4 * Copyright (C) 2007-2010 Intel Corporation. All rights reserved.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
25 #include <sys/errno.h>
26 #include <libiptc/libiptc.h>
27 #include <libiptc/libip6tc.h>
30 #include <linux/netfilter/x_tables.h>
31 #include <linux/netfilter/xt_quota.h>
33 static void print_match(const struct ipt_entry *e)
35 struct xt_entry_match *match;
36 struct xtables_match *xt_match;
38 match = (struct xt_entry_match *)e->elems;
42 xt_match = xtables_find_match(match->u.user.name, XTF_TRY_LOAD, NULL);
46 printf("\tMATCH:%s\n", xt_match->m->u.user.name);
49 static void print_target(const struct ipt_entry *e)
51 struct xt_entry_target *target;
52 struct xtables_target *xt_target;
54 target = (void *)e + e->target_offset;
58 xt_target = xtables_find_target(target->u.user.name, XTF_TRY_LOAD);
59 if (xt_target == NULL)
62 printf("\tTARGET: %s\n", xt_target->t->u.user.name);
66 static void print_rule(const struct ipt_entry *e, const char *chain)
68 /* print chain name */
69 printf("CHAIN %s:\n", chain);
75 static void print_tables(struct iptc_handle *h)
78 const struct ipt_entry *rule;
80 chain = iptc_first_chain(h);
83 rule = iptc_first_rule(chain, h);
85 print_rule(rule, chain);
87 rule = iptc_next_rule(rule, h);
90 chain = iptc_next_chain(h);
94 static struct ipt_entry *build_quota_drop_entry(void)
97 size_t match_size, target_size;
98 struct xtables_target *t;
99 struct xtables_match *m;
100 struct xtables_rule_match *matches = NULL;
102 m = xtables_find_match("quota", XTF_LOAD_MUST_SUCCEED, &matches);
106 match_size = IPT_ALIGN(sizeof(struct ipt_entry_match)) + m->size;
108 m->m = xtables_calloc(1, match_size);
111 m->m->u.match_size = match_size;
112 strcpy(m->m->u.user.name, m->name);
113 m->m->u.user.revision = m->revision;
117 t = xtables_find_target("DROP", XTF_TRY_LOAD);
123 target_size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + t->size;
125 t->t = xtables_calloc(1, target_size);
126 t->t->u.target_size = target_size;
127 strcpy(t->t->u.user.name, "DROP");
128 t->t->u.user.revision = t->revision;
132 e = calloc(1, sizeof(struct ipt_entry) + match_size + target_size);
138 e->target_offset = sizeof(struct ipt_entry) + match_size;
139 e->next_offset = sizeof(struct ipt_entry) + match_size + target_size;
141 memcpy(e->elems, m->m, match_size);
142 memcpy(e->elems + match_size, t->t, target_size);
147 static int add_rule(const ipt_chainlabel chain, struct ipt_entry *e,
148 struct iptc_handle *h)
150 if (!iptc_create_chain(chain, h)) {
151 printf("Chain creation error (%s)\n", iptc_strerror(errno));
155 if (!iptc_insert_entry(chain, e, 0, h)) {
156 printf("Entry insertion error (%s)\n", iptc_strerror(errno));
160 if (!iptc_commit(h)) {
161 printf("Commit error (%s)\n", iptc_strerror(errno));
168 static void remove_rule(const ipt_chainlabel chain, struct iptc_handle *h)
170 iptc_flush_entries(chain, h);
171 iptc_delete_chain(chain, h);
176 int main(int argc, char *argv[])
178 struct iptc_handle *h;
182 printf("Usage: iptables-test [chain-name]\n");
186 h = iptc_init("filter");
188 printf("libiptc initialization error (%s)\n",
189 iptc_strerror(errno));
194 xtables_set_nfproto(NFPROTO_IPV4);
196 e = build_quota_drop_entry();
200 add_rule(argv[1], e, h);
204 remove_rule(argv[1], h);