit (-1); - } - if (signal(SIGINT, sig_term) == SIG_ERR) - { - printf("can't install signal handler for SIGINT\n"); - exit (-1); - } - if (signal(SIGQUIT, sig_term) == SIG_ERR) - { - printf("can't install signal handler for SIGQUIT\n"); - exit (-1); - } + // install exit handler + if (signal(SIGTERM, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGTERM\n"); + exit(-1); + } + if (signal(SIGINT, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGINT\n"); + exit(-1); + } + if (signal(SIGQUIT, sig_term) == SIG_ERR) + { + printf("can't install signal handler for SIGQUIT\n"); + exit(-1); + } - if(ipt_ACCOUNT_init(&ctx)) - { - printf("Init failed: %s\n", ctx.error_str); - exit (-1); - } + if (ipt_ACCOUNT_init(&ctx)) + { + printf("Init failed: %s\n", ctx.error_str); + exit(-1); + } - // Get handle usage? - if (doHandleUsage) - { - int rtn = ipt_ACCOUNT_get_handle_usage(&ctx); - if (rtn < 0) - { - printf("get_handle_usage failed: %s\n", ctx.error_str); - exit (-1); - } + // Get handle usage? + if (doHandleUsage) + { + int rtn = ipt_ACCOUNT_get_handle_usage(&ctx); + if (rtn < 0) + { + printf("get_handle_usage failed: %s\n", ctx.error_str); + exit(-1); + } - printf("Current kernel handle usage: %d\n", ctx.handle.itemcount); - } + printf("Current kernel handle usage: %d\n", ctx.handle.itemcount); + } - if (doHandleFree) - { - int rtn = ipt_ACCOUNT_free_all_handles(&ctx); - if (rtn < 0) - { - printf("handle_free_all failed: %s\n", ctx.error_str); - exit (-1); - } + if (doHandleFree) + { + int rtn = ipt_ACCOUNT_free_all_handles(&ctx); + if (rtn < 0) + { + printf("handle_free_all failed: %s\n", ctx.error_str); + exit(-1); + } - printf("Freed all handles in kernel space\n"); - } + printf("Freed all handles in kernel space\n"); + } - if (doTableNames) - { - int rtn = ipt_ACCOUNT_get_table_names(&ctx); - if (rtn < 0) - { - printf("get_table_names failed: %s\n", ctx.error_str); - exit (-1); - } - while ((name = ipt_ACCOUNT_get_next_name(&ctx)) != 0) - printf("Found table: %s\n", name); - } + if (doTableNames) + { + int rtn = ipt_ACCOUNT_get_table_names(&ctx); + if (rtn < 0) + { + printf("get_table_names failed: %s\n", ctx.error_str); + exit(-1); + } + while ((name = ipt_ACCOUNT_get_next_name(&ctx)) != 0) + printf("Found table: %s\n", name); + } - if (table_name) - { - // Read out data - if (doCSV) - printf("IP;SRC packets;SRC bytes;DST packets;DST bytes\n"); - else - printf("Showing table: %s\n", table_name); + if (table_name) + { + // Read out data + if (doCSV) + printf("IP;SRC packets;SRC bytes;DST packets;DST bytes\n"); + else + printf("Showing table: %s\n", table_name); - i = 0; - while (!exit_now) - { - // Get entries from table test - if (ipt_ACCOUNT_read_entries(&ctx, table_name, !doFlush)) - { - printf("Read failed: %s\n", ctx.error_str); - ipt_ACCOUNT_deinit(&ctx); - exit (-1); - } + i = 0; + while (!exit_now) + { + // Get entries from table test + if (ipt_ACCOUNT_read_entries(&ctx, table_name, !doFlush)) + { + printf("Read failed: %s\n", ctx.error_str); + ipt_ACCOUNT_deinit(&ctx); + exit(-1); + } - if (!doCSV) - printf("Run #%d - %u %s found\n", i, ctx.handle.itemcount, - ctx.handle.itemcount == 1 ? "item" : "items"); + if (!doCSV) + printf("Run #%d - %u %s found\n", i, ctx.handle.itemcount, + ctx.handle.itemcount == 1 ? "item" : "items"); - // Output and free entries - while ((entry = ipt_ACCOUNT_get_next_entry(&ctx)) != NULL) - { - if (doCSV) - printf("%s;%u;%u;%u;%u\n", - addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, - entry->dst_packets, entry->dst_bytes); - else - printf("IP: %s SRC packets: %u bytes: %u DST packets: %u bytes: %u\n", - addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, - entry->dst_packets, entry->dst_bytes); - } + // Output and free entries + while ((entry = ipt_ACCOUNT_get_next_entry(&ctx)) != NULL) + { + if (doCSV) + printf("%s;%u;%u;%u;%u\n", + addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, + entry->dst_packets, entry->dst_bytes); + else + printf("IP: %s SRC packets: %u bytes: %u DST packets: %u bytes: %u\n", + addr_to_dotted(entry->ip), entry->src_packets, entry->src_bytes, + entry->dst_packets, entry->dst_bytes); + } - if (doContinue) - { - sleep(1); - i++; - } else - exit_now = 1; - } - } + if (doContinue) + { + sleep(1); + i++; + } else + exit_now = 1; + } + } - printf("Finished.\n"); - ipt_ACCOUNT_deinit(&ctx); - exit (0); + printf("Finished.\n"); + ipt_ACCOUNT_deinit(&ctx); + exit(0); } diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c index a075794..9ec31b9 100644 --- a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c @@ -21,179 +21,179 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) { - memset (ctx, 0, sizeof(struct ipt_ACCOUNT_context)); - ctx->handle.handle_nr = -1; + memset(ctx, 0, sizeof(struct ipt_ACCOUNT_context)); + ctx->handle.handle_nr = -1; - ctx->sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); - if (ctx->sockfd < 0) { - ctx->sockfd = -1; - ctx->error_str = "Can't open socket to kernel. " - "Permission denied or ipt_ACCOUNT module not loaded"; - return -1; - } + ctx->sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); + if (ctx->sockfd < 0) { + ctx->sockfd = -1; + ctx->error_str = "Can't open socket to kernel. " + "Permission denied or ipt_ACCOUNT module not loaded"; + return -1; + } - // 4096 bytes default buffer should save us from reallocations - // as it fits 200 concurrent active clients - if((ctx->data = (void *)malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { - close (ctx->sockfd); - ctx->sockfd = -1; - ctx->error_str = "Out of memory for data buffer"; - return -1; - } - ctx->data_size = IPT_ACCOUNT_MIN_BUFSIZE; + // 4096 bytes default buffer should save us from reallocations + // as it fits 200 concurrent active clients + if ((ctx->data = (void *)malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { + close(ctx->sockfd); + ctx->sockfd = -1; + ctx->error_str = "Out of memory for data buffer"; + return -1; + } + ctx->data_size = IPT_ACCOUNT_MIN_BUFSIZE; - return 0; + return 0; } void ipt_ACCOUNT_free_entries(struct ipt_ACCOUNT_context *ctx) { - if (ctx->handle.handle_nr != -1) { - setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, - &ctx->handle, sizeof (struct ipt_acc_handle_sockopt)); - ctx->handle.handle_nr = -1; - } + if (ctx->handle.handle_nr != -1) { + setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, + &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); + ctx->handle.handle_nr = -1; + } - ctx->handle.itemcount = 0; - ctx->pos = 0; + ctx->handle.itemcount = 0; + ctx->pos = 0; } void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx) { - free(ctx->data); - ctx->data = NULL; + free(ctx->data); + ctx->data = NULL; - ipt_ACCOUNT_free_entries(ctx); + ipt_ACCOUNT_free_entries(ctx); - close(ctx->sockfd); - ctx->sockfd =-1; + close(ctx->sockfd); + ctx->sockfd = -1; } int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, const char *table, char dont_flush) { - unsigned int s = sizeof (struct ipt_acc_handle_sockopt); - unsigned int new_size; - int rtn; + unsigned int s = sizeof(struct ipt_acc_handle_sockopt); + unsigned int new_size; + int rtn; - strncpy(ctx->handle.name, table, ACCOUNT_TABLE_NAME_LEN-1); + strncpy(ctx->handle.name, table, ACCOUNT_TABLE_NAME_LEN-1); - // Get table information - if (!dont_flush) - rtn = getsockopt(ctx->sockfd, IPPROTO_IP, - IPT_SO_GET_ACCOUNT_PREPARE_READ_FLUSH, &ctx->handle, &s); - else - rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_PREPARE_READ, - &ctx->handle, &s); + // Get table information + if (!dont_flush) + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_PREPARE_READ_FLUSH, &ctx->handle, &s); + else + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_PREPARE_READ, + &ctx->handle, &s); - if (rtn < 0) { - ctx->error_str = "Can't get table information from kernel. " - "Does it exist?"; - return -1; - } + if (rtn < 0) { + ctx->error_str = "Can't get table information from kernel. " + "Does it exist?"; + return -1; + } - // Check data buffer size - ctx->pos = 0; - new_size = ctx->handle.itemcount * sizeof(struct ipt_acc_handle_ip); - // We want to prevent reallocations all the time - if (new_size < IPT_ACCOUNT_MIN_BUFSIZE) - new_size = IPT_ACCOUNT_MIN_BUFSIZE; + // Check data buffer size + ctx->pos = 0; + new_size = ctx->handle.itemcount * sizeof(struct ipt_acc_handle_ip); + // We want to prevent reallocations all the time + if (new_size < IPT_ACCOUNT_MIN_BUFSIZE) + new_size = IPT_ACCOUNT_MIN_BUFSIZE; - // Reallocate if it's too small or twice as big - if (ctx->data_size < new_size || ctx->data_size > new_size*2) { - // Free old buffer - free (ctx->data); - ctx->data_size = 0; + // Reallocate if it's too small or twice as big + if (ctx->data_size < new_size || ctx->data_size > new_size * 2) { + // Free old buffer + free(ctx->data); + ctx->data_size = 0; - if ((ctx->data = (void*)malloc(new_size)) == NULL) { - ctx->error_str = "Out of memory for data buffer"; - ipt_ACCOUNT_free_entries(ctx); - return -1; - } + if ((ctx->data = (void*)malloc(new_size)) == NULL) { + ctx->error_str = "Out of memory for data buffer"; + ipt_ACCOUNT_free_entries(ctx); + return -1; + } - ctx->data_size = new_size; - } + ctx->data_size = new_size; + } - // Copy data from kernel - memcpy(ctx->data, &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); - rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_GET_DATA, - ctx->data, &ctx->data_size); - if (rtn < 0) { - ctx->error_str = "Can't get data from kernel. " - "Check /var/log/messages for details."; - ipt_ACCOUNT_free_entries(ctx); - return -1; - } + // Copy data from kernel + memcpy(ctx->data, &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); + rtn = getsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_GET_ACCOUNT_GET_DATA, + ctx->data, &ctx->data_size); + if (rtn < 0) { + ctx->error_str = "Can't get data from kernel. " + "Check /var/log/messages for details."; + ipt_ACCOUNT_free_entries(ctx); + return -1; + } - // Free kernel handle but don't reset pos/itemcount - setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, - &ctx->handle, sizeof (struct ipt_acc_handle_sockopt)); - ctx->handle.handle_nr = -1; + // Free kernel handle but don't reset pos/itemcount + setsockopt(ctx->sockfd, IPPROTO_IP, IPT_SO_SET_ACCOUNT_HANDLE_FREE, + &ctx->handle, sizeof(struct ipt_acc_handle_sockopt)); + ctx->handle.handle_nr = -1; - return 0; + return 0; } struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry(struct ipt_ACCOUNT_context *ctx) { - struct ipt_acc_handle_ip *rtn; + struct ipt_acc_handle_ip *rtn; - // Empty or no more items left to return? - if (!ctx->handle.itemcount || ctx->pos >= ctx->handle.itemcount) - return NULL; + // Empty or no more items left to return? + if (!ctx->handle.itemcount || ctx->pos >= ctx->handle.itemcount) + return NULL; - // Get next entry - rtn = (struct ipt_acc_handle_ip *)(ctx->data + ctx->pos - * sizeof(struct ipt_acc_handle_ip)); - ctx->pos++; + // Get next entry + rtn = (struct ipt_acc_handle_ip *)(ctx->data + ctx->pos + * sizeof(struct ipt_acc_handle_ip)); + ctx->pos++; - return rtn; + return rtn; } int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx) { - unsigned int s = sizeof (struct ipt_acc_handle_sockopt); - if (getsockopt(ctx->sockfd, IPPROTO_IP, - IPT_SO_GET_ACCOUNT_GET_HANDLE_USAGE, &ctx->handle, &s) < 0) { - ctx->error_str = "Can't get handle usage information from kernel"; - return -1; - } - ctx->handle.handle_nr = -1; + unsigned int s = sizeof(struct ipt_acc_handle_sockopt); + if (getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_GET_HANDLE_USAGE, &ctx->handle, &s) < 0) { + ctx->error_str = "Can't get handle usage information from kernel"; + return -1; + } + ctx->handle.handle_nr = -1; - return ctx->handle.itemcount; + return ctx->handle.itemcount; } int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx) { - if (setsockopt(ctx->sockfd, IPPROTO_IP, - IPT_SO_SET_ACCOUNT_HANDLE_FREE_ALL, NULL, 0) < 0) { - ctx->error_str = "Can't free all kernel handles"; - return -1; - } + if (setsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_SET_ACCOUNT_HANDLE_FREE_ALL, NULL, 0) < 0) { + ctx->error_str = "Can't free all kernel handles"; + return -1; + } - return 0; + return 0; } int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx) { - int rtn = getsockopt(ctx->sockfd, IPPROTO_IP, - IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES, - ctx->data, &ctx->data_size); - if (rtn < 0) { - ctx->error_str = "Can't get table names from kernel. Out of memory, " - "MINBUFISZE too small?"; - return -1; - } - ctx->pos = 0; - return 0; + int rtn = getsockopt(ctx->sockfd, IPPROTO_IP, + IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES, + ctx->data, &ctx->data_size); + if (rtn < 0) { + ctx->error_str = "Can't get table names from kernel. Out of memory, " + "MINBUFISZE too small?"; + return -1; + } + ctx->pos = 0; + return 0; } const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx) { - const char *rtn; - if (((char *)ctx->data)[ctx->pos] == 0) - return 0; + const char *rtn; + if (((char *)ctx->data)[ctx->pos] == 0) + return 0; - rtn = ctx->data + ctx->pos; - ctx->pos += strlen(ctx->data+ctx->pos) + 1; + rtn = ctx->data + ctx->pos; + ctx->pos += strlen(ctx->data + ctx->pos) + 1; - return rtn; + return rtn; } diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.h b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h index 5b31343..48a46f3 100644 --- a/extensions/ACCOUNT/libxt_ACCOUNT_cl.h +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.h @@ -20,37 +20,37 @@ struct ipt_ACCOUNT_context { - int sockfd; - struct ipt_acc_handle_sockopt handle; + int sockfd; + struct ipt_acc_handle_sockopt handle; - unsigned int data_size; - void *data; - unsigned int pos; + unsigned int data_size; + void *data; + unsigned int pos; - char *error_str; + char *error_str; }; #ifdef __cplusplus extern "C" { #endif - int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx); - void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx); +int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx); +void ipt_ACCOUNT_deinit(struct ipt_ACCOUNT_context *ctx); - void ipt_ACCOUNT_free_entries(struct ipt_ACCOUNT_context *ctx); - int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, - const char *table, char dont_flush); - struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry( - struct ipt_ACCOUNT_context *ctx); +void ipt_ACCOUNT_free_entries(struct ipt_ACCOUNT_context *ctx); +int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, + const char *table, char dont_flush); +struct ipt_acc_handle_ip *ipt_ACCOUNT_get_next_entry( + struct ipt_ACCOUNT_context *ctx); - /* ipt_ACCOUNT_free_entries is for internal use only function as this library - is constructed to be used in a loop -> Don't allocate memory all the time. - The data buffer is freed on deinit() */ +/* ipt_ACCOUNT_free_entries is for internal use only function as this library +is constructed to be used in a loop -> Don't allocate memory all the time. +The data buffer is freed on deinit() */ - int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx); - int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx); - int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx); - const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx); +int ipt_ACCOUNT_get_handle_usage(struct ipt_ACCOUNT_context *ctx); +int ipt_ACCOUNT_free_all_handles(struct ipt_ACCOUNT_context *ctx); +int ipt_ACCOUNT_get_table_names(struct ipt_ACCOUNT_context *ctx); +const char *ipt_ACCOUNT_get_next_name(struct ipt_ACCOUNT_context *ctx); #ifdef __cplusplus } From 60123a8c07543c3989265297028beaca52f84cfa Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:42:17 +0200 Subject: [PATCH 08/11] ACCOUNT/userspace: remove static zero initializers --- extensions/ACCOUNT/iptaccount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c index 8b78fa4..e9ca803 100644 --- a/extensions/ACCOUNT/iptaccount.c +++ b/extensions/ACCOUNT/iptaccount.c @@ -22,7 +22,7 @@ #include -char exit_now = 0; +char exit_now; static void sig_term(int signr) { signal(SIGINT, SIG_IGN); From 0ccd55abd9284a9e4a763c23658900de44e79747 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:44:34 +0200 Subject: [PATCH 09/11] ACCOUNT/userspace: remove pointless casts --- extensions/ACCOUNT/iptaccount.c | 2 +- extensions/ACCOUNT/libxt_ACCOUNT_cl.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c index e9ca803..1d9e00c 100644 --- a/extensions/ACCOUNT/iptaccount.c +++ b/extensions/ACCOUNT/iptaccount.c @@ -100,7 +100,7 @@ int main(int argc, char *argv[]) doCSV = 1; break; case 'l': - table_name = (char *)strdup(optarg); + table_name = strdup(optarg); break; case '?': default: diff --git a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c index 9ec31b9..fb52806 100644 --- a/extensions/ACCOUNT/libxt_ACCOUNT_cl.c +++ b/extensions/ACCOUNT/libxt_ACCOUNT_cl.c @@ -34,7 +34,7 @@ int ipt_ACCOUNT_init(struct ipt_ACCOUNT_context *ctx) // 4096 bytes default buffer should save us from reallocations // as it fits 200 concurrent active clients - if ((ctx->data = (void *)malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { + if ((ctx->data = malloc(IPT_ACCOUNT_MIN_BUFSIZE)) == NULL) { close(ctx->sockfd); ctx->sockfd = -1; ctx->error_str = "Out of memory for data buffer"; @@ -104,7 +104,7 @@ int ipt_ACCOUNT_read_entries(struct ipt_ACCOUNT_context *ctx, free(ctx->data); ctx->data_size = 0; - if ((ctx->data = (void*)malloc(new_size)) == NULL) { + if ((ctx->data = malloc(new_size)) == NULL) { ctx->error_str = "Out of memory for data buffer"; ipt_ACCOUNT_free_entries(ctx); return -1; From e37985b5270a9d8d92ef2cc1dae2a6f08e15b42e Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:46:08 +0200 Subject: [PATCH 10/11] ACCOUNT/userspace: use bool type --- extensions/ACCOUNT/iptaccount.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/extensions/ACCOUNT/iptaccount.c b/extensions/ACCOUNT/iptaccount.c index 1d9e00c..2d4556f 100644 --- a/extensions/ACCOUNT/iptaccount.c +++ b/extensions/ACCOUNT/iptaccount.c @@ -12,6 +12,7 @@ #include #endif +#include #include #include #include @@ -22,14 +23,14 @@ #include -char exit_now; +bool exit_now; static void sig_term(int signr) { signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); signal(SIGTERM, SIG_IGN); - exit_now = 1; + exit_now = true; } char *addr_to_dotted(unsigned int); @@ -62,8 +63,9 @@ int main(int argc, char *argv[]) struct ipt_ACCOUNT_context ctx; struct ipt_acc_handle_ip *entry; int i; - char optchar, doHandleUsage = 0, doHandleFree = 0, doTableNames = 0; - char doFlush = 0, doContinue = 0, doCSV = 0; + char optchar; + bool doHandleUsage = false, doHandleFree = false, doTableNames = false; + bool doFlush = false, doContinue = false, doCSV = false; char *table_name = NULL; const char *name; @@ -82,22 +84,22 @@ int main(int argc, char *argv[]) switch (optchar) { case 'u': - doHandleUsage = 1; + doHandleUsage = true; break; case 'h': - doHandleFree = 1; + doHandleFree = true; break; case 'a': - doTableNames = 1; + doTableNames = true; break; case 'f': - doFlush = 1; + doFlush = true; break; case 'c': - doContinue = 1; + doContinue = true; break; case 's': - doCSV = 1; + doCSV = true; break; case 'l': table_name = strdup(optarg); @@ -211,7 +213,7 @@ int main(int argc, char *argv[]) sleep(1); i++; } else - exit_now = 1; + exit_now = true; } } From 46f9ddbf59784965d96da71e520575c1eeee9441 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 24 Sep 2009 01:52:42 +0200 Subject: [PATCH 11/11] ACCOUNT: move manpage into ACCOUNT/ directory --- extensions/{ => ACCOUNT}/libxt_ACCOUNT.man | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename extensions/{ => ACCOUNT}/libxt_ACCOUNT.man (100%) diff --git a/extensions/libxt_ACCOUNT.man b/extensions/ACCOUNT/libxt_ACCOUNT.man similarity index 100% rename from extensions/libxt_ACCOUNT.man rename to extensions/ACCOUNT/libxt_ACCOUNT.man