#include "common.h"
#include "plugin.h"
#include "configfile.h"
-#include "utils_debug.h"
#if HAVE_LIBIPTC_LIBIPTC_H
# include <libiptc/libiptc.h>
#endif
-#if HAVE_LIBIPTC_LIBIPTC_H
-# define IPTABLES_HAVE_READ 1
-#else
-# define IPTABLES_HAVE_READ 0
-#endif
-
-#define MODULE_NAME "iptables"
-#define BUFSIZE 512
-
/*
* (Module-)Global variables
*/
/*
- * Removed packet count for now, should have config option if you want to save
- * them Although other collectd models don't seem to care much for options
- * eitherway for what to log
- */
-/* Limit to ~125MByte/s (~1GBit/s) */
-static data_source_t dsrc[1] =
-{
- {"value", DS_TYPE_COUNTER, 0.0, 134217728.0}
-};
-
-static data_set_t ipt_bytes_ds =
-{
- "ipt_bytes", 1, dsrc
-};
-
-static data_set_t ipt_packets_ds =
-{
- "ipt_packets", 1, dsrc
-};
-
-#if IPTABLES_HAVE_READ
-/*
* Config format should be `Chain table chainname',
* e. g. `Chain mangle incoming'
*/
value_copy = strdup (value);
if (value_copy == NULL)
{
- ERROR ("strdup failed: %s", strerror (errno));
+ char errbuf[1024];
+ ERROR ("strdup failed: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
return (1);
}
}
else
{
- strncpy (temp.rule.comment, comment,
- sizeof (temp.rule.comment) - 1);
+ temp.rule.comment = strdup (comment);
+ if (temp.rule.comment == NULL)
+ {
+ free (value_copy);
+ return (1);
+ }
temp.rule_type = RTYPE_COMMENT;
}
}
list = (ip_chain_t **) realloc (chain_list, (chain_num + 1) * sizeof (ip_chain_t *));
if (list == NULL)
{
- ERROR ("realloc failed: %s", strerror (errno));
- return (1);
+ char errbuf[1024];
+ ERROR ("realloc failed: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (1);
}
chain_list = list;
final = (ip_chain_t *) malloc( sizeof(temp) );
if (final == NULL)
{
- ERROR ("malloc failed: %s", strerror (errno));
- return (1);
+ char errbuf[1024];
+ ERROR ("malloc failed: %s",
+ sstrerror (errno, errbuf, sizeof (errbuf)));
+ return (1);
}
memcpy (final, &temp, sizeof (temp));
chain_list[chain_num] = final;
return (0);
} /* int iptables_config */
-#endif /* IPTABLES_HAVE_READ */
-#if IPTABLES_HAVE_READ
/* This needs to return `int' for IPT_MATCH_ITERATE to work. */
static int submit_match (const struct ipt_entry_match *match,
const struct ipt_entry *entry,
int i;
for (i = 0; i < chain_num; i++)
+ {
+ if ((chain_list[i] != NULL) && (chain_list[i]->rule_type == RTYPE_COMMENT))
+ {
+ sfree (chain_list[i]->rule.comment);
+ }
sfree (chain_list[i]);
+ }
sfree (chain_list);
return (0);
} /* int iptables_shutdown */
-#endif /* IPTABLES_HAVE_READ */
void module_register (void)
{
- plugin_register_data_set (&ipt_bytes_ds);
- plugin_register_data_set (&ipt_packets_ds);
-
-#if IPTABLES_HAVE_READ
plugin_register_config ("iptables", iptables_config,
config_keys, config_keys_num);
plugin_register_read ("iptables", iptables_read);
plugin_register_shutdown ("iptables", iptables_shutdown);
-#endif
-}
-
-#undef BUFSIZE
-#undef MODULE_NAME
+} /* void module_register */
/*
* vim:shiftwidth=4:softtabstop=4:tabstop=8