//! //! Function description. //! //! @param[in] ebth pointer to the EB table handler structure //! //! @return //! //! @see //! //! @pre //! //! @post //! //! @note //! int ebt_handler_update_refcounts(ebt_handler * ebth) { char *jumpptr = NULL, jumpchain[64], tmp[64]; int i, j, k; ebt_table *table = NULL; ebt_chain *chain = NULL, *refchain = NULL; ebt_rule *rule = NULL; for (i = 0; i < ebth->max_tables; i++) { table = &(ebth->tables[i]); for (j = 0; j < table->max_chains; j++) { chain = &(table->chains[j]); for (k = 0; k < chain->max_rules; k++) { rule = &(chain->rules[k]); jumpptr = strstr(rule->ebtrule, "-j"); if (jumpptr) { jumpchain[0] = '\0'; sscanf(jumpptr, "%[-j] %s", tmp, jumpchain); if (strlen(jumpchain)) { refchain = ebt_table_find_chain(ebth, table->name, jumpchain); if (refchain) { LOGDEBUG("FOUND REF TO CHAIN (name=%s sourcechain=%s jumpchain=%s currref=%d) (rule=%s\n", refchain->name, chain->name, jumpchain, refchain->ref_count, rule->ebtrule); refchain->ref_count++; } } } } } } return (0); }
//! //! Function description. //! //! @param[in] ebth pointer to the EB table handler structure //! @param[in] tablename a string pointer to the table name //! @param[in] chainname a string pointer to the chain name //! @param[in] newrule a string pointer to the new rule //! //! @return //! //! @see //! //! @pre //! //! @post //! //! @note //! int ebt_chain_add_rule(ebt_handler * ebth, char *tablename, char *chainname, char *newrule) { ebt_table *table = NULL; ebt_chain *chain = NULL; ebt_rule *rule = NULL; LOGDEBUG("adding rules (%s) to chain %s to table %s\n", newrule, chainname, tablename); if (!ebth || !tablename || !chainname || !newrule || !ebth->init) { return (1); } table = ebt_handler_find_table(ebth, tablename); if (!table) { return (1); } chain = ebt_table_find_chain(ebth, tablename, chainname); if (!chain) { return (1); } rule = ebt_chain_find_rule(ebth, tablename, chainname, newrule); if (!rule) { chain->rules = realloc(chain->rules, sizeof(ebt_rule) * (chain->max_rules + 1)); if (!chain->rules) { LOGFATAL("out of memory!\n"); exit(1); } bzero(&(chain->rules[chain->max_rules]), sizeof(ebt_rule)); snprintf(chain->rules[chain->max_rules].ebtrule, 1024, "%s", newrule); chain->max_rules++; } return (0); }
/** * Deletes a ebtables rule specified in the argument. * * @param ebth [in] pointer to the EB table handler structure * @param tablename [in] a string pointer to the table name * @param chainname [in] a string pointer to the chain name * @param findrule [in] a string pointer to the rule to be deleted * * @return 0 if the rule given in the argument is successfully deleted. 1 otherwise. */ int ebt_chain_flush_rule(ebt_handler *ebth, char *tablename, char *chainname, char *findrule) { ebt_table *table = NULL; ebt_chain *chain = NULL; ebt_rule *rule = NULL; ebt_rule *newrules = NULL; int i; int nridx; if (!ebth || !tablename || !chainname || !findrule || !ebth->init) { return (EUCA_INVALID_ERROR); } table = ebt_handler_find_table(ebth, tablename); if (!table) { return (EUCA_INVALID_ERROR); } chain = ebt_table_find_chain(ebth, tablename, chainname); if (!chain) { return (EUCA_INVALID_ERROR); } rule = ebt_chain_find_rule(ebth, tablename, chainname, findrule); if (rule) { if (chain->max_rules > 1) { newrules = realloc(newrules, sizeof (ebt_rule) * (chain->max_rules - 1)); if (!newrules) { LOGFATAL("out of memory!\n"); exit(1); } bzero(newrules, sizeof (ebt_rule) * (chain->max_rules - 1)); nridx = 0; for (i = 0; i < chain->max_rules; i++) { if (strcmp(chain->rules[i].ebtrule, findrule)) { snprintf(newrules[nridx].ebtrule, 1024, "%s", chain->rules[i].ebtrule); nridx++; } } EUCA_FREE(chain->rules); chain->rules = newrules; chain->max_rules = nridx; } else { EUCA_FREE(chain->rules); chain->max_rules = 0; chain->counters[0] = '\0'; } } else { LOGDEBUG("Could not find (%s) from chain %s at table %s\n", findrule, chainname, tablename); return (2); } return (0); }
/** * Searches for rule findrule in chain chainname of table tablename. * * @param ebth [in] pointer to the EB table handler structure * @param tablename [in] a string pointer to the table name * @param chainname [in] a string pointer to the chain name * @param findrule [in] a string pointer to the name of the rule we're looking for * * @return pointer to ebt_rule structure if found. NULL otherwise. */ ebt_rule *ebt_chain_find_rule(ebt_handler *ebth, char *tablename, char *chainname, char *findrule) { int i, found = 0; ebt_chain *chain; if (!ebth || !tablename || !chainname || !findrule || !ebth->init) { return (NULL); } chain = ebt_table_find_chain(ebth, tablename, chainname); if (!chain) { return (NULL); } for (i = 0; i < chain->max_rules; i++) { if (!strcmp(chain->rules[i].ebtrule, findrule)) found++; } if (!found) { return (NULL); } return (&(chain->rules[i])); }
/** * Remove all rules from chain chainname in table tablename. * * @param ebth [in] pointer to the EB table handler structure * @param tablename [in] a string pointer to the table name * @param chainname [in] a string pointer to the chain name * * @return 0 on success. 1 on failure. */ int ebt_chain_flush(ebt_handler *ebth, char *tablename, char *chainname) { ebt_table *table = NULL; ebt_chain *chain = NULL; if (!ebth || !tablename || !chainname || !ebth->init) { return (1); } table = ebt_handler_find_table(ebth, tablename); if (!table) { return (1); } chain = ebt_table_find_chain(ebth, tablename, chainname); if (!chain) { return (1); } EUCA_FREE(chain->rules); chain->max_rules = 0; chain->counters[0] = '\0'; return (0); }
//! //! Function description. //! //! @param[in] ebth pointer to the EB table handler structure //! @param[in] tablename a string pointer to the table name //! @param[in] chainname a string pointer to the chain name //! @param[in] policyname a string pointer to the default policy name to use (e.g. "DROP", "ACCEPT") //! @param[in] counters a string pointer to the counter //! //! @return //! //! @see //! //! @pre //! //! @post //! //! @note //! int ebt_table_add_chain(ebt_handler * ebth, char *tablename, char *chainname, char *policyname, char *counters) { ebt_table *table = NULL; ebt_chain *chain = NULL; if (!ebth || !tablename || !chainname || !counters || !ebth->init) { return (1); } LOGDEBUG("adding chain %s to table %s\n", chainname, tablename); table = ebt_handler_find_table(ebth, tablename); if (!table) { return (1); } chain = ebt_table_find_chain(ebth, tablename, chainname); if (!chain) { table->chains = realloc(table->chains, sizeof(ebt_chain) * (table->max_chains + 1)); if (!table->chains) { LOGFATAL("out of memory!\n"); exit(1); } bzero(&(table->chains[table->max_chains]), sizeof(ebt_chain)); snprintf(table->chains[table->max_chains].name, 64, "%s", chainname); snprintf(table->chains[table->max_chains].policyname, 64, "%s", policyname); snprintf(table->chains[table->max_chains].counters, 64, "%s", counters); if (!strcmp(table->chains[table->max_chains].name, "INPUT") || !strcmp(table->chains[table->max_chains].name, "FORWARD") || !strcmp(table->chains[table->max_chains].name, "OUTPUT") || !strcmp(table->chains[table->max_chains].name, "PREROUTING") || !strcmp(table->chains[table->max_chains].name, "POSTROUTING")) { table->chains[table->max_chains].ref_count = 1; } table->max_chains++; } return (0); }