/* Initialize the match. */ static void init(struct ebt_entry_match *m) { struct ebt_limit_info *r = (struct ebt_limit_info *)m->data; parse_rate(EBT_LIMIT_AVG, &r->avg); r->burst = EBT_LIMIT_BURST; }
/* Initialize leaky bucket conf for given user rate/capacity string. <0 on error */ int bucket_conf_init(struct bucket_conf *c, const char *rate) { if (parse_rate(rate, c) < 0) return -1; c->trigger = NULL; return 0; }
/* Function which parses command options; returns true if it ate an option */ static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) { struct ipt_rateinfo *r = (struct ipt_rateinfo *)(*match)->data; unsigned int num; switch(c) { case '%': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); break; case '$': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 10000, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); r->burst = num; break; default: return 0; } if (invert) exit_error(PARAMETER_PROBLEM, "limit does not support invert"); return 1; }
static int parse(int c, char **argv, int argc, const struct ebt_u_entry *entry, unsigned int *flags, struct ebt_entry_match **match) { struct ebt_limit_info *r = (struct ebt_limit_info *)(*match)->data; unsigned int num; switch(c) { case ARG_LIMIT: ebt_check_option2(flags, FLAG_LIMIT); if (ebt_check_inverse2(optarg)) ebt_print_error2("Unexpected `!' after --limit"); if (!parse_rate(optarg, &r->avg)) ebt_print_error2("bad rate `%s'", optarg); break; case ARG_LIMIT_BURST: ebt_check_option2(flags, FLAG_LIMIT_BURST); if (ebt_check_inverse2(optarg)) ebt_print_error2("Unexpected `!' after --limit-burst"); if (string_to_number(optarg, 0, 10000, &num) == -1) ebt_print_error2("bad --limit-burst `%s'", optarg); r->burst = num; break; default: return 0; } return 1; }
static int limit_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_rateinfo *r = (struct xt_rateinfo *)(*match)->data; unsigned int num; switch(c) { case '%': if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break; if (!parse_rate(optarg, &r->avg)) xtables_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); break; case '$': if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) xtables_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); r->burst = num; break; default: return 0; } if (invert) xtables_error(PARAMETER_PROBLEM, "limit does not support invert"); return 1; }
static void limit_init(struct xt_entry_match *m) { struct xt_rateinfo *r = (struct xt_rateinfo *)m->data; parse_rate(XT_LIMIT_AVG, &r->avg); r->burst = XT_LIMIT_BURST; }
/* Initialize the match. */ static void init(struct ipt_entry_match *m, unsigned int *nfcache) { struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data; parse_rate(IPT_LIMIT_AVG, &r->avg); r->burst = IPT_LIMIT_BURST; }
/* Initialize the match. */ static void init(struct ipt_entry_match *m, unsigned int *nfcache) { struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data; parse_rate(IPT_LIMIT_AVG, &r->avg); r->burst = IPT_LIMIT_BURST; /* Can't cache this */ *nfcache |= NFC_UNKNOWN; }
static void limit_parse(struct xt_option_call *cb) { struct xt_rateinfo *r = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_LIMIT: if (!parse_rate(cb->arg, &r->avg)) xtables_error(PARAMETER_PROBLEM, "bad rate \"%s\"'", cb->arg); break; } if (cb->invert) xtables_error(PARAMETER_PROBLEM, "limit does not support invert"); }
/* Function which parses command options; returns true if it ate an option */ static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ip6t_entry *entry, unsigned int *nfcache, struct ip6t_entry_match **match) { struct ip6t_rateinfo *r = (struct ip6t_rateinfo *)(*match)->data; unsigned int num; switch(c) { case '%': if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit"); if (!parse_rate(optarg, &r->avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); break; case '$': if (check_inverse(optarg, &invert, NULL, 0)) exit_error(PARAMETER_PROBLEM, "Unexpected `!' after --limit-burst"); if (string_to_number(optarg, 0, 10000, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --limit-burst `%s'", optarg); r->burst = num; break; default: return 0; } return 1; }
/* Function which parses command options; returns true if it ate an option */ static int parse(int c, char **argv, int invert, unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match) { struct ipt_hashlimit_info *r = (struct ipt_hashlimit_info *)(*match)->data; unsigned int num; switch(c) { case '%': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) exit_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); *flags |= PARAM_LIMIT; break; case '$': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 10000, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-burst `%s'", optarg); r->cfg.burst = num; *flags |= PARAM_BURST; break; case '&': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); r->cfg.size = num; *flags |= PARAM_SIZE; break; case '*': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); r->cfg.max = num; *flags |= PARAM_MAX; break; case '(': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", optarg); /* FIXME: not HZ dependent!! */ r->cfg.gc_interval = num; *flags |= PARAM_GCINTERVAL; break; case ')': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (string_to_number(optarg, 0, 0xffffffff, &num) == -1) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); /* FIXME: not HZ dependent */ r->cfg.expire = num; *flags |= PARAM_EXPIRE; break; case '_': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(r, optarg) < 0) exit_error(PARAMETER_PROBLEM, "bad --hashlimit-mode: `%s'\n", optarg); *flags |= PARAM_MODE; break; case '"': if (check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); strncpy(r->name, optarg, sizeof(r->name)); *flags |= PARAM_NAME; break; default: return 0; } if (invert) exit_error(PARAMETER_PROBLEM, "hashlimit does not support invert"); return 1; }
static int hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags, int c, int invert, unsigned int maxmask) { unsigned int num; switch(c) { case '%': /* --hashlimit / --hashlimit-below */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-upto", *flags & PARAM_LIMIT); if (invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-upto", optarg); *flags |= PARAM_LIMIT; return true; case '^': /* --hashlimit-above == !--hashlimit-below */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-above", *flags & PARAM_LIMIT); if (!invert) info->cfg.mode |= XT_HASHLIMIT_INVERT; if (!parse_rate(optarg, &info->cfg.avg)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-above", optarg); *flags |= PARAM_LIMIT; return true; case '$': /* --hashlimit-burst */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); if (!strtonum(optarg, NULL, &num, 0, 10000)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-burst", optarg); info->cfg.burst = num; *flags |= PARAM_BURST; return true; case '&': /* --hashlimit-htable-size */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-size", optarg); info->cfg.size = num; *flags |= PARAM_SIZE; return true; case '*': /* --hashlimit-htable-max */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-max", optarg); info->cfg.max = num; *flags |= PARAM_MAX; return true; case '(': /* --hashlimit-htable-gcinterval */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-gcinterval", optarg); /* FIXME: not HZ dependent!! */ info->cfg.gc_interval = num; *flags |= PARAM_GCINTERVAL; return true; case ')': /* --hashlimit-htable-expire */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (!strtonum(optarg, NULL, &num, 0, 0xffffffff)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-htable-expire", optarg); /* FIXME: not HZ dependent */ info->cfg.expire = num; *flags |= PARAM_EXPIRE; return true; case '_': param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); if (parse_mode(&info->cfg.mode, optarg) < 0) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-mode", optarg); *flags |= PARAM_MODE; return true; case '"': /* --hashlimit-name */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); if (strlen(optarg) == 0) exit_error(PARAMETER_PROBLEM, "Zero-length name?"); strncpy(info->name, optarg, sizeof(info->name)); info->name[sizeof(info->name)-1] = '\0'; *flags |= PARAM_NAME; return true; case '<': /* --hashlimit-srcmask */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask", *flags & PARAM_SRCMASK); if (!strtonum(optarg, NULL, &num, 0, maxmask)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-srcmask", optarg); info->cfg.srcmask = num; *flags |= PARAM_SRCMASK; return true; case '>': /* --hashlimit-dstmask */ param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask", *flags & PARAM_DSTMASK); if (!strtonum(optarg, NULL, &num, 0, maxmask)) param_act(P_BAD_VALUE, "hashlimit", "--hashlimit-dstmask", optarg); info->cfg.dstmask = num; *flags |= PARAM_DSTMASK; return true; } return false; }
static int hashlimit_parse(int c, char **argv, int invert, unsigned int *flags, const void *entry, struct xt_entry_match **match) { struct xt_hashlimit_info *r = (struct xt_hashlimit_info *)(*match)->data; unsigned int num; switch(c) { case '%': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit", *flags & PARAM_LIMIT); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!parse_rate(optarg, &r->cfg.avg)) xtables_error(PARAMETER_PROBLEM, "bad rate `%s'", optarg); *flags |= PARAM_LIMIT; break; case '$': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst", *flags & PARAM_BURST); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, 10000)) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-burst `%s'", optarg); r->cfg.burst = num; *flags |= PARAM_BURST; break; case '&': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size", *flags & PARAM_SIZE); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-size: `%s'", optarg); r->cfg.size = num; *flags |= PARAM_SIZE; break; case '*': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max", *flags & PARAM_MAX); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-max: `%s'", optarg); r->cfg.max = num; *flags |= PARAM_MAX; break; case '(': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-gcinterval", *flags & PARAM_GCINTERVAL); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-gcinterval: `%s'", optarg); /* FIXME: not HZ dependent!! */ r->cfg.gc_interval = num; *flags |= PARAM_GCINTERVAL; break; case ')': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-expire", *flags & PARAM_EXPIRE); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX)) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-htable-expire: `%s'", optarg); /* FIXME: not HZ dependent */ r->cfg.expire = num; *flags |= PARAM_EXPIRE; break; case '_': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode", *flags & PARAM_MODE); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (parse_mode(&r->cfg.mode, optarg) < 0) xtables_error(PARAMETER_PROBLEM, "bad --hashlimit-mode: `%s'\n", optarg); *flags |= PARAM_MODE; break; case '"': xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name", *flags & PARAM_NAME); if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break; if (strlen(optarg) == 0) xtables_error(PARAMETER_PROBLEM, "Zero-length name?"); strncpy(r->name, optarg, sizeof(r->name)); *flags |= PARAM_NAME; break; default: return 0; } if (invert) xtables_error(PARAMETER_PROBLEM, "hashlimit does not support invert"); return 1; }