// Debugging function, to make sure the rule tables are being generated properly
void dump_rules( int level, rule_t *rules ){
if ( rules ){
int i;
for ( i = 0; i < level; i++ )
printf( " " );
printf( "%s -> %s\n", type_str( rules->type ), type_str( rules->ret ));
dump_rules( level+1, rules->down );
dump_rules( level, rules->next );
}
}
static void dump_objectlist(ruletree_object_offset_t list_offs, int indent)
{
uint32_t list_size = ruletree_objectlist_get_list_size(list_offs);
uint32_t i;
const char *cp;
print_indent(indent);
printf("{ list[%u], size=%u:\n", (unsigned)list_offs, list_size);
for (i = 0; i < list_size; i++) {
ruletree_object_offset_t item_offs;
item_offs = ruletree_objectlist_get_item(list_offs, i);
print_indent(indent);
printf("#%d:\n", i);
if (item_offs) {
ruletree_object_hdr_t *hdr = offset_to_ruletree_object_ptr(
item_offs, 0/*any type is ok*/);
if (hdr) {
switch (hdr->rtree_obj_type) {
case SB2_RULETREE_OBJECT_TYPE_OBJECTLIST:
print_indent(indent+1);
printf("List:\n");
dump_objectlist(item_offs, indent+2);
break;
case SB2_RULETREE_OBJECT_TYPE_FSRULE:
print_indent(indent+1);
printf("FS rule:\n");
dump_rules(item_offs, indent+2);
break;
case SB2_RULETREE_OBJECT_TYPE_EXEC_PP_RULE:
dump_exec_pp_rules(item_offs, indent+1);
break;
case SB2_RULETREE_OBJECT_TYPE_EXEC_SEL_RULE:
dump_exec_selection_rules(item_offs, indent+1);
break;
case SB2_RULETREE_OBJECT_TYPE_NET_RULE:
dump_net_rules(item_offs, indent+1);
break;
case SB2_RULETREE_OBJECT_TYPE_STRING:
print_indent(indent+1);
printf("STRING ");
cp = offset_to_ruletree_string_ptr(item_offs, NULL);
if (cp) printf("'%s'\n", cp);
else printf("NULL\n");
break;
default:
print_indent(indent+1);
printf("Unsupported type\n");
break;
}
}
}
}
print_indent(indent);
printf("}\n");
}
/*
* This function builds:
* - OUTPUT rule
* - POSTROUTING rule
* - PREROUTING rule
* - ntk_mark_chain
* and store rules for future deletion.
*
* Returns:
* 0
* -1
*
* If -1, any rule will be committed.
*/
int
mark_init(int igw)
{
int res;
iptc_handle_t t;
char rule[MAX_RULE_SZ];
/*res=inet_aton(NTK_NET_STR,&inet_dst);
if (!res) {
error("Can not convert str to addr.");
goto cannot_init;
}
res=inet_aton(NTK_NET_MASK_STR,&inet_dst_mask);
if (!res) {
error("Can not convert str to addr.");
goto cannot_init;
} */
res = table_init(MANGLE_TABLE, &t);
if (res) {
error(err_str);
goto cannot_init;
}
res = ntk_mark_chain_init(&t);
if (res) {
error(err_str);
error("Unable to create netfilter ntk_mark_chain.");
goto cannot_init;
}
restore_output_rule_init(rule);
res = insert_rule(rule, &t, CHAIN_OUTPUT, 0);
if (res) {
error(err_str);
error("Unable to create netfilter restore-marking rule.");
goto cannot_init;
}
ntk_forward_rule_init(rule);
res = insert_rule(rule, &t, CHAIN_POSTROUTING, 0);
if (res) {
error(err_str);
error("Unable to create netfilter forwarding rule.");
goto cannot_init;
}
if (igw) {
death_loop_rule = 1;
igw_mark_rule_init(rule);
res = insert_rule(rule, &t, CHAIN_PREROUTING, 0);
if (res) {
error(err_str);
error("Unable to create netfilter igw death loop rule.");
death_loop_rule = 0;
goto cannot_init;
}
} else
death_loop_rule = 0;
res = commit_rules(&t);
if (res) {
error(err_str);
error("Netfilter mangle table was not altered!");
goto cannot_init;
}
res = store_rules();
if (res) {
error(err_str);
error
("Rules storing failed: autocleaning netfilter on exit disable.");
clean_on_exit = 0;
} else
clean_on_exit = 1;
dump_rules();
debug(DBG_NORMAL, "Netfilter chain ntk_mark_chain created (mangle).");
debug(DBG_NORMAL,
"Netfilter restoring rule created (mangle->output).");
debug(DBG_NORMAL,
"Netfilter forwarding rule created (mangle->postrouting).");
if (igw)
debug(DBG_NORMAL, "Netfilter death loop igw rule created.");
debug(DBG_NORMAL, "mark_init(), netfilter mangle table initialized.");
loginfo("Netfilter mangle table modified.");
return 0;
cannot_init:
err_ret(ERR_MRKINI, -1);
}
void dump_node_rules(Trie *v)
{
dump_rules(v->rules, v->nrules);
}
