//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_handler_update_refcounts(ebt_handler * ebth)
{
char *jumpptr = NULL, jumpchain[64], tmp[64];
int i, j, k;
ebt_table *table = NULL;
ebt_chain *chain = NULL, *refchain = NULL;
ebt_rule *rule = NULL;
for (i = 0; i < ebth->max_tables; i++) {
table = &(ebth->tables[i]);
for (j = 0; j < table->max_chains; j++) {
chain = &(table->chains[j]);
for (k = 0; k < chain->max_rules; k++) {
rule = &(chain->rules[k]);
jumpptr = strstr(rule->ebtrule, "-j");
if (jumpptr) {
jumpchain[0] = '\0';
sscanf(jumpptr, "%[-j] %s", tmp, jumpchain);
if (strlen(jumpchain)) {
refchain = ebt_table_find_chain(ebth, table->name, jumpchain);
if (refchain) {
LOGDEBUG("FOUND REF TO CHAIN (name=%s sourcechain=%s jumpchain=%s currref=%d) (rule=%s\n", refchain->name, chain->name, jumpchain, refchain->ref_count,
rule->ebtrule);
refchain->ref_count++;
}
}
}
}
}
}
return (0);
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] chainname a string pointer to the chain name
//! @param[in] newrule a string pointer to the new rule
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_chain_add_rule(ebt_handler * ebth, char *tablename, char *chainname, char *newrule)
{
ebt_table *table = NULL;
ebt_chain *chain = NULL;
ebt_rule *rule = NULL;
LOGDEBUG("adding rules (%s) to chain %s to table %s\n", newrule, chainname, tablename);
if (!ebth || !tablename || !chainname || !newrule || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (1);
}
rule = ebt_chain_find_rule(ebth, tablename, chainname, newrule);
if (!rule) {
chain->rules = realloc(chain->rules, sizeof(ebt_rule) * (chain->max_rules + 1));
if (!chain->rules) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(&(chain->rules[chain->max_rules]), sizeof(ebt_rule));
snprintf(chain->rules[chain->max_rules].ebtrule, 1024, "%s", newrule);
chain->max_rules++;
}
return (0);
}
/**
* Deletes a ebtables rule specified in the argument.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
* @param chainname [in] a string pointer to the chain name
* @param findrule [in] a string pointer to the rule to be deleted
*
* @return 0 if the rule given in the argument is successfully deleted. 1 otherwise.
*/
int ebt_chain_flush_rule(ebt_handler *ebth, char *tablename, char *chainname, char *findrule) {
ebt_table *table = NULL;
ebt_chain *chain = NULL;
ebt_rule *rule = NULL;
ebt_rule *newrules = NULL;
int i;
int nridx;
if (!ebth || !tablename || !chainname || !findrule || !ebth->init) {
return (EUCA_INVALID_ERROR);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (EUCA_INVALID_ERROR);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (EUCA_INVALID_ERROR);
}
rule = ebt_chain_find_rule(ebth, tablename, chainname, findrule);
if (rule) {
if (chain->max_rules > 1) {
newrules = realloc(newrules, sizeof (ebt_rule) * (chain->max_rules - 1));
if (!newrules) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(newrules, sizeof (ebt_rule) * (chain->max_rules - 1));
nridx = 0;
for (i = 0; i < chain->max_rules; i++) {
if (strcmp(chain->rules[i].ebtrule, findrule)) {
snprintf(newrules[nridx].ebtrule, 1024, "%s", chain->rules[i].ebtrule);
nridx++;
}
}
EUCA_FREE(chain->rules);
chain->rules = newrules;
chain->max_rules = nridx;
} else {
EUCA_FREE(chain->rules);
chain->max_rules = 0;
chain->counters[0] = '\0';
}
} else {
LOGDEBUG("Could not find (%s) from chain %s at table %s\n", findrule, chainname, tablename);
return (2);
}
return (0);
}
/**
* Searches for rule findrule in chain chainname of table tablename.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
* @param chainname [in] a string pointer to the chain name
* @param findrule [in] a string pointer to the name of the rule we're looking for
*
* @return pointer to ebt_rule structure if found. NULL otherwise.
*/
ebt_rule *ebt_chain_find_rule(ebt_handler *ebth, char *tablename, char *chainname, char *findrule) {
int i, found = 0;
ebt_chain *chain;
if (!ebth || !tablename || !chainname || !findrule || !ebth->init) {
return (NULL);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (NULL);
}
for (i = 0; i < chain->max_rules; i++) {
if (!strcmp(chain->rules[i].ebtrule, findrule))
found++;
}
if (!found) {
return (NULL);
}
return (&(chain->rules[i]));
}
/**
* Remove all rules from chain chainname in table tablename.
*
* @param ebth [in] pointer to the EB table handler structure
* @param tablename [in] a string pointer to the table name
* @param chainname [in] a string pointer to the chain name
*
* @return 0 on success. 1 on failure.
*/
int ebt_chain_flush(ebt_handler *ebth, char *tablename, char *chainname) {
ebt_table *table = NULL;
ebt_chain *chain = NULL;
if (!ebth || !tablename || !chainname || !ebth->init) {
return (1);
}
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
return (1);
}
EUCA_FREE(chain->rules);
chain->max_rules = 0;
chain->counters[0] = '\0';
return (0);
}
//!
//! Function description.
//!
//! @param[in] ebth pointer to the EB table handler structure
//! @param[in] tablename a string pointer to the table name
//! @param[in] chainname a string pointer to the chain name
//! @param[in] policyname a string pointer to the default policy name to use (e.g. "DROP", "ACCEPT")
//! @param[in] counters a string pointer to the counter
//!
//! @return
//!
//! @see
//!
//! @pre
//!
//! @post
//!
//! @note
//!
int ebt_table_add_chain(ebt_handler * ebth, char *tablename, char *chainname, char *policyname, char *counters)
{
ebt_table *table = NULL;
ebt_chain *chain = NULL;
if (!ebth || !tablename || !chainname || !counters || !ebth->init) {
return (1);
}
LOGDEBUG("adding chain %s to table %s\n", chainname, tablename);
table = ebt_handler_find_table(ebth, tablename);
if (!table) {
return (1);
}
chain = ebt_table_find_chain(ebth, tablename, chainname);
if (!chain) {
table->chains = realloc(table->chains, sizeof(ebt_chain) * (table->max_chains + 1));
if (!table->chains) {
LOGFATAL("out of memory!\n");
exit(1);
}
bzero(&(table->chains[table->max_chains]), sizeof(ebt_chain));
snprintf(table->chains[table->max_chains].name, 64, "%s", chainname);
snprintf(table->chains[table->max_chains].policyname, 64, "%s", policyname);
snprintf(table->chains[table->max_chains].counters, 64, "%s", counters);
if (!strcmp(table->chains[table->max_chains].name, "INPUT") ||
!strcmp(table->chains[table->max_chains].name, "FORWARD") ||
!strcmp(table->chains[table->max_chains].name, "OUTPUT") ||
!strcmp(table->chains[table->max_chains].name, "PREROUTING") || !strcmp(table->chains[table->max_chains].name, "POSTROUTING")) {
table->chains[table->max_chains].ref_count = 1;
}
table->max_chains++;
}
return (0);
}
