/* Initialize the match. */
static void init(struct ebt_entry_match *m)
{
struct ebt_limit_info *r = (struct ebt_limit_info *)m->data;
parse_rate(EBT_LIMIT_AVG, &r->avg);
r->burst = EBT_LIMIT_BURST;
}
/* Initialize leaky bucket conf for given user rate/capacity string. <0 on error */
int bucket_conf_init(struct bucket_conf *c, const char *rate)
{
if (parse_rate(rate, c) < 0)
return -1;
c->trigger = NULL;
return 0;
}
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
unsigned int *nfcache,
struct ipt_entry_match **match)
{
struct ipt_rateinfo *r = (struct ipt_rateinfo *)(*match)->data;
unsigned int num;
switch(c) {
case '%':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 10000, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
r->burst = num;
break;
default:
return 0;
}
if (invert)
exit_error(PARAMETER_PROBLEM,
"limit does not support invert");
return 1;
}
static int parse(int c, char **argv, int argc,
const struct ebt_u_entry *entry,
unsigned int *flags,
struct ebt_entry_match **match)
{
struct ebt_limit_info *r = (struct ebt_limit_info *)(*match)->data;
unsigned int num;
switch(c) {
case ARG_LIMIT:
ebt_check_option2(flags, FLAG_LIMIT);
if (ebt_check_inverse2(optarg))
ebt_print_error2("Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
ebt_print_error2("bad rate `%s'", optarg);
break;
case ARG_LIMIT_BURST:
ebt_check_option2(flags, FLAG_LIMIT_BURST);
if (ebt_check_inverse2(optarg))
ebt_print_error2("Unexpected `!' after --limit-burst");
if (string_to_number(optarg, 0, 10000, &num) == -1)
ebt_print_error2("bad --limit-burst `%s'", optarg);
r->burst = num;
break;
default:
return 0;
}
return 1;
}
static int
limit_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_rateinfo *r = (struct xt_rateinfo *)(*match)->data;
unsigned int num;
switch(c) {
case '%':
if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!parse_rate(optarg, &r->avg))
xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
if (xtables_check_inverse(optarg, &invert, &optind, 0, argv)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
xtables_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
r->burst = num;
break;
default:
return 0;
}
if (invert)
xtables_error(PARAMETER_PROBLEM,
"limit does not support invert");
return 1;
}
static void limit_init(struct xt_entry_match *m)
{
struct xt_rateinfo *r = (struct xt_rateinfo *)m->data;
parse_rate(XT_LIMIT_AVG, &r->avg);
r->burst = XT_LIMIT_BURST;
}
/* Initialize the match. */
static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data;
parse_rate(IPT_LIMIT_AVG, &r->avg);
r->burst = IPT_LIMIT_BURST;
}
/* Initialize the match. */
static void
init(struct ipt_entry_match *m, unsigned int *nfcache)
{
struct ipt_rateinfo *r = (struct ipt_rateinfo *)m->data;
parse_rate(IPT_LIMIT_AVG, &r->avg);
r->burst = IPT_LIMIT_BURST;
/* Can't cache this */
*nfcache |= NFC_UNKNOWN;
}
static void limit_parse(struct xt_option_call *cb)
{
struct xt_rateinfo *r = cb->data;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_LIMIT:
if (!parse_rate(cb->arg, &r->avg))
xtables_error(PARAMETER_PROBLEM,
"bad rate \"%s\"'", cb->arg);
break;
}
if (cb->invert)
xtables_error(PARAMETER_PROBLEM,
"limit does not support invert");
}
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ip6t_entry *entry,
unsigned int *nfcache,
struct ip6t_entry_match **match)
{
struct ip6t_rateinfo *r = (struct ip6t_rateinfo *)(*match)->data;
unsigned int num;
switch(c) {
case '%':
if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit");
if (!parse_rate(optarg, &r->avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
break;
case '$':
if (check_inverse(optarg, &invert, NULL, 0))
exit_error(PARAMETER_PROBLEM,
"Unexpected `!' after --limit-burst");
if (string_to_number(optarg, 0, 10000, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --limit-burst `%s'", optarg);
r->burst = num;
break;
default:
return 0;
}
return 1;
}
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
unsigned int *nfcache,
struct ipt_entry_match **match)
{
struct ipt_hashlimit_info *r =
(struct ipt_hashlimit_info *)(*match)->data;
unsigned int num;
switch(c) {
case '%':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->cfg.avg))
exit_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
*flags |= PARAM_LIMIT;
break;
case '$':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 10000, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
r->cfg.burst = num;
*flags |= PARAM_BURST;
break;
case '&':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
r->cfg.size = num;
*flags |= PARAM_SIZE;
break;
case '*':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
r->cfg.max = num;
*flags |= PARAM_MAX;
break;
case '(':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
optarg);
/* FIXME: not HZ dependent!! */
r->cfg.gc_interval = num;
*flags |= PARAM_GCINTERVAL;
break;
case ')':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
/* FIXME: not HZ dependent */
r->cfg.expire = num;
*flags |= PARAM_EXPIRE;
break;
case '_':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (parse_mode(r, optarg) < 0)
exit_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
*flags |= PARAM_MODE;
break;
case '"':
if (check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (strlen(optarg) == 0)
exit_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
*flags |= PARAM_NAME;
break;
default:
return 0;
}
if (invert)
exit_error(PARAMETER_PROBLEM,
"hashlimit does not support invert");
return 1;
}
static int
hashlimit_mt_parse(struct xt_hashlimit_mtinfo1 *info, unsigned int *flags,
int c, int invert, unsigned int maxmask)
{
unsigned int num;
switch(c) {
case '%': /* --hashlimit / --hashlimit-below */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-upto",
*flags & PARAM_LIMIT);
if (invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
if (!parse_rate(optarg, &info->cfg.avg))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-upto", optarg);
*flags |= PARAM_LIMIT;
return true;
case '^': /* --hashlimit-above == !--hashlimit-below */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-above",
*flags & PARAM_LIMIT);
if (!invert)
info->cfg.mode |= XT_HASHLIMIT_INVERT;
if (!parse_rate(optarg, &info->cfg.avg))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-above", optarg);
*flags |= PARAM_LIMIT;
return true;
case '$': /* --hashlimit-burst */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
if (!strtonum(optarg, NULL, &num, 0, 10000))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-burst", optarg);
info->cfg.burst = num;
*flags |= PARAM_BURST;
return true;
case '&': /* --hashlimit-htable-size */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-htable-size", optarg);
info->cfg.size = num;
*flags |= PARAM_SIZE;
return true;
case '*': /* --hashlimit-htable-max */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-htable-max", optarg);
info->cfg.max = num;
*flags |= PARAM_MAX;
return true;
case '(': /* --hashlimit-htable-gcinterval */
param_act(P_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-htable-gcinterval", optarg);
/* FIXME: not HZ dependent!! */
info->cfg.gc_interval = num;
*flags |= PARAM_GCINTERVAL;
return true;
case ')': /* --hashlimit-htable-expire */
param_act(P_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
if (!strtonum(optarg, NULL, &num, 0, 0xffffffff))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-htable-expire", optarg);
/* FIXME: not HZ dependent */
info->cfg.expire = num;
*flags |= PARAM_EXPIRE;
return true;
case '_':
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
if (parse_mode(&info->cfg.mode, optarg) < 0)
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-mode", optarg);
*flags |= PARAM_MODE;
return true;
case '"': /* --hashlimit-name */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
if (strlen(optarg) == 0)
exit_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(info->name, optarg, sizeof(info->name));
info->name[sizeof(info->name)-1] = '\0';
*flags |= PARAM_NAME;
return true;
case '<': /* --hashlimit-srcmask */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-srcmask",
*flags & PARAM_SRCMASK);
if (!strtonum(optarg, NULL, &num, 0, maxmask))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-srcmask", optarg);
info->cfg.srcmask = num;
*flags |= PARAM_SRCMASK;
return true;
case '>': /* --hashlimit-dstmask */
param_act(P_ONLY_ONCE, "hashlimit", "--hashlimit-dstmask",
*flags & PARAM_DSTMASK);
if (!strtonum(optarg, NULL, &num, 0, maxmask))
param_act(P_BAD_VALUE, "hashlimit",
"--hashlimit-dstmask", optarg);
info->cfg.dstmask = num;
*flags |= PARAM_DSTMASK;
return true;
}
return false;
}
static int
hashlimit_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
struct xt_hashlimit_info *r =
(struct xt_hashlimit_info *)(*match)->data;
unsigned int num;
switch(c) {
case '%':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit",
*flags & PARAM_LIMIT);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!parse_rate(optarg, &r->cfg.avg))
xtables_error(PARAMETER_PROBLEM,
"bad rate `%s'", optarg);
*flags |= PARAM_LIMIT;
break;
case '$':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-burst",
*flags & PARAM_BURST);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, 10000))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-burst `%s'", optarg);
r->cfg.burst = num;
*flags |= PARAM_BURST;
break;
case '&':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-size",
*flags & PARAM_SIZE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-size: `%s'", optarg);
r->cfg.size = num;
*flags |= PARAM_SIZE;
break;
case '*':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-htable-max",
*flags & PARAM_MAX);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-max: `%s'", optarg);
r->cfg.max = num;
*flags |= PARAM_MAX;
break;
case '(':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-gcinterval",
*flags & PARAM_GCINTERVAL);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-gcinterval: `%s'",
optarg);
/* FIXME: not HZ dependent!! */
r->cfg.gc_interval = num;
*flags |= PARAM_GCINTERVAL;
break;
case ')':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit",
"--hashlimit-htable-expire", *flags & PARAM_EXPIRE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-htable-expire: `%s'", optarg);
/* FIXME: not HZ dependent */
r->cfg.expire = num;
*flags |= PARAM_EXPIRE;
break;
case '_':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-mode",
*flags & PARAM_MODE);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (parse_mode(&r->cfg.mode, optarg) < 0)
xtables_error(PARAMETER_PROBLEM,
"bad --hashlimit-mode: `%s'\n", optarg);
*flags |= PARAM_MODE;
break;
case '"':
xtables_param_act(XTF_ONLY_ONCE, "hashlimit", "--hashlimit-name",
*flags & PARAM_NAME);
if (xtables_check_inverse(argv[optind-1], &invert, &optind, 0)) break;
if (strlen(optarg) == 0)
xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
strncpy(r->name, optarg, sizeof(r->name));
*flags |= PARAM_NAME;
break;
default:
return 0;
}
if (invert)
xtables_error(PARAMETER_PROBLEM,
"hashlimit does not support invert");
return 1;
}
