7 #include <linux/netfilter_ipv6/ip6_tables.h>
8 #include <linux/netfilter/xt_NFLOG.h>
14 NFLOG_THRESHOLD
= 0x8,
17 static struct option opts
[] = {
18 { "nflog-group", 1, 0, NFLOG_GROUP
},
19 { "nflog-prefix", 1, 0, NFLOG_PREFIX
},
20 { "nflog-range", 1, 0, NFLOG_RANGE
},
21 { "nflog-threshold", 1, 0, NFLOG_THRESHOLD
},
24 static void help(void)
26 printf("NFLOG v%s options:\n"
27 " --nflog-group NUM NETLINK group used for logging\n"
28 " --nflog-range NUM Number of byte to copy\n"
29 " --nflog-threshold NUM Message threshold of in-kernel queue\n"
30 " --nflog-prefix STRING Prefix string for log messages\n\n",
34 static void init(struct ip6t_entry_target
*t
, unsigned int *nfcache
)
36 struct xt_nflog_info
*info
= (struct xt_nflog_info
*)t
->data
;
39 info
->threshold
= XT_NFLOG_DEFAULT_THRESHOLD
;
42 static int parse(int c
, char **argv
, int invert
, unsigned int *flags
,
43 const struct ip6t_entry
*entry
,
44 struct xt_entry_target
**target
)
46 struct xt_nflog_info
*info
= (struct xt_nflog_info
*)(*target
)->data
;
51 if (*flags
& NFLOG_GROUP
)
52 exit_error(PARAMETER_PROBLEM
,
53 "Can't specify --nflog-group twice");
54 if (check_inverse(optarg
, &invert
, NULL
, 0))
55 exit_error(PARAMETER_PROBLEM
,
56 "Unexpected `!' after --nflog-group");
60 exit_error(PARAMETER_PROBLEM
,
61 "--nflog-group can not be negative");
65 if (*flags
& NFLOG_PREFIX
)
66 exit_error(PARAMETER_PROBLEM
,
67 "Can't specify --nflog-prefix twice");
68 if (check_inverse(optarg
, &invert
, NULL
, 0))
69 exit_error(PARAMETER_PROBLEM
,
70 "Unexpected `!' after --nflog-prefix");
74 exit_error(PARAMETER_PROBLEM
,
75 "No prefix specified for --nflog-prefix");
76 if (n
>= sizeof(info
->prefix
))
77 exit_error(PARAMETER_PROBLEM
,
78 "--nflog-prefix too long, max %Zu characters",
79 sizeof(info
->prefix
) - 1);
80 if (n
!= strlen(strtok(optarg
, "\n")))
81 exit_error(PARAMETER_PROBLEM
,
82 "Newlines are not allowed in --nflog-prefix");
83 strcpy(info
->prefix
, optarg
);
86 if (*flags
& NFLOG_RANGE
)
87 exit_error(PARAMETER_PROBLEM
,
88 "Can't specify --nflog-range twice");
91 exit_error(PARAMETER_PROBLEM
,
92 "Invalid --nflog-range, must be >= 0");
96 if (*flags
& NFLOG_THRESHOLD
)
97 exit_error(PARAMETER_PROBLEM
,
98 "Can't specify --nflog-threshold twice");
101 exit_error(PARAMETER_PROBLEM
,
102 "Invalid --nflog-threshold, must be >= 1");
112 static void final_check(unsigned int flags
)
117 static void nflog_print(const struct xt_nflog_info
*info
, char *prefix
)
119 if (info
->prefix
[0] != '\0')
120 printf("%snflog-prefix \"%s\" ", prefix
, info
->prefix
);
122 printf("%snflog-group %u ", prefix
, info
->group
);
124 printf("%snflog-range %u ", prefix
, info
->len
);
125 if (info
->threshold
!= XT_NFLOG_DEFAULT_THRESHOLD
)
126 printf("%snflog-threshold %u ", prefix
, info
->threshold
);
129 static void print(const struct ip6t_ip6
*ip
, const struct xt_entry_target
*target
,
132 const struct xt_nflog_info
*info
= (struct xt_nflog_info
*)target
->data
;
134 nflog_print(info
, "");
137 static void save(const struct ip6t_ip6
*ip
, const struct xt_entry_target
*target
)
139 const struct xt_nflog_info
*info
= (struct xt_nflog_info
*)target
->data
;
141 nflog_print(info
, "--");
144 static struct ip6tables_target nflog
= {
146 .version
= IPTABLES_VERSION
,
147 .size
= XT_ALIGN(sizeof(struct xt_nflog_info
)),
148 .userspacesize
= XT_ALIGN(sizeof(struct xt_nflog_info
)),
152 .final_check
= final_check
,
160 register_target6(&nflog
);