iptables: xt_LED and docs

iptables: xt_LED and docs

[Jan Engelhardt]

The following changes since commit 132538f5c9f697702e6e08a11b796bdcaaba5fea:

  utils: add missing include flags to Makefile (2010-05-24 07:49:25 +0200)

are available in the git repository at:
  git://dev.medozas.de/iptables master

Adam Nielsen (1):
      extensions: add the LED target

Jan Engelhardt (3):
      doc: xt_string: correct copy-and-pasting in manpage
      doc: xt_hashlimit: fix a typo
      doc: xt_LED: nroff formatting requirements

 extensions/libxt_LED.c         |  155 ++++++++++++++++++++++++++++++++++++++++
 extensions/libxt_LED.man       |   30 ++++++++
 extensions/libxt_hashlimit.man |    2 +-
 extensions/libxt_string.man    |    4 +-
 4 files changed, 189 insertions(+), 2 deletions(-)
 create mode 100644 extensions/libxt_LED.c
 create mode 100644 extensions/libxt_LED.man

[PATCH 1/4] doc: xt_string: correct copy-and-pasting in manpage

[Jan Engelhardt]

References: http://bugzilla.netfilter.org/show_bug.cgi?id=653
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_string.man |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/extensions/libxt_string.man b/extensions/libxt_string.man
index 725f3ff..b6b271d 100644
--- a/extensions/libxt_string.man
+++ b/extensions/libxt_string.man
@@ -7,7 +7,9 @@ Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morri
 Set the offset from which it starts looking for any matching. If not passed, default is 0.
 .TP
 \fB\-\-to\fP \fIoffset\fP
-Set the offset from which it starts looking for any matching. If not passed, default is the packet size.
+Set the offset up to which should be scanned. That is, byte \fIoffset\fP-1
+(counting from 0) is the last one that is scanned.
+If not passed, default is the packet size.
 .TP
 [\fB!\fP] \fB\-\-string\fP \fIpattern\fP
 Matches the given pattern.
-- 
1.7.1

[PATCH 2/4] doc: xt_hashlimit: fix a typo

[Jan Engelhardt]

References: http://bugzilla.netfilter.org/show_bug.cgi?id=646
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_hashlimit.man |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/extensions/libxt_hashlimit.man b/extensions/libxt_hashlimit.man
index 9820a92..b870f55 100644
--- a/extensions/libxt_hashlimit.man
+++ b/extensions/libxt_hashlimit.man
@@ -7,7 +7,7 @@ quantum per group":
 matching on source host
 "1000 packets per second for every host in 192.168.0.0/16"
 .TP
-matching on source prot
+matching on source port
 "100 packets per second for every service of 192.168.1.1"
 .TP
 matching on subnet
-- 
1.7.1

[PATCH 3/4] extensions: add the LED target

[Jan Engelhardt]

From: Adam Nielsen <a.nielsen@shikadi.net>

For the xt_LED target introduced in Linux 2.6.31.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_LED.c   |  155 ++++++++++++++++++++++++++++++++++++++++++++++
 extensions/libxt_LED.man |   30 +++++++++
 2 files changed, 185 insertions(+), 0 deletions(-)
 create mode 100644 extensions/libxt_LED.c
 create mode 100644 extensions/libxt_LED.man

diff --git a/extensions/libxt_LED.c b/extensions/libxt_LED.c
new file mode 100644
index 0000000..af0e091
--- /dev/null
+++ b/extensions/libxt_LED.c
@@ -0,0 +1,155 @@
+/*
+ * libxt_LED.c - shared library add-on to iptables to add customized LED
+ *               trigger support.
+ *
+ * (C) 2008 Adam Nielsen <a.nielsen@shikadi.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <stddef.h>
+
+#include <xtables.h>
+
+#include <linux/netfilter/xt_LED.h>
+
+static const struct option LED_opts[] = {
+	{.name = "led-trigger-id",   .has_arg = true,  .val = 'i'},
+	{.name = "led-delay",        .has_arg = true,  .val = 'd'},
+	{.name = "led-always-blink", .has_arg = false, .val = 'a'},
+	{.name = NULL},
+};
+
+static void LED_help(void)
+{
+	printf(
+"LED target options:\n"
+"--led-trigger-id name           suffix for led trigger name\n"
+"--led-delay ms                  leave the LED on for this number of\n"
+"                                milliseconds after triggering.\n"
+"--led-always-blink              blink on arriving packets, even if\n"
+"                                the LED is already on.\n"
+	);
+}
+
+static int LED_parse(int c, char **argv, int invert, unsigned int *flags,
+		     const void *entry, struct xt_entry_target **target)
+{
+	struct xt_led_info *led = (void *)(*target)->data;
+
+	switch (c) {
+	case 'i':
+		xtables_param_act(XTF_NO_INVERT, "LED",
+			"--led-trigger-id", invert);
+		if (strlen("netfilter-") + strlen(optarg) > sizeof(led->id))
+			xtables_error(PARAMETER_PROBLEM,
+				"--led-trigger-id must be 16 chars or less");
+		if (optarg[0] == '\0')
+			xtables_error(PARAMETER_PROBLEM,
+				"--led-trigger-id cannot be blank");
+
+		/* "netfilter-" + 16 char id == 26 == sizeof(led->id) */
+		strcpy(led->id, "netfilter-");
+		strcat(led->id, optarg);
+		*flags = 1;
+		return true;
+
+	case 'd':
+		xtables_param_act(XTF_NO_INVERT, "LED", "--led-delay", invert);
+		if (strncasecmp(optarg, "inf", 3) == 0)
+			led->delay = -1;
+		else
+			led->delay = strtoul(optarg, NULL, 0);
+
+		return true;
+
+	case 'a':
+		if (!invert)
+			led->always_blink = 1;
+		return true;
+	}
+	return false;
+}
+
+static void LED_final_check(unsigned int flags)
+{
+	if (flags == 0)
+		xtables_error(PARAMETER_PROBLEM,
+			"--led-trigger-id must be specified");
+}
+
+static void LED_print(const void *ip, const struct xt_entry_target *target,
+		      int numeric)
+{
+	const struct xt_led_info *led = (void *)target->data;
+	const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
+
+	printf("led-trigger-id:\"");
+	/* Escape double quotes and backslashes in the ID */
+	while (*id != '\0') {
+		if (*id == '"' || *id == '\\')
+			printf("\\");
+		printf("%c", *id++);
+	}
+	printf("\" ");
+
+	if (led->delay == -1)
+		printf("led-delay:inf ");
+	else
+		printf("led-delay:%dms ", led->delay);
+
+	if (led->always_blink)
+		printf("led-always-blink ");
+}
+
+static void LED_save(const void *ip, const struct xt_entry_target *target)
+{
+	const struct xt_led_info *led = (void *)target->data;
+	const char *id = led->id + strlen("netfilter-"); /* trim off prefix */
+
+	printf("--led-trigger-id \"");
+	/* Escape double quotes and backslashes in the ID */
+	while (*id != '\0') {
+		if (*id == '"' || *id == '\\')
+			printf("\\");
+		printf("%c", *id++);
+	}
+	printf("\" ");
+
+	/* Only print the delay if it's not zero (the default) */
+	if (led->delay > 0)
+		printf("--led-delay %d ", led->delay);
+	else if (led->delay == -1)
+		printf("--led-delay inf ");
+
+	/* Only print always_blink if it's not set to the default */
+	if (led->always_blink)
+		printf("--led-always-blink ");
+}
+
+static struct xtables_target led_tg_reg = {
+	.version       = XTABLES_VERSION,
+	.name          = "LED",
+	.family        = PF_UNSPEC,
+	.revision      = 0,
+	.size          = XT_ALIGN(sizeof(struct xt_led_info)),
+	.userspacesize = offsetof(struct xt_led_info, internal_data),
+	.help          = LED_help,
+	.parse         = LED_parse,
+	.final_check   = LED_final_check,
+	.extra_opts    = LED_opts,
+	.print         = LED_print,
+	.save          = LED_save,
+};
+
+void _init(void)
+{
+	xtables_register_target(&led_tg_reg);
+}
diff --git a/extensions/libxt_LED.man b/extensions/libxt_LED.man
new file mode 100644
index 0000000..0226f10
--- /dev/null
+++ b/extensions/libxt_LED.man
@@ -0,0 +1,30 @@
+This creates an LED-trigger that can then be attached to system indicator
+lights, to blink or illuminate them when certain packets pass through the
+system. One example might be to light up an LED for a few minutes every time
+an SSH connection is made to the local machine. The following options control
+the trigger behavior:
+.TP
+\fB--led-trigger-id\fP \fIname\fP
+This is the name given to the LED trigger. The actual name of the trigger
+will be prefixed with "netfilter-".
+.TP
+\fB--led-delay\fP \fIms\fP
+This indicates how long (in milliseconds) the LED should be left illuminated
+when a packet arrives before being switched off again. The default is 0
+(blink as fast as possible.) The special value \fIinf\fP can be given to
+leave the LED on permanently once activated. (In this case the trigger will
+need to be manually detached and reattached to the LED device to switch it
+off again.)
+.TP
+\fB--led-always-blink\fP
+Always make the LED blink on packet arrival, even if the LED is already on.
+This allows notification of new packets even with long delay values (which
+otherwise would result in a silent prolonging of the delay time.)
+.TP
+Example:
+.TP
+Create an LED trigger for incoming SSH traffic:
+iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh
+.TP
+Then attach the new trigger to an LED:
+echo netfilter-ssh >/sys/class/leds/\fIledname\fP/trigger
-- 
1.7.1

[PATCH 4/4] doc: xt_LED: nroff formatting requirements

[Jan Engelhardt]

Verbatim dashes need to be backslash-prefixed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_LED.man |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/extensions/libxt_LED.man b/extensions/libxt_LED.man
index 0226f10..81c2f29 100644
--- a/extensions/libxt_LED.man
+++ b/extensions/libxt_LED.man
@@ -4,11 +4,11 @@ system. One example might be to light up an LED for a few minutes every time
 an SSH connection is made to the local machine. The following options control
 the trigger behavior:
 .TP
-\fB--led-trigger-id\fP \fIname\fP
+\fB\-\-led\-trigger\-id\fP \fIname\fP
 This is the name given to the LED trigger. The actual name of the trigger
 will be prefixed with "netfilter-".
 .TP
-\fB--led-delay\fP \fIms\fP
+\fB\-\-led-delay\fP \fIms\fP
 This indicates how long (in milliseconds) the LED should be left illuminated
 when a packet arrives before being switched off again. The default is 0
 (blink as fast as possible.) The special value \fIinf\fP can be given to
@@ -16,7 +16,7 @@ leave the LED on permanently once activated. (In this case the trigger will
 need to be manually detached and reattached to the LED device to switch it
 off again.)
 .TP
-\fB--led-always-blink\fP
+\fB\-\-led\-always\-blink\fP
 Always make the LED blink on packet arrival, even if the LED is already on.
 This allows notification of new packets even with long delay values (which
 otherwise would result in a silent prolonging of the delay time.)
@@ -24,7 +24,7 @@ otherwise would result in a silent prolonging of the delay time.)
 Example:
 .TP
 Create an LED trigger for incoming SSH traffic:
-iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh
+iptables \-A INPUT \-p tcp \-\-dport 22 \-j LED \-\-led\-trigger\-id ssh
 .TP
 Then attach the new trigger to an LED:
-echo netfilter-ssh >/sys/class/leds/\fIledname\fP/trigger
+echo netfilter\-ssh >/sys/class/leds/\fIledname\fP/trigger
-- 
1.7.1

Re: iptables: xt_LED and docs

[Patrick McHardy]

On 06.06.2010 13:23, Jan Engelhardt wrote:
> The following changes since commit 132538f5c9f697702e6e08a11b796bdcaaba5fea:
> 
>   utils: add missing include flags to Makefile (2010-05-24 07:49:25 +0200)
> 
> are available in the git repository at:
>   git://dev.medozas.de/iptables master
> 
> Adam Nielsen (1):
>       extensions: add the LED target
> 
> Jan Engelhardt (3):
>       doc: xt_string: correct copy-and-pasting in manpage
>       doc: xt_hashlimit: fix a typo
>       doc: xt_LED: nroff formatting requirements

Pulled, thanks Jan.