src/monitor/stc-monitor-ipt.c

   1 /*
   2  * Copyright (c) 2016 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "stc-monitor-ipt.h"
  18 #include "stc-monitor-context.h"
  19
  20 static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter)
  21 {
  22         if (counter->intend == NFACCT_WARN)
  23                 return NFACCT_JUMP_ACCEPT;
  24         else if (counter->intend == NFACCT_BLOCK)
  25                 return NFACCT_JUMP_REJECT;
  26         else if (counter->intend == NFACCT_ALLOW)
  27                 return NFACCT_JUMP_ACCEPT;
  28         else if (counter->intend == NFACCT_TETH_BLOCK)
  29                 return NFACCT_JUMP_REJECT;
  30         else if (counter->intend == NFACCT_TETH_ALLOW)
  31                 return NFACCT_JUMP_ACCEPT;
  32
  33         return NFACCT_JUMP_UNKNOWN;
  34 }
  35
  36 stc_error_e stc_monitor_ipt_add_in(struct nfacct_rule *counter)
  37 {
  38         if (counter == NULL)
  39                 return STC_ERROR_INVALID_PARAMETER;
  40
  41         counter->action = NFACCT_ACTION_INSERT;
  42         counter->iotype = NFACCT_COUNTER_IN;
  43         counter->jump = __get_jump_by_intend(counter);
  44         counter->iptype = NFACCT_TYPE_IPV4;
  45         counter->send_limit = 0;
  46         counter->rcv_limit = 0;
  47
  48         return produce_net_rule(counter);
  49 }
  50
  51 stc_error_e stc_monitor_ipt_add_out(struct nfacct_rule *counter)
  52 {
  53         if (counter == NULL)
  54                 return STC_ERROR_INVALID_PARAMETER;
  55
  56         counter->action = NFACCT_ACTION_INSERT;
  57         counter->iotype = NFACCT_COUNTER_OUT;
  58         counter->jump = __get_jump_by_intend(counter);
  59         counter->iptype = NFACCT_TYPE_IPV4;
  60         counter->send_limit = 0;
  61         counter->rcv_limit = 0;
  62
  63         return produce_net_rule(counter);
  64 }
  65
  66 stc_error_e stc_monitor_ipt_del_in(struct nfacct_rule *counter)
  67 {
  68         if (counter == NULL)
  69                 return STC_ERROR_INVALID_PARAMETER;
  70
  71         counter->action = NFACCT_ACTION_DELETE;
  72         counter->iotype = NFACCT_COUNTER_IN;
  73         counter->jump = __get_jump_by_intend(counter);
  74         counter->iptype = NFACCT_TYPE_IPV4;
  75         counter->send_limit = 0;
  76         counter->rcv_limit = 0;
  77
  78         return produce_net_rule(counter);
  79 }
  80
  81 stc_error_e stc_monitor_ipt_del_out(struct nfacct_rule *counter)
  82 {
  83         if (counter == NULL)
  84                 return STC_ERROR_INVALID_PARAMETER;
  85
  86         counter->action = NFACCT_ACTION_DELETE;
  87         counter->iotype = NFACCT_COUNTER_OUT;
  88         counter->jump = __get_jump_by_intend(counter);
  89         counter->iptype = NFACCT_TYPE_IPV4;
  90         counter->send_limit = 0;
  91         counter->rcv_limit = 0;
  92
  93         return produce_net_rule(counter);
  94 }
  95
  96 stc_error_e stc_monitor_ip6t_add_in(struct nfacct_rule *counter)
  97 {
  98         if (counter == NULL)
  99                 return STC_ERROR_INVALID_PARAMETER;
 100
 101         counter->action = NFACCT_ACTION_INSERT;
 102         counter->iotype = NFACCT_COUNTER_IN;
 103         counter->jump = __get_jump_by_intend(counter);
 104         counter->iptype = NFACCT_TYPE_IPV6;
 105         counter->send_limit = 0;
 106         counter->rcv_limit = 0;
 107
 108         return produce_net_rule(counter);
 109 }
 110
 111 stc_error_e stc_monitor_ip6t_add_out(struct nfacct_rule *counter)
 112 {
 113         if (counter == NULL)
 114                 return STC_ERROR_INVALID_PARAMETER;
 115
 116         counter->action = NFACCT_ACTION_INSERT;
 117         counter->iotype = NFACCT_COUNTER_OUT;
 118         counter->jump = __get_jump_by_intend(counter);
 119         counter->iptype = NFACCT_TYPE_IPV6;
 120         counter->send_limit = 0;
 121         counter->rcv_limit = 0;
 122
 123         return produce_net_rule(counter);
 124 }
 125
 126 stc_error_e stc_monitor_ip6t_del_in(struct nfacct_rule *counter)
 127 {
 128         if (counter == NULL)
 129                 return STC_ERROR_INVALID_PARAMETER;
 130
 131         counter->action = NFACCT_ACTION_DELETE;
 132         counter->iotype = NFACCT_COUNTER_IN;
 133         counter->jump = __get_jump_by_intend(counter);
 134         counter->iptype = NFACCT_TYPE_IPV6;
 135         counter->send_limit = 0;
 136         counter->rcv_limit = 0;
 137
 138         return produce_net_rule(counter);
 139 }
 140
 141 stc_error_e stc_monitor_ip6t_del_out(struct nfacct_rule *counter)
 142 {
 143         if (counter == NULL)
 144                 return STC_ERROR_INVALID_PARAMETER;
 145
 146         counter->action = NFACCT_ACTION_DELETE;
 147         counter->iotype = NFACCT_COUNTER_OUT;
 148         counter->jump = __get_jump_by_intend(counter);
 149         counter->iptype = NFACCT_TYPE_IPV6;
 150         counter->send_limit = 0;
 151         counter->rcv_limit = 0;
 152
 153         return produce_net_rule(counter);
 154 }
 155
 156 stc_error_e stc_monitor_tether_add_in(struct nfacct_rule *counter,
 157                 const gchar *ipaddr)
 158 {
 159         int ret;
 160
 161         if (counter == NULL || ipaddr == NULL)
 162                 return STC_ERROR_INVALID_PARAMETER;
 163
 164         counter->action = NFACCT_ACTION_INSERT;
 165         counter->iotype = NFACCT_COUNTER_IN;
 166         counter->jump = __get_jump_by_intend(counter);
 167         counter->iptype = NFACCT_TYPE_IPV4;
 168         counter->send_limit = 0;
 169         counter->rcv_limit = 0;
 170         counter->src_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE;
 171         counter->src_ip1 = g_strdup(ipaddr);
 172
 173         ret = produce_net_rule(counter);
 174
 175         FREE(counter->src_ip1);
 176         counter->src_iprange_type = NFACCT_IPRANGE_TYPE_NONE;
 177         return ret;
 178 }
 179
 180 stc_error_e stc_monitor_tether_add_out(struct nfacct_rule *counter,
 181                 const gchar *ipaddr)
 182 {
 183         int ret;
 184
 185         if (counter == NULL || ipaddr == NULL)
 186                 return STC_ERROR_INVALID_PARAMETER;
 187
 188         counter->action = NFACCT_ACTION_INSERT;
 189         counter->iotype = NFACCT_COUNTER_OUT;
 190         counter->jump = __get_jump_by_intend(counter);
 191         counter->iptype = NFACCT_TYPE_IPV4;
 192         counter->send_limit = 0;
 193         counter->rcv_limit = 0;
 194         counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE;
 195         counter->dst_ip1 = g_strdup(ipaddr);
 196
 197         ret = produce_net_rule(counter);
 198
 199         FREE(counter->dst_ip1);
 200         counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_NONE;
 201         return ret;
 202 }
 203
 204 stc_error_e stc_monitor_tether_del_in(struct nfacct_rule *counter,
 205                 const gchar *ipaddr)
 206 {
 207         int ret;
 208
 209         if (counter == NULL || ipaddr == NULL)
 210                 return STC_ERROR_INVALID_PARAMETER;
 211
 212         counter->action = NFACCT_ACTION_DELETE;
 213         counter->iotype = NFACCT_COUNTER_IN;
 214         counter->jump = __get_jump_by_intend(counter);
 215         counter->iptype = NFACCT_TYPE_IPV4;
 216         counter->send_limit = 0;
 217         counter->rcv_limit = 0;
 218         counter->src_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE;
 219         counter->src_ip1 = g_strdup(ipaddr);
 220
 221         ret = produce_net_rule(counter);
 222
 223         FREE(counter->src_ip1);
 224         counter->src_iprange_type = NFACCT_IPRANGE_TYPE_NONE;
 225         return ret;
 226 }
 227
 228 stc_error_e stc_monitor_tether_del_out(struct nfacct_rule *counter,
 229                 const gchar *ipaddr)
 230 {
 231         int ret;
 232
 233         if (counter == NULL || ipaddr == NULL)
 234                 return STC_ERROR_INVALID_PARAMETER;
 235
 236         counter->action = NFACCT_ACTION_DELETE;
 237         counter->iotype = NFACCT_COUNTER_OUT;
 238         counter->jump = __get_jump_by_intend(counter);
 239         counter->iptype = NFACCT_TYPE_IPV4;
 240         counter->send_limit = 0;
 241         counter->rcv_limit = 0;
 242         counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_SINGLE;
 243         counter->dst_ip1 = g_strdup(ipaddr);
 244
 245         ret = produce_net_rule(counter);
 246
 247         FREE(counter->dst_ip1);
 248         counter->dst_iprange_type = NFACCT_IPRANGE_TYPE_NONE;
 249         return ret;
 250 }