X-Git-Url: https://git.verplant.org/?a=blobdiff_plain;f=src%2Fiptables.c;h=dc69f6be49c4e85c1d8522b0b00ec7201733778c;hb=c28bc580c110c78741d0805c7652e05d994b0ff4;hp=5f2745f281d65b0325f9e547d8f6e002a03b886c;hpb=c493010e9f1a6537dca21be2290bc28051ad0efc;p=collectd.git diff --git a/src/iptables.c b/src/iptables.c index 5f2745f2..dc69f6be 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -25,30 +25,17 @@ #include "plugin.h" #include "configfile.h" -#if HAVE_LIBIPTC_LIBIPTC_H -# include -#endif - -#if HAVE_LIBIPTC_LIBIPTC_H -# define IPTABLES_HAVE_READ 1 +#if OWN_LIBIPTC +# include "libiptc/libiptc.h" #else -# define IPTABLES_HAVE_READ 0 +# include #endif -#define MODULE_NAME "iptables" -#define BUFSIZE 512 - /* * (Module-)Global variables */ /* - * Removed packet count for now, should have config option if you want to save - * them Although other collectd models don't seem to care much for options - * eitherway for what to log - */ -#if IPTABLES_HAVE_READ -/* * Config format should be `Chain table chainname', * e. g. `Chain mangle incoming' */ @@ -121,24 +108,22 @@ static int iptables_config (const char *key, const char *value) chain = fields[1]; table_len = strlen (table); - if (table_len >= sizeof(temp.table)) + if ((unsigned int)table_len >= sizeof(temp.table)) { ERROR ("Table `%s' too long.", table); free (value_copy); return (1); } - strncpy (temp.table, table, table_len); - temp.table[table_len] = '\0'; + sstrncpy (temp.table, table, table_len); chain_len = strlen (chain); - if (chain_len >= sizeof(temp.chain)) + if ((unsigned int)chain_len >= sizeof(temp.chain)) { ERROR ("Chain `%s' too long.", chain); free (value_copy); return (1); } - strncpy (temp.chain, chain, chain_len); - temp.chain[chain_len] = '\0'; + sstrncpy (temp.chain, chain, chain_len); if (fields_num >= 3) { @@ -152,8 +137,12 @@ static int iptables_config (const char *key, const char *value) } else { - strncpy (temp.rule.comment, comment, - sizeof (temp.rule.comment) - 1); + temp.rule.comment = strdup (comment); + if (temp.rule.comment == NULL) + { + free (value_copy); + return (1); + } temp.rule_type = RTYPE_COMMENT; } } @@ -163,7 +152,7 @@ static int iptables_config (const char *key, const char *value) } if (fields_num >= 4) - strncpy (temp.name, fields[3], sizeof (temp.name) - 1); + sstrncpy (temp.name, fields[3], sizeof (temp.name)); free (value_copy); value_copy = NULL; @@ -201,9 +190,7 @@ static int iptables_config (const char *key, const char *value) return (0); } /* int iptables_config */ -#endif /* IPTABLES_HAVE_READ */ -#if IPTABLES_HAVE_READ /* This needs to return `int' for IPT_MATCH_ITERATE to work. */ static int submit_match (const struct ipt_entry_match *match, const struct ipt_entry *entry, @@ -235,31 +222,32 @@ static int submit_match (const struct ipt_entry_match *match, strcpy (vl.host, hostname_g); strcpy (vl.plugin, "iptables"); - status = snprintf (vl.plugin_instance, sizeof (vl.plugin_instance), + status = ssnprintf (vl.plugin_instance, sizeof (vl.plugin_instance), "%s-%s", chain->table, chain->chain); - if ((status >= sizeof (vl.plugin_instance)) || (status < 1)) + if ((status < 1) || ((unsigned int)status >= sizeof (vl.plugin_instance))) return (0); if (chain->name[0] != '\0') { - strncpy (vl.type_instance, chain->name, sizeof (vl.type_instance)); + sstrncpy (vl.type_instance, chain->name, sizeof (vl.type_instance)); } else { if (chain->rule_type == RTYPE_NUM) - snprintf (vl.type_instance, sizeof (vl.type_instance), + ssnprintf (vl.type_instance, sizeof (vl.type_instance), "%i", chain->rule.num); else - strncpy (vl.type_instance, (char *) match->data, + sstrncpy (vl.type_instance, (char *) match->data, sizeof (vl.type_instance)); } - vl.type_instance[sizeof (vl.type_instance) - 1] = '\0'; + strcpy (vl.type, "ipt_bytes"); values[0].counter = (counter_t) entry->counters.bcnt; - plugin_dispatch_values ("ipt_bytes", &vl); + plugin_dispatch_values (&vl); + strcpy (vl.type, "ipt_packets"); values[0].counter = (counter_t) entry->counters.pcnt; - plugin_dispatch_values ("ipt_packets", &vl); + plugin_dispatch_values (&vl); return (0); } /* void submit_match */ @@ -297,7 +285,7 @@ static void submit_chain( iptc_handle_t *handle, ip_chain_t *chain ) { static int iptables_read (void) { int i; - static complain_t complaint; + int num_failures = 0; /* Init the iptc handle structure and query the correct table */ for (i = 0; i < chain_num; i++) @@ -308,26 +296,24 @@ static int iptables_read (void) chain = chain_list[i]; if (!chain) { - DEBUG ("chain == NULL"); + DEBUG ("iptables plugin: chain == NULL"); continue; } - handle = iptc_init( chain->table ); + handle = iptc_init (chain->table); if (!handle) { - DEBUG ("iptc_init (%s) failed: %s", chain->table, iptc_strerror (errno)); - plugin_complain (LOG_ERR, &complaint, "iptc_init (%s) failed: %s", + ERROR ("iptables plugin: iptc_init (%s) failed: %s", chain->table, iptc_strerror (errno)); + num_failures++; continue; } - plugin_relief (LOG_INFO, &complaint, "iptc_init (%s) succeeded", - chain->table); submit_chain (&handle, chain); iptc_free (&handle); - } + } /* for (i = 0 .. chain_num) */ - return (0); + return ((num_failures < chain_num) ? 0 : -1); } /* int iptables_read */ static int iptables_shutdown (void) @@ -335,26 +321,26 @@ static int iptables_shutdown (void) int i; for (i = 0; i < chain_num; i++) + { + if ((chain_list[i] != NULL) && (chain_list[i]->rule_type == RTYPE_COMMENT)) + { + sfree (chain_list[i]->rule.comment); + } sfree (chain_list[i]); + } sfree (chain_list); return (0); } /* int iptables_shutdown */ -#endif /* IPTABLES_HAVE_READ */ void module_register (void) { -#if IPTABLES_HAVE_READ plugin_register_config ("iptables", iptables_config, config_keys, config_keys_num); plugin_register_read ("iptables", iptables_read); plugin_register_shutdown ("iptables", iptables_shutdown); -#endif } /* void module_register */ -#undef BUFSIZE -#undef MODULE_NAME - /* * vim:shiftwidth=4:softtabstop=4:tabstop=8 */