/*************************************************************************** * Copyright (C) 2005 by Christian Hubinger * * e9806056@student.tuwien.ac.at * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * * This program is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * * GNU General Public License for more details. * * * * You should have received a copy of the GNU General Public License * * along with this program; if not, write to the * * Free Software Foundation, Inc., * * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * ***************************************************************************/ #include "iptchecker.h" extern "C" { #include #include #include #include #include #include #include #include #include #include "libiptc/libiptc.h" #include "iptables.h" } /* Here begins some of the code taken from iptables-save.c **************** */ #define IP_PARTS_NATIVE(n) \ (unsigned int)((n)>>24)&0xFF, \ (unsigned int)((n)>>16)&0xFF, \ (unsigned int)((n)>>8)&0xFF, \ (unsigned int)((n)&0xFF) IPTChecker::IPTChecker() { } IPTChecker::~IPTChecker() { } int IPTChecker::numChainsInTable( char *tablename ) { int foundChain = 0; iptc_handle_t h; const char *chain = NULL; h = iptc_init(tablename); if (!h) { printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno)); return -1; } for (chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h)) { foundChain++; } printf("Table %s Num: %d\n", tablename, foundChain ); return foundChain; } int IPTChecker::numRulesInChain( char *tablename, char *chain ) { int foundRule = 0; iptc_handle_t h; const struct ipt_entry *e; const char *ch = NULL; h = iptc_init(tablename); if (!h) { printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno)); return -1; } if ( iptc_is_chain( chain, h ) == 0 ) { printf("Error Chain: %s Not Found in table: %s\n", chain, tablename ); return -1; } for (ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h)) { if ( strcmp( ch, chain ) == 0 ) { int found = 0; for (e = iptc_first_rule(ch, &h); e && found == 0; e = iptc_next_rule(e, &h)) { foundRule++; } printf("Table: %s Chain: %s Num Rules: %d\n", tablename, chain, foundRule ); return foundRule; } } return -1; } TQStringList IPTChecker::getRuleProperties( char * table, char *chain, int ruleIndex ) { TQStringList list; int numRules = 0; int found = 0; iptc_handle_t h; const struct ipt_entry *rule = 0; const struct ipt_entry *my_rule = 0; const char *ch = NULL; h = iptc_init(table); if (!h) { printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); return list; } if ( iptc_is_chain( chain, h ) == 0 ) { printf("Error Chain: %s Not Found in table: %s\n", chain, table ); return list; } int foundChain = 0; for (ch = iptc_first_chain(&h); ch && foundChain == 0; ch = iptc_next_chain(&h)) { if ( strcmp( ch, chain ) == 0 ) { foundChain = 1; for (rule = iptc_first_rule(ch, &h); rule && found == 0; rule = iptc_next_rule(rule, &h)) { if ( numRules == ruleIndex ) { my_rule = rule; found = 1; } numRules++; } } } if ( my_rule ) { const char *target_name; /* Print target name */ target_name = iptc_get_target( my_rule, &h ); if ( target_name && (*target_name != '\0') ) { list << TQString("%1").tqarg(target_name); } /* Print targinfo part */ /* struct ipt_entry_target *t; t = ipt_get_target( (struct ipt_entry *) my_rule ); if ( t ) { list << "Found Target:"; list << t->u.user.name; } if ( t->u.user.name ) { list << TQString("TARGET2:%1").tqarg(t->u.user.name); struct iptables_target *target = find_target( target_name, TRY_LOAD ); if ( ! target ) { list << "Can't find library for target `%s'\n" << t->u.user.name; return list; } if (target->save) { target->save(&my_rule->ip, t); } else { // If the target size is greater than ipt_entry_target // there is something to be saved, we just don't know // how to print it if (t->u.target_size != sizeof(struct ipt_entry_target)) { fprintf(stderr, "Target `%s' is missing " "save function\n", t->u.user.name); return list; } } }*/ } else { list << "ERROR"; } return list; } TQStringList IPTChecker::getChainsInTable( char * table ) { TQStringList list; int foundRule = 0; iptc_handle_t h; const struct ipt_entry *e; const char *chain = NULL; h = iptc_init(table); if (!h) { printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); return list; } for ( chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h) ) { list << chain; } return list; } TQString IPTChecker::getChainPolicy( char * table, char *chain ) { TQString policy = ""; iptc_handle_t h; const struct ipt_entry *e; const char *ch = NULL; h = iptc_init(table); if (!h) { printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); return ""; } for ( ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h) ) { if ( strcmp( ch, chain ) == 0 ) { if ( iptc_builtin(chain, h) ) { struct ipt_counters count; policy = iptc_get_policy(chain, &count, &h); /* printf("%s ", iptc_get_policy(chain, &count, &h)); printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);*/ } else { // printf("- [0:0]\n"); } } } return policy; }