diff options
Diffstat (limited to 'KMFIPTInterface')
-rw-r--r-- | KMFIPTInterface/KMFIPTInterface.lsm | 16 | ||||
-rw-r--r-- | KMFIPTInterface/Makefile.am | 17 | ||||
-rw-r--r-- | KMFIPTInterface/README | 11 | ||||
-rw-r--r-- | KMFIPTInterface/iptchecker.cpp | 234 | ||||
-rw-r--r-- | KMFIPTInterface/iptchecker.h | 41 | ||||
-rw-r--r-- | KMFIPTInterface/kmfiptinterface.cpp | 115 | ||||
-rw-r--r-- | KMFIPTInterface/kmfiptinterface.desktop | 39 | ||||
-rw-r--r-- | KMFIPTInterface/kmfiptinterface.h | 57 | ||||
-rwxr-xr-x | KMFIPTInterface/kmfiptinterface_ctl | 7 | ||||
-rw-r--r-- | KMFIPTInterface/main.cpp | 67 |
10 files changed, 604 insertions, 0 deletions
diff --git a/KMFIPTInterface/KMFIPTInterface.lsm b/KMFIPTInterface/KMFIPTInterface.lsm new file mode 100644 index 0000000..d1ffbbe --- /dev/null +++ b/KMFIPTInterface/KMFIPTInterface.lsm @@ -0,0 +1,16 @@ +Begin3 +Title: KMFIPTinterface -- Some description +Version: 0.1 +Entered-date: +Description: +Keywords: KDE Qt +Author: Christian Hubinger <[email protected]> +Maintained-by: Christian Hubinger <[email protected]> +Home-page: +Alternate-site: +Primary-site: ftp://ftp.kde.org/pub/kde/unstable/apps/utils + xxxxxx kmfiptinterface-0.1.tar.gz + xxx kmfiptinterface-0.1.lsm +Platform: Linux. Needs KDE +Copying-policy: GPL +End diff --git a/KMFIPTInterface/Makefile.am b/KMFIPTInterface/Makefile.am new file mode 100644 index 0000000..c8b96ab --- /dev/null +++ b/KMFIPTInterface/Makefile.am @@ -0,0 +1,17 @@ +bin_PROGRAMS = kmfiptinterface +INCLUDES = $(all_includes) +kmfiptinterface_LDFLAGS = -module $(all_libraries) $(KDE_RPATH) +kmfiptinterface_LDADD = $(LIB_KIO) +kmfiptinterface_SOURCES = main.cpp kmfiptinterface.cpp iptchecker.cpp kmfiptinterface.skel + + +noinst_HEADERS = kmfiptinterface.h iptchecker.h + +METASOURCES = AUTO + +messages: rc.cpp + $(XGETTEXT) *.cpp -o $(podir)/dcoptest.pot + + +service_DATA = kmfiptinterface.desktop +servicedir = $(kde_servicesdir) diff --git a/KMFIPTInterface/README b/KMFIPTInterface/README new file mode 100644 index 0000000..58e1775 --- /dev/null +++ b/KMFIPTInterface/README @@ -0,0 +1,11 @@ +KMFIPTInterface +--------------- + +Small dcop interface using the libiptc library to fetch running iptables configuration from the kernel. + +As the libiptc library is pure C and links the kernel headers a small modification of the kernel header iptables.h file is needed to build it. Unfortunately there is no real usable C++/C API available to query/modify the iptables configuration. + +So i'm not shure if this will acutually work in the end. + +The iptables/netfilter team says that currently the only way to communicate with iptables is using a pipe to the iptables-save +command which is acctuall not a real soulution for such an application but they know this issue and therefore i hope that an C++ compatible API will be available in the future to make this really work. diff --git a/KMFIPTInterface/iptchecker.cpp b/KMFIPTInterface/iptchecker.cpp new file mode 100644 index 0000000..bf6979d --- /dev/null +++ b/KMFIPTInterface/iptchecker.cpp @@ -0,0 +1,234 @@ +/*************************************************************************** + * Copyright (C) 2005 by Christian Hubinger * + * [email protected] * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * + ***************************************************************************/ +#include "iptchecker.h" + + +extern "C" { +#include <getopt.h> +#include <sys/errno.h> +#include <stdio.h> +#include <fcntl.h> +#include <stdlib.h> +#include <string.h> +#include <dlfcn.h> +#include <time.h> +#include <netdb.h> +#include "libiptc/libiptc.h" +#include "iptables.h" +} + + +/* Here begins some of the code taken from iptables-save.c **************** */ +#define IP_PARTS_NATIVE(n) \ + (unsigned int)((n)>>24)&0xFF, \ + (unsigned int)((n)>>16)&0xFF, \ + (unsigned int)((n)>>8)&0xFF, \ + (unsigned int)((n)&0xFF) + + + +IPTChecker::IPTChecker() +{ +} + + +IPTChecker::~IPTChecker() +{ +} + +int IPTChecker::numChainsInTable( char *tablename ) { + int foundChain = 0; + iptc_handle_t h; + const char *chain = NULL; + + h = iptc_init(tablename); + if (!h) { + printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno)); + return -1; + } + + for (chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h)) { + foundChain++; + } + printf("Table %s Num: %d\n", tablename, foundChain ); + return foundChain; +} + + +int IPTChecker::numRulesInChain( char *tablename, char *chain ) { + int foundRule = 0; + iptc_handle_t h; + const struct ipt_entry *e; + const char *ch = NULL; + + h = iptc_init(tablename); + if (!h) { + printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno)); + return -1; + } + + if ( iptc_is_chain( chain, h ) == 0 ) { + printf("Error Chain: %s Not Found in table: %s\n", chain, tablename ); + return -1; + } + for (ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h)) { + if ( strcmp( ch, chain ) == 0 ) { + int found = 0; + for (e = iptc_first_rule(ch, &h); e && found == 0; e = iptc_next_rule(e, &h)) { + foundRule++; + } + printf("Table: %s Chain: %s Num Rules: %d\n", tablename, chain, foundRule ); + return foundRule; + } + } + return -1; +} +QStringList IPTChecker::getRuleProperties( char * table, char *chain, int ruleIndex ) { + QStringList list; + int numRules = 0; + int found = 0; + iptc_handle_t h; + const struct ipt_entry *rule = 0; + const struct ipt_entry *my_rule = 0; + const char *ch = NULL; + + h = iptc_init(table); + if (!h) { + printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); + return list; + } + + if ( iptc_is_chain( chain, h ) == 0 ) { + printf("Error Chain: %s Not Found in table: %s\n", chain, table ); + return list; + } + int foundChain = 0; + for (ch = iptc_first_chain(&h); ch && foundChain == 0; ch = iptc_next_chain(&h)) { + if ( strcmp( ch, chain ) == 0 ) { + foundChain = 1; + for (rule = iptc_first_rule(ch, &h); rule && found == 0; rule = iptc_next_rule(rule, &h)) { + if ( numRules == ruleIndex ) { + my_rule = rule; + found = 1; + } + numRules++; + } + } + } + if ( my_rule ) { + const char *target_name; + /* Print target name */ + target_name = iptc_get_target( my_rule, &h ); + if ( target_name && (*target_name != '\0') ) { + + list << QString("%1").arg(target_name); + } + + + /* Print targinfo part */ +/* struct ipt_entry_target *t; + t = ipt_get_target( (struct ipt_entry *) my_rule ); + if ( t ) { + list << "Found Target:"; + list << t->u.user.name; + } + + if ( t->u.user.name ) { + list << QString("TARGET2:%1").arg(t->u.user.name); + + struct iptables_target *target = find_target( target_name, TRY_LOAD ); + + if ( ! target ) { + list << "Can't find library for target `%s'\n" << t->u.user.name; + return list; + } + + if (target->save) { + target->save(&my_rule->ip, t); + } else { + // If the target size is greater than ipt_entry_target + // there is something to be saved, we just don't know + // how to print it + if (t->u.target_size != sizeof(struct ipt_entry_target)) { + fprintf(stderr, "Target `%s' is missing " + "save function\n", + t->u.user.name); + return list; + } + } + }*/ + } else { + list << "ERROR"; + } + return list; +} + +QStringList IPTChecker::getChainsInTable( char * table ) { + QStringList list; + int foundRule = 0; + iptc_handle_t h; + const struct ipt_entry *e; + const char *chain = NULL; + + h = iptc_init(table); + if (!h) { + printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); + return list; + } + + + for ( chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h) ) { + list << chain; + } + return list; +} + + +QString IPTChecker::getChainPolicy( char * table, char *chain ) { + QString policy = ""; + iptc_handle_t h; + const struct ipt_entry *e; + const char *ch = NULL; + + h = iptc_init(table); + if (!h) { + printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno)); + return ""; + } + + + for ( ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h) ) { + if ( strcmp( ch, chain ) == 0 ) { + + if ( iptc_builtin(chain, h) ) { + struct ipt_counters count; + policy = iptc_get_policy(chain, &count, &h); + +/* printf("%s ", + iptc_get_policy(chain, &count, &h)); + printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);*/ + } else { +// printf("- [0:0]\n"); + } + + } + } + return policy; +} diff --git a/KMFIPTInterface/iptchecker.h b/KMFIPTInterface/iptchecker.h new file mode 100644 index 0000000..51369d6 --- /dev/null +++ b/KMFIPTInterface/iptchecker.h @@ -0,0 +1,41 @@ +/*************************************************************************** + * Copyright (C) 2005 by Christian Hubinger * + * [email protected] * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * + ***************************************************************************/ +#ifndef IPTCHECKER_H +#define IPTCHECKER_H + +#include <qstringlist.h> + +/** +@author Christian Hubinger +*/ +class IPTChecker{ +public: + IPTChecker(); + + ~IPTChecker(); + + int numChainsInTable( char *tablename ); + int numRulesInChain( char *tablename, char *chain ); + QStringList getChainsInTable( char * table ); + QString getChainPolicy( char * table, char *chain ); + QStringList getRuleProperties( char * table, char *chain, int ruleIndex ); +}; + +#endif diff --git a/KMFIPTInterface/kmfiptinterface.cpp b/KMFIPTInterface/kmfiptinterface.cpp new file mode 100644 index 0000000..e963383 --- /dev/null +++ b/KMFIPTInterface/kmfiptinterface.cpp @@ -0,0 +1,115 @@ + /*************************************************************************** + * Copyright (C) 2005 by Christian Hubinger * + * [email protected] * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * + ***************************************************************************/ + +#include "iptchecker.h" + +#include "kmfiptinterface.h" +#include <kdebug.h> +#include <kapplication.h> +#include <klocale.h> +#include <kmessagebox.h> + +#include <dcopobject.h> +#include <dcopclient.h> + + + +KMFIPTInterface::KMFIPTInterface() : DCOPObject("KMFIPTInterface") +{ + kdDebug() << "Starting new service... " << endl; + m_List = QStringList(); +} + +KMFIPTInterface::~KMFIPTInterface() +{ + kdDebug() << "Going away... " << endl; +} + +QString KMFIPTInterface::string(int idx) +{ + return *m_List.at(idx); +} + +QStringList KMFIPTInterface::list() +{ + return m_List; +} + +void KMFIPTInterface::add(QString arg) +{ + kdDebug() << "Adding " << arg << " to the list" << endl; + m_List << arg; +} + +bool KMFIPTInterface::remove(QString arg) +{ + QStringList::Iterator it = m_List.find(arg); + if (it != m_List.end()) + { + m_List.remove(it); + } + else + return false; + return true; +} + +bool KMFIPTInterface::exit() +{ + kapp->quit(); + return 0; +} + +void KMFIPTInterface::Test() { + KMessageBox::information(0 , i18n("Called KMFIPTInterface::Test()") ); +} + +int KMFIPTInterface::numRulesInChain( QString table , QString chain ) { + IPTChecker *chk = new IPTChecker(); + char *ctable = strdup(table); + char *cchain = strdup(chain); + return chk->numRulesInChain( ctable, cchain ); +} + +int KMFIPTInterface::numChainsInTable( QString table ) { + IPTChecker *chk = new IPTChecker(); + char *ctable = strdup(table); + return chk->numChainsInTable( ctable ); +} + +QStringList KMFIPTInterface::getChainsInTable( QString table ) { + IPTChecker *chk = new IPTChecker(); + char *ctable = strdup(table); + return chk->getChainsInTable( ctable ); +} + +QStringList KMFIPTInterface::getRuleProperties( QString table , QString chain , int index ) { + IPTChecker *chk = new IPTChecker(); + char *ctable = strdup(table); + char *cchain = strdup(chain); + return chk->getRuleProperties( ctable, cchain, index ); +} + +QString KMFIPTInterface::getChainPolicy( QString table , QString chain ) { + IPTChecker *chk = new IPTChecker(); + char *ctable = strdup(table); + char *cchain = strdup(chain); + return chk->getChainPolicy( ctable, cchain ); +} + diff --git a/KMFIPTInterface/kmfiptinterface.desktop b/KMFIPTInterface/kmfiptinterface.desktop new file mode 100644 index 0000000..7ee32f6 --- /dev/null +++ b/KMFIPTInterface/kmfiptinterface.desktop @@ -0,0 +1,39 @@ +[Desktop Entry] +Comment=KMyFirewall iptables interface +Comment[bg]=Интерфейс за iptables на KMyFirewall +Comment[br]=Etrefas ipables KMyFirewall +Comment[ca]=Interfície per a iptables KMyFirewall +Comment[cs]=iptable rozhraní KMyFirewall +Comment[da]=IP-tabelgrænseflade for KMyFirewall +Comment[de]=Oberfläche für iptables +Comment[el]=Διασύνδεση iptables του KMyFirewall +Comment[es]=Interfaz a iptables de KMyFirewall +Comment[et]=KMyFirewalli IPTablesi liides +Comment[fr]=Interface iptables de KMyFirewall +Comment[ga]=Comhéadan iptables KMyFirewall +Comment[gl]=Interface de KMyFirewall para iptables +Comment[it]=Interfaccia a iptables KMyFirewall +Comment[ja]=KMyFirewall iptables インターフェース +Comment[ka]=KMyFirewall iptables ინტერფეისი +Comment[lt]=KMyFirewall – IPTables tvarkymo sąsaja +Comment[nl]=KMyFirewall iptables-interface +Comment[pl]=Interfejs iptables KMyFirewall +Comment[pt]=Interface para o 'iptables' do KMyFirewall +Comment[pt_BR]=Interface do iptables no KMyFirewall +Comment[sr]=KMyFirewall-ов интерфејс за iptables +Comment[sr@Latn]=KMyFirewall-ov interfejs za iptables +Comment[sv]=IP-tabellgränssnitt för Min brandvägg +Comment[tr]=KMyFirewall iptables Kural Belirleyici +Comment[uk]=Інтерфейс KMyFirewall до iptables +Comment[xx]=xxKMyFirewall iptables interfacexx +Exec=kmfiptinterface +Icon= +Name=kmfiptinterface +Name[pl]=kmfiptinterfejs +Name[pt_BR]=Interface do Iptables +Name[sv]=IP-gränssnitt för Min brandvägg +Name[tr]=kmf ip arabirimi +Name[xx]=xxkmfiptinterfacexx +Type=Service +X-DCOP-ServiceType=Unique +X-KDE-StartupNotify=false diff --git a/KMFIPTInterface/kmfiptinterface.h b/KMFIPTInterface/kmfiptinterface.h new file mode 100644 index 0000000..512f73b --- /dev/null +++ b/KMFIPTInterface/kmfiptinterface.h @@ -0,0 +1,57 @@ +/*************************************************************************** + * Copyright (C) 2005 by Christian Hubinger * + * [email protected] * + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; either version 2 of the License, or * + * (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program; if not, write to the * + * Free Software Foundation, Inc., * + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * + ***************************************************************************/ + + +#ifndef _kmfiptinterface_H +#define _kmfiptinterface_H + +#include <qstringlist.h> +#include <qstring.h> +#include <dcopobject.h> + +class KMFIPTInterface : public DCOPObject +{ + K_DCOP + + private: + QStringList m_List; + + public: + KMFIPTInterface(); + + ~KMFIPTInterface(); + + k_dcop: + QString string(int); + QStringList list(); + + void add(QString); + bool remove(QString); + bool exit(); + + void Test(); + int numRulesInChain( QString, QString ); + int numChainsInTable( QString ); + QStringList getChainsInTable( QString ); + QStringList getRuleProperties( QString, QString, int ); + + QString getChainPolicy( QString, QString ); +}; +#endif diff --git a/KMFIPTInterface/kmfiptinterface_ctl b/KMFIPTInterface/kmfiptinterface_ctl new file mode 100755 index 0000000..05c2688 --- /dev/null +++ b/KMFIPTInterface/kmfiptinterface_ctl @@ -0,0 +1,7 @@ +#!/bin/bash +SERVER="`dcopserver --serverid 2>&1`" +echo -n "Server:" +echo $SERVER +kdesu -t --nonewdcop -u root -c kmfiptinterface --dcopserver=$SERVER + + diff --git a/KMFIPTInterface/main.cpp b/KMFIPTInterface/main.cpp new file mode 100644 index 0000000..c3e28ee --- /dev/null +++ b/KMFIPTInterface/main.cpp @@ -0,0 +1,67 @@ +/*************************************************************************** +* Copyright (C) 2005 by Christian Hubinger * +* [email protected] * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License * +* along with this program; if not, write to the * +* Free Software Foundation, Inc., * +* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * +***************************************************************************/ + + +#include <kuniqueapplication.h> +#include <kaboutdata.h> +#include <kcmdlineargs.h> +#include <kdebug.h> +#include <klocale.h> +#include <dcopclient.h> +#include "kmfiptinterface.h" +#include "version.h" +static const char description[] = + I18N_NOOP( "A KDE KPart Application" ); + +static const char version[] = "0.1"; + +static KCmdLineOptions options[] = + { + KCmdLineLastOption + }; + +int main ( int argc, char *argv[] ) { + KLocale::setMainCatalogue( "kdelibs" ); + KAboutData aboutdata( "kmfiptinterface", I18N_NOOP( "KDE" ), + version, description, + KAboutData::License_GPL, "(C) 2001, Christian Hubinger" ); + aboutdata.addAuthor( "Christian Hubinger", I18N_NOOP( "Developer" ), "[email protected]" ); + + KCmdLineArgs::init( argc, argv, &aboutdata ); + KCmdLineArgs::addCmdLineOptions( options ); + KUniqueApplication::addCmdLineOptions(); + kdDebug() << "Starting up...!" << endl; + if ( ! KUniqueApplication::start() ) { + kdDebug() << "kmfiptinterface is already running!" << endl; + return ( 0 ); + } + + KUniqueApplication app; + kdDebug() << "starting kmfiptinterface " << endl; + // This app is started automatically, no need for session management + app.dcopClient() ->setAcceptCalls( true ); + kdDebug() << app.dcopClient() ->appId() << endl; + kdDebug() << "starting kmfiptinterface " << endl; + + app.disableSessionManagement(); + /*KMFIPTInterface *service =*/ new KMFIPTInterface; + return app.exec(); + +} |