//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] chainmatch a string pointer to the list of characters to match
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_table_deletechainmatch(ebt_handler * ebth, char *tablename, char *chainmatch)
{
int i, found = 0;
ebt_table *table = NULL;
if (!ebth || !tablename || !chainmatch || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
found = 0;
for (i = 0; i < table->max_chains && !found; i++) {
if (strstr(table->chains[i].name, chainmatch)) {
EUCA_FREE(table->chains[i].rules);
bzero(&(table->chains[i]), sizeof(ebt_chain));
snprintf(table->chains[i].name, 64, "EMPTY");
}
}
return (0);
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] findchain a string pointer to the chain name we're looking for
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
ebt_chain *ebt_table_find_chain(ebt_handler * ebth, char *tablename, char *findchain)
{
int i, found = 0, chainidx = 0;
ebt_table *table = NULL;
if (!ebth || !tablename || !findchain || !ebth->init) {
return (NULL);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (NULL);
}
found = 0;
for (i = 0; i < table->max_chains && !found; i++) {
chainidx = i;
if (!strcmp(table->chains[i].name, findchain))
found++;
}
if (!found) {
return (NULL);
}
return (&(table->chains[chainidx]));
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_table_deletechainempty(ebt_handler * ebth, char *tablename)
{
int i, found = 0;
ebt_table *table = NULL;
if (!ebth || !tablename || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
found = 0;
for (i = 0; i < table->max_chains && !found; i++) {
if (table->chains[i].max_rules == 0) {
ebt_table_deletechainmatch(ebth, tablename, table->chains[i].name);
found++;
}
}
if (!found) {
return (1);
}
return (0);
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] chainname a string pointer to the chain name
//! @param[in] newrule a string pointer to the new rule
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_chain_add_rule(ebt_handler * ebth, char *tablename, char *chainname, char *newrule)
{
ebt_table *table = NULL;
ebt_chain *chain = NULL;
ebt_rule *rule = NULL;
LOGDEBUG("adding rules (%s) to chain %s to table %s\n", newrule, chainname, tablename);
if (!ebth || !tablename || !chainname || !newrule || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (1);
}
rule = ebt_chain_find_rule(ebth, tablename, chainname, newrule);
if (!rule) {
chain->rules = realloc(chain->rules, sizeof(ebt_rule) * (chain->max_rules + 1));
if (!chain->rules) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(&(chain->rules[chain->max_rules]), sizeof(ebt_rule));
snprintf(chain->rules[chain->max_rules].ebtrule, 1024, "%s", newrule);
chain->max_rules++;
}
return (0);
}
/**
* Deletes a ebtables rule specified in the argument.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
* @param chainname [in] a string pointer to the chain name
* @param findrule [in] a string pointer to the rule to be deleted
*
* @return 0 if the rule given in the argument is successfully deleted. 1 otherwise.
*/
int ebt_chain_flush_rule(ebt_handler *ebth, char *tablename, char *chainname, char *findrule) {
ebt_table *table = NULL;
ebt_chain *chain = NULL;
ebt_rule *rule = NULL;
ebt_rule *newrules = NULL;
int i;
int nridx;
if (!ebth || !tablename || !chainname || !findrule || !ebth->init) {
return (EUCA_INVALID_ERROR);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (EUCA_INVALID_ERROR);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (EUCA_INVALID_ERROR);
}
rule = ebt_chain_find_rule(ebth, tablename, chainname, findrule);
if (rule) {
if (chain->max_rules > 1) {
newrules = realloc(newrules, sizeof (ebt_rule) * (chain->max_rules - 1));
if (!newrules) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(newrules, sizeof (ebt_rule) * (chain->max_rules - 1));
nridx = 0;
for (i = 0; i < chain->max_rules; i++) {
if (strcmp(chain->rules[i].ebtrule, findrule)) {
snprintf(newrules[nridx].ebtrule, 1024, "%s", chain->rules[i].ebtrule);
nridx++;
}
}
EUCA_FREE(chain->rules);
chain->rules = newrules;
chain->max_rules = nridx;
} else {
EUCA_FREE(chain->rules);
chain->max_rules = 0;
chain->counters[0] = '\0';
}
} else {
LOGDEBUG("Could not find (%s) from chain %s at table %s\n", findrule, chainname, tablename);
return (2);
}
return (0);
}
/**
* Adds tablename table to this handler. No-op if the table is already present.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
*
* @return 0 on success. 1 on failure.
*/
int ebt_handler_add_table(ebt_handler *ebth, char *tablename) {
ebt_table *table = NULL;
if (!ebth || !tablename || !ebth->init) {
return (1);
}
LOGTRACE("adding table %s\n", tablename);
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
ebth->tables = realloc(ebth->tables, sizeof(ebt_table) * (ebth->max_tables + 1));
if (!ebth->tables) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(&(ebth->tables[ebth->max_tables]), sizeof(ebt_table));
snprintf(ebth->tables[ebth->max_tables].name, 64, tablename);
ebth->max_tables++;
}
return (0);
}
/**
* Remove all rules from chain chainname in table tablename.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
* @param chainname [in] a string pointer to the chain name
*
* @return 0 on success. 1 on failure.
*/
int ebt_chain_flush(ebt_handler *ebth, char *tablename, char *chainname) {
ebt_table *table = NULL;
ebt_chain *chain = NULL;
if (!ebth || !tablename || !chainname || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (1);
}
EUCA_FREE(chain->rules);
chain->max_rules = 0;
chain->counters[0] = '\0';
return (0);
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] chainname a string pointer to the chain name
//! @param[in] policyname a string pointer to the default policy name to use (e.g. "DROP", "ACCEPT")
//! @param[in] counters a string pointer to the counter
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_table_add_chain(ebt_handler * ebth, char *tablename, char *chainname, char *policyname, char *counters)
{
ebt_table *table = NULL;
ebt_chain *chain = NULL;
if (!ebth || !tablename || !chainname || !counters || !ebth->init) {
return (1);
}
LOGDEBUG("adding chain %s to table %s\n", chainname, tablename);
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
table->chains = realloc(table->chains, sizeof(ebt_chain) * (table->max_chains + 1));
if (!table->chains) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(&(table->chains[table->max_chains]), sizeof(ebt_chain));
snprintf(table->chains[table->max_chains].name, 64, "%s", chainname);
snprintf(table->chains[table->max_chains].policyname, 64, "%s", policyname);
snprintf(table->chains[table->max_chains].counters, 64, "%s", counters);
if (!strcmp(table->chains[table->max_chains].name, "INPUT") ||
!strcmp(table->chains[table->max_chains].name, "FORWARD") ||
!strcmp(table->chains[table->max_chains].name, "OUTPUT") ||
!strcmp(table->chains[table->max_chains].name, "PREROUTING") || !strcmp(table->chains[table->max_chains].name, "POSTROUTING")) {
table->chains[table->max_chains].ref_count = 1;
}
table->max_chains++;
}
return (0);
}
