]>
Commit | Line | Data |
---|---|---|
3b11dff3 JR |
1 | --- ebtables2.orig/extensions/ebt_AUDIT.c 1970-01-01 01:00:00.000000000 +0100 |
2 | +++ ebtables2.orig/extensions/ebt_AUDIT.c 2011-01-07 10:53:46.680329228 +0100 | |
3 | @@ -0,0 +1,110 @@ | |
4 | + | |
5 | +#include <stdio.h> | |
6 | +#include <stdlib.h> | |
7 | +#include <string.h> | |
8 | +#include <getopt.h> | |
9 | +#include "../include/ebtables_u.h" | |
10 | +#include <linux/netfilter/xt_AUDIT.h> | |
11 | + | |
12 | +#define AUDIT_TYPE '1' | |
13 | +static struct option opts[] = | |
14 | +{ | |
15 | + { "audit-type" , required_argument, 0, AUDIT_TYPE }, | |
16 | + { 0 } | |
17 | +}; | |
18 | + | |
19 | +static void print_help() | |
20 | +{ | |
21 | + printf( | |
22 | + "AUDIT target options:\n" | |
23 | + " --audit-type TYPE : Set action type to record.\n"); | |
24 | +} | |
25 | + | |
26 | +static void init(struct ebt_entry_target *target) | |
27 | +{ | |
28 | + struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data; | |
29 | + | |
30 | + info->type = 0; | |
31 | +} | |
32 | + | |
33 | +static int parse(int c, char **argv, int argc, | |
34 | + const struct ebt_u_entry *entry, unsigned int *flags, | |
35 | + struct ebt_entry_target **target) | |
36 | +{ | |
37 | + struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data; | |
38 | + | |
39 | + switch (c) { | |
40 | + case AUDIT_TYPE: | |
41 | + ebt_check_option2(flags, AUDIT_TYPE); | |
42 | + | |
43 | + if (!strcasecmp(optarg, "accept")) | |
44 | + info->type = XT_AUDIT_TYPE_ACCEPT; | |
45 | + else if (!strcasecmp(optarg, "drop")) | |
46 | + info->type = XT_AUDIT_TYPE_DROP; | |
47 | + else if (!strcasecmp(optarg, "reject")) | |
48 | + info->type = XT_AUDIT_TYPE_REJECT; | |
49 | + else | |
50 | + ebt_print_error2("Bad action type value `%s'", optarg); | |
51 | + | |
52 | + break; | |
53 | + default: | |
54 | + return 0; | |
55 | + } | |
56 | + return 1; | |
57 | +} | |
58 | + | |
59 | +static void final_check(const struct ebt_u_entry *entry, | |
60 | + const struct ebt_entry_match *match, const char *name, | |
61 | + unsigned int hookmask, unsigned int time) | |
62 | +{ | |
63 | +} | |
64 | + | |
65 | +static void print(const struct ebt_u_entry *entry, | |
66 | + const struct ebt_entry_target *target) | |
67 | +{ | |
68 | + const struct xt_AUDIT_info *info = | |
69 | + (const struct xt_AUDIT_info *) target->data; | |
70 | + | |
71 | + printf("--audit-type "); | |
72 | + | |
73 | + switch(info->type) { | |
74 | + case XT_AUDIT_TYPE_ACCEPT: | |
75 | + printf("accept"); | |
76 | + break; | |
77 | + case XT_AUDIT_TYPE_DROP: | |
78 | + printf("drop"); | |
79 | + break; | |
80 | + case XT_AUDIT_TYPE_REJECT: | |
81 | + printf("reject"); | |
82 | + break; | |
83 | + } | |
84 | +} | |
85 | + | |
86 | +static int compare(const struct ebt_entry_target *t1, | |
87 | + const struct ebt_entry_target *t2) | |
88 | +{ | |
89 | + const struct xt_AUDIT_info *info1 = | |
90 | + (const struct xt_AUDIT_info *) t1->data; | |
91 | + const struct xt_AUDIT_info *info2 = | |
92 | + (const struct xt_AUDIT_info *) t2->data; | |
93 | + | |
94 | + return info1->type == info2->type; | |
95 | +} | |
96 | + | |
97 | +static struct ebt_u_target AUDIT_target = | |
98 | +{ | |
99 | + .name = "AUDIT", | |
100 | + .size = sizeof(struct xt_AUDIT_info), | |
101 | + .help = print_help, | |
102 | + .init = init, | |
103 | + .parse = parse, | |
104 | + .final_check = final_check, | |
105 | + .print = print, | |
106 | + .compare = compare, | |
107 | + .extra_ops = opts, | |
108 | +}; | |
109 | + | |
110 | +void _init(void) | |
111 | +{ | |
112 | + ebt_register_target(&AUDIT_target); | |
113 | +} | |
114 | --- ebtables2.orig/extensions/Makefile 2011-01-07 10:55:28.077246240 +0100 | |
115 | +++ ebtables2.orig/extensions/Makefile 2011-01-07 10:53:46.686329230 +0100 | |
116 | @@ -1,7 +1,7 @@ | |
117 | #! /usr/bin/make | |
118 | ||
119 | EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \ | |
120 | - pkttype stp among limit ulog nflog | |
121 | + pkttype stp among limit ulog nflog AUDIT | |
122 | EXT_TABLES+=filter nat broute | |
123 | EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o) | |
124 | EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o) | |
125 | --- a/include/linux/netfilter/xt_AUDIT.h | |
126 | +++ a/include/linux/netfilter/xt_AUDIT.h | |
127 | @@ -0,0 +1,30 @@ | |
128 | +/* | |
129 | + * Header file for iptables xt_AUDIT target | |
130 | + * | |
131 | + * (C) 2010-2011 Thomas Graf <tgraf@redhat.com> | |
132 | + * (C) 2010-2011 Red Hat, Inc. | |
133 | + * | |
134 | + * This program is free software; you can redistribute it and/or modify | |
135 | + * it under the terms of the GNU General Public License version 2 as | |
136 | + * published by the Free Software Foundation. | |
137 | + */ | |
138 | + | |
139 | +#ifndef _XT_AUDIT_TARGET_H | |
140 | +#define _XT_AUDIT_TARGET_H | |
141 | + | |
142 | +#include <linux/types.h> | |
143 | + | |
144 | +enum { | |
145 | + XT_AUDIT_TYPE_ACCEPT = 0, | |
146 | + XT_AUDIT_TYPE_DROP, | |
147 | + XT_AUDIT_TYPE_REJECT, | |
148 | + __XT_AUDIT_TYPE_MAX, | |
149 | +}; | |
150 | + | |
151 | +#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1) | |
152 | + | |
153 | +struct xt_AUDIT_info { | |
154 | + __u8 type; /* XT_AUDIT_TYPE_* */ | |
155 | +}; | |
156 | + | |
157 | +#endif /* _XT_AUDIT_TARGET_H */ |