extensions: add NFACCT target

This patch adds iptables support for the NFACCT target.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 105 insertions, 0 deletions

diff --git a/extensions/libxt_NFACCT.c b/extensions/libxt_NFACCT.c
new file mode 100644
index 0000000..aeb1c78
--- a/dev/null
+++ b/extensions/libxt_NFACCT.c
@@ -0,0 +1,88 @@
+/*
+ * (C) 2011 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2011 by Intra2Net AG <http://www.intra2net.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 (or
+ * any later at your option) as published by the Free Software Foundation.
+ */
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <getopt.h>
+#include <xtables.h>
+
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_NFACCT.h>
+
+enum {
+	O_NAME = 0,
+};
+
+#define s struct xt_nfacct_target_info
+static const struct xt_option_entry NFACCT_opts[] = {
+	{.name = "nfacct-name", .id = O_NAME, .type = XTTYPE_STRING,
+	 .min = 1, .flags = XTOPT_MAND|XTOPT_PUT, XTOPT_POINTER(s, name)},
+	XTOPT_TABLEEND,
+};
+#undef s
+
+static void NFACCT_help(void)
+{
+	printf("NFACCT target options:\n"
+	       " --nfacct-name STRING		Name of accouting area\n");
+}
+
+static void NFACCT_parse(struct xt_option_call *cb)
+{
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_NAME:
+		if (strchr(cb->arg, '\n') != NULL)
+			xtables_error(PARAMETER_PROBLEM,
+				   "Newlines not allowed in --nfacct-name");
+		break;
+	}
+}
+
+static void nfacct_print(const struct xt_nfacct_target_info *info, char *name)
+{
+	printf(" %snfacct-name ", name);
+	xtables_save_string(info->name);
+}
+
+static void NFACCT_print(const void *ip, const struct xt_entry_target *target,
+                        int numeric)
+{
+	const struct xt_nfacct_target_info *info =
+		(struct xt_nfacct_target_info *)target->data;
+
+	nfacct_print(info, "");
+}
+
+static void NFACCT_save(const void *ip, const struct xt_entry_target *target)
+{
+	const struct xt_nfacct_target_info *info =
+		(struct xt_nfacct_target_info *)target->data;
+
+	nfacct_print(info, "--");
+}
+
+static struct xtables_target nfacct_target = {
+	.family		= NFPROTO_UNSPEC,
+	.name		= "NFACCT",
+	.version	= XTABLES_VERSION,
+	.size		= XT_ALIGN(sizeof(struct xt_nfacct_target_info)),
+	.userspacesize	= offsetof(struct xt_nfacct_target_info, nfacct),
+	.help		= NFACCT_help,
+	.x6_parse	= NFACCT_parse,
+	.print		= NFACCT_print,
+	.save		= NFACCT_save,
+	.x6_options	= NFACCT_opts,
+};
+
+void _init(void)
+{
+	xtables_register_target(&nfacct_target);
+}
diff --git a/include/linux/netfilter/xt_NFACCT.h b/include/linux/netfilter/xt_NFACCT.h
new file mode 100644
index 0000000..63a2d55
--- a/dev/null
+++ b/include/linux/netfilter/xt_NFACCT.h
@@ -0,0 +1,17 @@
+#ifndef _XT_NFACCT_TARGET_H
+#define _XT_NFACCT_TARGET_H
+
+#include <linux/types.h>
+
+#ifndef NFACCT_NAME_MAX
+#define NFACCT_NAME_MAX 64
+#endif
+
+struct nf_acct;
+
+struct xt_nfacct_target_info {
+	char		name[NFACCT_NAME_MAX];
+	struct nf_acct	*nfacct;
+};
+
+#endif /* _XT_NFACCT_TARGET_H */