Skip to content

L
linux
Commit d569594f authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files
Options

[NETFILTER]: Enhancement for ip{,6}_tables, add new /proc files.

parent 47a2527a
Hide whitespace changes
Inline Side-by-side
Showing with 122 additions and 20 deletions
net/ipv4/netfilter/ip_tables.c
View file @ d569594f
...@@ -1703,14 +1703,15 @@ static struct ipt_match icmp_matchstruct = { ...@@ -1703,14 +1703,15 @@ static struct ipt_match icmp_matchstruct = {
}; };
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
static inline int print_name(const struct ipt_table *t, static inline int print_name(const char *i,
off_t start_offset, char *buffer, int length, off_t start_offset, char *buffer, int length,
off_t *pos, unsigned int *count) off_t *pos, unsigned int *count)
{ {
if ((*count)++ >= start_offset) { if ((*count)++ >= start_offset) {
unsigned int namelen; unsigned int namelen;
namelen = sprintf(buffer + *pos, "%s\n", t->name); namelen = sprintf(buffer + *pos, "%s\n",
i + sizeof(struct list_head));
if (*pos + namelen > length) { if (*pos + namelen > length) {
/* Stop iterating */ /* Stop iterating */
return 1; return 1;
...@@ -1728,7 +1729,7 @@ static int ipt_get_tables(char *buffer, char **start, off_t offset, int length) ...@@ -1728,7 +1729,7 @@ static int ipt_get_tables(char *buffer, char **start, off_t offset, int length)
if (down_interruptible(&ipt_mutex) != 0) if (down_interruptible(&ipt_mutex) != 0)
return 0; return 0;
LIST_FIND(&ipt_tables, print_name, struct ipt_table *, LIST_FIND(&ipt_tables, print_name, void *,
offset, buffer, length, &pos, &count); offset, buffer, length, &pos, &count);
up(&ipt_mutex); up(&ipt_mutex);
...@@ -1737,6 +1738,46 @@ static int ipt_get_tables(char *buffer, char **start, off_t offset, int length) ...@@ -1737,6 +1738,46 @@ static int ipt_get_tables(char *buffer, char **start, off_t offset, int length)
*start=(char *)((unsigned long)count-offset); *start=(char *)((unsigned long)count-offset);
return pos; return pos;
} }
static int ipt_get_targets(char *buffer, char **start, off_t offset, int length)
{
off_t pos = 0;
unsigned int count = 0;
if (down_interruptible(&ipt_mutex) != 0)
return 0;
LIST_FIND(&ipt_target, print_name, void *,
offset, buffer, length, &pos, &count);
up(&ipt_mutex);
*start = (char *)((unsigned long)count - offset);
return pos;
}
static int ipt_get_matches(char *buffer, char **start, off_t offset, int length)
{
off_t pos = 0;
unsigned int count = 0;
if (down_interruptible(&ipt_mutex) != 0)
return 0;
LIST_FIND(&ipt_match, print_name, void *,
offset, buffer, length, &pos, &count);
up(&ipt_mutex);
*start = (char *)((unsigned long)count - offset);
return pos;
}
static struct { char *name; get_info_t *get_info; } ipt_proc_entry[] =
{ { "ip_tables_names", ipt_get_tables },
{ "ip_tables_targets", ipt_get_targets },
{ "ip_tables_matches", ipt_get_matches },
{ NULL, NULL} };
#endif /*CONFIG_PROC_FS*/ #endif /*CONFIG_PROC_FS*/
static int __init init(void) static int __init init(void)
...@@ -1762,13 +1803,19 @@ static int __init init(void) ...@@ -1762,13 +1803,19 @@ static int __init init(void)
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
{ {
struct proc_dir_entry *proc; struct proc_dir_entry *proc;
int i;
proc = proc_net_create("ip_tables_names", 0, ipt_get_tables);
if (!proc) { for (i = 0; ipt_proc_entry[i].name; i++) {
nf_unregister_sockopt(&ipt_sockopts); proc = proc_net_create(ipt_proc_entry[i].name, 0,
return -ENOMEM; ipt_proc_entry[i].get_info);
if (!proc) {
while (--i >= 0)
proc_net_remove(ipt_proc_entry[i].name);
nf_unregister_sockopt(&ipt_sockopts);
return -ENOMEM;
}
proc->owner = THIS_MODULE;
} }
proc->owner = THIS_MODULE;
} }
#endif #endif
...@@ -1780,7 +1827,11 @@ static void __exit fini(void) ...@@ -1780,7 +1827,11 @@ static void __exit fini(void)
{ {
nf_unregister_sockopt(&ipt_sockopts); nf_unregister_sockopt(&ipt_sockopts);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
proc_net_remove("ip_tables_names"); {
int i;
for (i = 0; ipt_proc_entry[i].name; i++)
proc_net_remove(ipt_proc_entry[i].name);
}
#endif #endif
} }
......
net/ipv6/netfilter/ip6_tables.c
View file @ d569594f
...@@ -1780,14 +1780,15 @@ static struct ip6t_match icmp6_matchstruct = { ...@@ -1780,14 +1780,15 @@ static struct ip6t_match icmp6_matchstruct = {
}; };
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
static inline int print_name(const struct ip6t_table *t, static inline int print_name(const char *i,
off_t start_offset, char *buffer, int length, off_t start_offset, char *buffer, int length,
off_t *pos, unsigned int *count) off_t *pos, unsigned int *count)
{ {
if ((*count)++ >= start_offset) { if ((*count)++ >= start_offset) {
unsigned int namelen; unsigned int namelen;
namelen = sprintf(buffer + *pos, "%s\n", t->name); namelen = sprintf(buffer + *pos, "%s\n",
i + sizeof(struct list_head));
if (*pos + namelen > length) { if (*pos + namelen > length) {
/* Stop iterating */ /* Stop iterating */
return 1; return 1;
...@@ -1805,7 +1806,7 @@ static int ip6t_get_tables(char *buffer, char **start, off_t offset, int length) ...@@ -1805,7 +1806,7 @@ static int ip6t_get_tables(char *buffer, char **start, off_t offset, int length)
if (down_interruptible(&ip6t_mutex) != 0) if (down_interruptible(&ip6t_mutex) != 0)
return 0; return 0;
LIST_FIND(&ip6t_tables, print_name, struct ip6t_table *, LIST_FIND(&ip6t_tables, print_name, char *,
offset, buffer, length, &pos, &count); offset, buffer, length, &pos, &count);
up(&ip6t_mutex); up(&ip6t_mutex);
...@@ -1814,6 +1815,46 @@ static int ip6t_get_tables(char *buffer, char **start, off_t offset, int length) ...@@ -1814,6 +1815,46 @@ static int ip6t_get_tables(char *buffer, char **start, off_t offset, int length)
*start=(char *)((unsigned long)count-offset); *start=(char *)((unsigned long)count-offset);
return pos; return pos;
} }
static int ip6t_get_targets(char *buffer, char **start, off_t offset, int length)
{
off_t pos = 0;
unsigned int count = 0;
if (down_interruptible(&ip6t_mutex) != 0)
return 0;
LIST_FIND(&ip6t_target, print_name, char *,
offset, buffer, length, &pos, &count);
up(&ip6t_mutex);
*start = (char *)((unsigned long)count - offset);
return pos;
}
static int ip6t_get_matches(char *buffer, char **start, off_t offset, int length)
{
off_t pos = 0;
unsigned int count = 0;
if (down_interruptible(&ip6t_mutex) != 0)
return 0;
LIST_FIND(&ip6t_match, print_name, char *,
offset, buffer, length, &pos, &count);
up(&ip6t_mutex);
*start = (char *)((unsigned long)count - offset);
return pos;
}
static struct { char *name; get_info_t *get_info; } ip6t_proc_entry[] =
{ { "ip6_tables_names", ip6t_get_tables },
{ "ip6_tables_targets", ip6t_get_targets },
{ "ip6_tables_matches", ip6t_get_matches },
{ NULL, NULL} };
#endif /*CONFIG_PROC_FS*/ #endif /*CONFIG_PROC_FS*/
static int __init init(void) static int __init init(void)
...@@ -1839,13 +1880,19 @@ static int __init init(void) ...@@ -1839,13 +1880,19 @@ static int __init init(void)
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
{ {
struct proc_dir_entry *proc; struct proc_dir_entry *proc;
proc = proc_net_create("ip6_tables_names", 0, int i;
ip6t_get_tables);
if (!proc) { for (i = 0; ip6t_proc_entry[i].name; i++) {
nf_unregister_sockopt(&ip6t_sockopts); proc = proc_net_create(ip6t_proc_entry[i].name, 0,
return -ENOMEM; ip6t_proc_entry[i].get_info);
if (!proc) {
while (--i >= 0)
proc_net_remove(ip6t_proc_entry[i].name);
nf_unregister_sockopt(&ip6t_sockopts);
return -ENOMEM;
}
proc->owner = THIS_MODULE;
} }
proc->owner = THIS_MODULE;
} }
#endif #endif
...@@ -1857,7 +1904,11 @@ static void __exit fini(void) ...@@ -1857,7 +1904,11 @@ static void __exit fini(void)
{ {
nf_unregister_sockopt(&ip6t_sockopts); nf_unregister_sockopt(&ip6t_sockopts);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
proc_net_remove("ip6_tables_names"); {
int i;
for (i = 0; ip6t_proc_entry[i].name; i++)
proc_net_remove(ip6t_proc_entry[i].name);
}
#endif #endif
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7