summaryrefslogtreecommitdiffstats
path: root/KMFIPTInterface
diff options
context:
space:
mode:
Diffstat (limited to 'KMFIPTInterface')
-rw-r--r--KMFIPTInterface/KMFIPTInterface.lsm16
-rw-r--r--KMFIPTInterface/Makefile.am17
-rw-r--r--KMFIPTInterface/README11
-rw-r--r--KMFIPTInterface/iptchecker.cpp234
-rw-r--r--KMFIPTInterface/iptchecker.h41
-rw-r--r--KMFIPTInterface/kmfiptinterface.cpp115
-rw-r--r--KMFIPTInterface/kmfiptinterface.desktop39
-rw-r--r--KMFIPTInterface/kmfiptinterface.h57
-rwxr-xr-xKMFIPTInterface/kmfiptinterface_ctl7
-rw-r--r--KMFIPTInterface/main.cpp67
10 files changed, 604 insertions, 0 deletions
diff --git a/KMFIPTInterface/KMFIPTInterface.lsm b/KMFIPTInterface/KMFIPTInterface.lsm
new file mode 100644
index 0000000..d1ffbbe
--- /dev/null
+++ b/KMFIPTInterface/KMFIPTInterface.lsm
@@ -0,0 +1,16 @@
+Begin3
+Title: KMFIPTinterface -- Some description
+Version: 0.1
+Entered-date:
+Description:
+Keywords: KDE Qt
+Author: Christian Hubinger <[email protected]>
+Maintained-by: Christian Hubinger <[email protected]>
+Home-page:
+Alternate-site:
+Primary-site: ftp://ftp.kde.org/pub/kde/unstable/apps/utils
+ xxxxxx kmfiptinterface-0.1.tar.gz
+ xxx kmfiptinterface-0.1.lsm
+Platform: Linux. Needs KDE
+Copying-policy: GPL
+End
diff --git a/KMFIPTInterface/Makefile.am b/KMFIPTInterface/Makefile.am
new file mode 100644
index 0000000..c8b96ab
--- /dev/null
+++ b/KMFIPTInterface/Makefile.am
@@ -0,0 +1,17 @@
+bin_PROGRAMS = kmfiptinterface
+INCLUDES = $(all_includes)
+kmfiptinterface_LDFLAGS = -module $(all_libraries) $(KDE_RPATH)
+kmfiptinterface_LDADD = $(LIB_KIO)
+kmfiptinterface_SOURCES = main.cpp kmfiptinterface.cpp iptchecker.cpp kmfiptinterface.skel
+
+
+noinst_HEADERS = kmfiptinterface.h iptchecker.h
+
+METASOURCES = AUTO
+
+messages: rc.cpp
+ $(XGETTEXT) *.cpp -o $(podir)/dcoptest.pot
+
+
+service_DATA = kmfiptinterface.desktop
+servicedir = $(kde_servicesdir)
diff --git a/KMFIPTInterface/README b/KMFIPTInterface/README
new file mode 100644
index 0000000..58e1775
--- /dev/null
+++ b/KMFIPTInterface/README
@@ -0,0 +1,11 @@
+KMFIPTInterface
+---------------
+
+Small dcop interface using the libiptc library to fetch running iptables configuration from the kernel.
+
+As the libiptc library is pure C and links the kernel headers a small modification of the kernel header iptables.h file is needed to build it. Unfortunately there is no real usable C++/C API available to query/modify the iptables configuration.
+
+So i'm not shure if this will acutually work in the end.
+
+The iptables/netfilter team says that currently the only way to communicate with iptables is using a pipe to the iptables-save
+command which is acctuall not a real soulution for such an application but they know this issue and therefore i hope that an C++ compatible API will be available in the future to make this really work.
diff --git a/KMFIPTInterface/iptchecker.cpp b/KMFIPTInterface/iptchecker.cpp
new file mode 100644
index 0000000..bf6979d
--- /dev/null
+++ b/KMFIPTInterface/iptchecker.cpp
@@ -0,0 +1,234 @@
+/***************************************************************************
+ * Copyright (C) 2005 by Christian Hubinger *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ***************************************************************************/
+#include "iptchecker.h"
+
+
+extern "C" {
+#include <getopt.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <time.h>
+#include <netdb.h>
+#include "libiptc/libiptc.h"
+#include "iptables.h"
+}
+
+
+/* Here begins some of the code taken from iptables-save.c **************** */
+#define IP_PARTS_NATIVE(n) \
+ (unsigned int)((n)>>24)&0xFF, \
+ (unsigned int)((n)>>16)&0xFF, \
+ (unsigned int)((n)>>8)&0xFF, \
+ (unsigned int)((n)&0xFF)
+
+
+
+IPTChecker::IPTChecker()
+{
+}
+
+
+IPTChecker::~IPTChecker()
+{
+}
+
+int IPTChecker::numChainsInTable( char *tablename ) {
+ int foundChain = 0;
+ iptc_handle_t h;
+ const char *chain = NULL;
+
+ h = iptc_init(tablename);
+ if (!h) {
+ printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno));
+ return -1;
+ }
+
+ for (chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h)) {
+ foundChain++;
+ }
+ printf("Table %s Num: %d\n", tablename, foundChain );
+ return foundChain;
+}
+
+
+int IPTChecker::numRulesInChain( char *tablename, char *chain ) {
+ int foundRule = 0;
+ iptc_handle_t h;
+ const struct ipt_entry *e;
+ const char *ch = NULL;
+
+ h = iptc_init(tablename);
+ if (!h) {
+ printf("Can't initialize IPT Handle for table %s : %s\n", tablename, iptc_strerror(errno));
+ return -1;
+ }
+
+ if ( iptc_is_chain( chain, h ) == 0 ) {
+ printf("Error Chain: %s Not Found in table: %s\n", chain, tablename );
+ return -1;
+ }
+ for (ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h)) {
+ if ( strcmp( ch, chain ) == 0 ) {
+ int found = 0;
+ for (e = iptc_first_rule(ch, &h); e && found == 0; e = iptc_next_rule(e, &h)) {
+ foundRule++;
+ }
+ printf("Table: %s Chain: %s Num Rules: %d\n", tablename, chain, foundRule );
+ return foundRule;
+ }
+ }
+ return -1;
+}
+QStringList IPTChecker::getRuleProperties( char * table, char *chain, int ruleIndex ) {
+ QStringList list;
+ int numRules = 0;
+ int found = 0;
+ iptc_handle_t h;
+ const struct ipt_entry *rule = 0;
+ const struct ipt_entry *my_rule = 0;
+ const char *ch = NULL;
+
+ h = iptc_init(table);
+ if (!h) {
+ printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno));
+ return list;
+ }
+
+ if ( iptc_is_chain( chain, h ) == 0 ) {
+ printf("Error Chain: %s Not Found in table: %s\n", chain, table );
+ return list;
+ }
+ int foundChain = 0;
+ for (ch = iptc_first_chain(&h); ch && foundChain == 0; ch = iptc_next_chain(&h)) {
+ if ( strcmp( ch, chain ) == 0 ) {
+ foundChain = 1;
+ for (rule = iptc_first_rule(ch, &h); rule && found == 0; rule = iptc_next_rule(rule, &h)) {
+ if ( numRules == ruleIndex ) {
+ my_rule = rule;
+ found = 1;
+ }
+ numRules++;
+ }
+ }
+ }
+ if ( my_rule ) {
+ const char *target_name;
+ /* Print target name */
+ target_name = iptc_get_target( my_rule, &h );
+ if ( target_name && (*target_name != '\0') ) {
+
+ list << QString("%1").arg(target_name);
+ }
+
+
+ /* Print targinfo part */
+/* struct ipt_entry_target *t;
+ t = ipt_get_target( (struct ipt_entry *) my_rule );
+ if ( t ) {
+ list << "Found Target:";
+ list << t->u.user.name;
+ }
+
+ if ( t->u.user.name ) {
+ list << QString("TARGET2:%1").arg(t->u.user.name);
+
+ struct iptables_target *target = find_target( target_name, TRY_LOAD );
+
+ if ( ! target ) {
+ list << "Can't find library for target `%s'\n" << t->u.user.name;
+ return list;
+ }
+
+ if (target->save) {
+ target->save(&my_rule->ip, t);
+ } else {
+ // If the target size is greater than ipt_entry_target
+ // there is something to be saved, we just don't know
+ // how to print it
+ if (t->u.target_size != sizeof(struct ipt_entry_target)) {
+ fprintf(stderr, "Target `%s' is missing "
+ "save function\n",
+ t->u.user.name);
+ return list;
+ }
+ }
+ }*/
+ } else {
+ list << "ERROR";
+ }
+ return list;
+}
+
+QStringList IPTChecker::getChainsInTable( char * table ) {
+ QStringList list;
+ int foundRule = 0;
+ iptc_handle_t h;
+ const struct ipt_entry *e;
+ const char *chain = NULL;
+
+ h = iptc_init(table);
+ if (!h) {
+ printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno));
+ return list;
+ }
+
+
+ for ( chain = iptc_first_chain(&h); chain; chain = iptc_next_chain(&h) ) {
+ list << chain;
+ }
+ return list;
+}
+
+
+QString IPTChecker::getChainPolicy( char * table, char *chain ) {
+ QString policy = "";
+ iptc_handle_t h;
+ const struct ipt_entry *e;
+ const char *ch = NULL;
+
+ h = iptc_init(table);
+ if (!h) {
+ printf("Can't initialize IPT Handle for table %s : %s\n", table, iptc_strerror(errno));
+ return "";
+ }
+
+
+ for ( ch = iptc_first_chain(&h); ch; ch = iptc_next_chain(&h) ) {
+ if ( strcmp( ch, chain ) == 0 ) {
+
+ if ( iptc_builtin(chain, h) ) {
+ struct ipt_counters count;
+ policy = iptc_get_policy(chain, &count, &h);
+
+/* printf("%s ",
+ iptc_get_policy(chain, &count, &h));
+ printf("[%llu:%llu]\n", (unsigned long long)count.pcnt, (unsigned long long)count.bcnt);*/
+ } else {
+// printf("- [0:0]\n");
+ }
+
+ }
+ }
+ return policy;
+}
diff --git a/KMFIPTInterface/iptchecker.h b/KMFIPTInterface/iptchecker.h
new file mode 100644
index 0000000..51369d6
--- /dev/null
+++ b/KMFIPTInterface/iptchecker.h
@@ -0,0 +1,41 @@
+/***************************************************************************
+ * Copyright (C) 2005 by Christian Hubinger *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ***************************************************************************/
+#ifndef IPTCHECKER_H
+#define IPTCHECKER_H
+
+#include <qstringlist.h>
+
+/**
+@author Christian Hubinger
+*/
+class IPTChecker{
+public:
+ IPTChecker();
+
+ ~IPTChecker();
+
+ int numChainsInTable( char *tablename );
+ int numRulesInChain( char *tablename, char *chain );
+ QStringList getChainsInTable( char * table );
+ QString getChainPolicy( char * table, char *chain );
+ QStringList getRuleProperties( char * table, char *chain, int ruleIndex );
+};
+
+#endif
diff --git a/KMFIPTInterface/kmfiptinterface.cpp b/KMFIPTInterface/kmfiptinterface.cpp
new file mode 100644
index 0000000..e963383
--- /dev/null
+++ b/KMFIPTInterface/kmfiptinterface.cpp
@@ -0,0 +1,115 @@
+ /***************************************************************************
+ * Copyright (C) 2005 by Christian Hubinger *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ***************************************************************************/
+
+#include "iptchecker.h"
+
+#include "kmfiptinterface.h"
+#include <kdebug.h>
+#include <kapplication.h>
+#include <klocale.h>
+#include <kmessagebox.h>
+
+#include <dcopobject.h>
+#include <dcopclient.h>
+
+
+
+KMFIPTInterface::KMFIPTInterface() : DCOPObject("KMFIPTInterface")
+{
+ kdDebug() << "Starting new service... " << endl;
+ m_List = QStringList();
+}
+
+KMFIPTInterface::~KMFIPTInterface()
+{
+ kdDebug() << "Going away... " << endl;
+}
+
+QString KMFIPTInterface::string(int idx)
+{
+ return *m_List.at(idx);
+}
+
+QStringList KMFIPTInterface::list()
+{
+ return m_List;
+}
+
+void KMFIPTInterface::add(QString arg)
+{
+ kdDebug() << "Adding " << arg << " to the list" << endl;
+ m_List << arg;
+}
+
+bool KMFIPTInterface::remove(QString arg)
+{
+ QStringList::Iterator it = m_List.find(arg);
+ if (it != m_List.end())
+ {
+ m_List.remove(it);
+ }
+ else
+ return false;
+ return true;
+}
+
+bool KMFIPTInterface::exit()
+{
+ kapp->quit();
+ return 0;
+}
+
+void KMFIPTInterface::Test() {
+ KMessageBox::information(0 , i18n("Called KMFIPTInterface::Test()") );
+}
+
+int KMFIPTInterface::numRulesInChain( QString table , QString chain ) {
+ IPTChecker *chk = new IPTChecker();
+ char *ctable = strdup(table);
+ char *cchain = strdup(chain);
+ return chk->numRulesInChain( ctable, cchain );
+}
+
+int KMFIPTInterface::numChainsInTable( QString table ) {
+ IPTChecker *chk = new IPTChecker();
+ char *ctable = strdup(table);
+ return chk->numChainsInTable( ctable );
+}
+
+QStringList KMFIPTInterface::getChainsInTable( QString table ) {
+ IPTChecker *chk = new IPTChecker();
+ char *ctable = strdup(table);
+ return chk->getChainsInTable( ctable );
+}
+
+QStringList KMFIPTInterface::getRuleProperties( QString table , QString chain , int index ) {
+ IPTChecker *chk = new IPTChecker();
+ char *ctable = strdup(table);
+ char *cchain = strdup(chain);
+ return chk->getRuleProperties( ctable, cchain, index );
+}
+
+QString KMFIPTInterface::getChainPolicy( QString table , QString chain ) {
+ IPTChecker *chk = new IPTChecker();
+ char *ctable = strdup(table);
+ char *cchain = strdup(chain);
+ return chk->getChainPolicy( ctable, cchain );
+}
+
diff --git a/KMFIPTInterface/kmfiptinterface.desktop b/KMFIPTInterface/kmfiptinterface.desktop
new file mode 100644
index 0000000..7ee32f6
--- /dev/null
+++ b/KMFIPTInterface/kmfiptinterface.desktop
@@ -0,0 +1,39 @@
+[Desktop Entry]
+Comment=KMyFirewall iptables interface
+Comment[bg]=Интерфейс за iptables на KMyFirewall
+Comment[br]=Etrefas ipables KMyFirewall
+Comment[ca]=Interfície per a iptables KMyFirewall
+Comment[cs]=iptable rozhraní KMyFirewall
+Comment[da]=IP-tabelgrænseflade for KMyFirewall
+Comment[de]=Oberfläche für iptables
+Comment[el]=Διασύνδεση iptables του KMyFirewall
+Comment[es]=Interfaz a iptables de KMyFirewall
+Comment[et]=KMyFirewalli IPTablesi liides
+Comment[fr]=Interface iptables de KMyFirewall
+Comment[ga]=Comhéadan iptables KMyFirewall
+Comment[gl]=Interface de KMyFirewall para iptables
+Comment[it]=Interfaccia a iptables KMyFirewall
+Comment[ja]=KMyFirewall iptables インターフェース
+Comment[ka]=KMyFirewall iptables ინტერფეისი
+Comment[lt]=KMyFirewall – IPTables tvarkymo sąsaja
+Comment[nl]=KMyFirewall iptables-interface
+Comment[pl]=Interfejs iptables KMyFirewall
+Comment[pt]=Interface para o 'iptables' do KMyFirewall
+Comment[pt_BR]=Interface do iptables no KMyFirewall
+Comment[sr]=KMyFirewall-ов интерфејс за iptables
+Comment[sr@Latn]=KMyFirewall-ov interfejs za iptables
+Comment[sv]=IP-tabellgränssnitt för Min brandvägg
+Comment[tr]=KMyFirewall iptables Kural Belirleyici
+Comment[uk]=Інтерфейс KMyFirewall до iptables
+Comment[xx]=xxKMyFirewall iptables interfacexx
+Exec=kmfiptinterface
+Icon=
+Name=kmfiptinterface
+Name[pl]=kmfiptinterfejs
+Name[pt_BR]=Interface do Iptables
+Name[sv]=IP-gränssnitt för Min brandvägg
+Name[tr]=kmf ip arabirimi
+Name[xx]=xxkmfiptinterfacexx
+Type=Service
+X-DCOP-ServiceType=Unique
+X-KDE-StartupNotify=false
diff --git a/KMFIPTInterface/kmfiptinterface.h b/KMFIPTInterface/kmfiptinterface.h
new file mode 100644
index 0000000..512f73b
--- /dev/null
+++ b/KMFIPTInterface/kmfiptinterface.h
@@ -0,0 +1,57 @@
+/***************************************************************************
+ * Copyright (C) 2005 by Christian Hubinger *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
+ ***************************************************************************/
+
+
+#ifndef _kmfiptinterface_H
+#define _kmfiptinterface_H
+
+#include <qstringlist.h>
+#include <qstring.h>
+#include <dcopobject.h>
+
+class KMFIPTInterface : public DCOPObject
+{
+ K_DCOP
+
+ private:
+ QStringList m_List;
+
+ public:
+ KMFIPTInterface();
+
+ ~KMFIPTInterface();
+
+ k_dcop:
+ QString string(int);
+ QStringList list();
+
+ void add(QString);
+ bool remove(QString);
+ bool exit();
+
+ void Test();
+ int numRulesInChain( QString, QString );
+ int numChainsInTable( QString );
+ QStringList getChainsInTable( QString );
+ QStringList getRuleProperties( QString, QString, int );
+
+ QString getChainPolicy( QString, QString );
+};
+#endif
diff --git a/KMFIPTInterface/kmfiptinterface_ctl b/KMFIPTInterface/kmfiptinterface_ctl
new file mode 100755
index 0000000..05c2688
--- /dev/null
+++ b/KMFIPTInterface/kmfiptinterface_ctl
@@ -0,0 +1,7 @@
+#!/bin/bash
+SERVER="`dcopserver --serverid 2>&1`"
+echo -n "Server:"
+echo $SERVER
+kdesu -t --nonewdcop -u root -c kmfiptinterface --dcopserver=$SERVER
+
+
diff --git a/KMFIPTInterface/main.cpp b/KMFIPTInterface/main.cpp
new file mode 100644
index 0000000..c3e28ee
--- /dev/null
+++ b/KMFIPTInterface/main.cpp
@@ -0,0 +1,67 @@
+/***************************************************************************
+* Copyright (C) 2005 by Christian Hubinger *
+* *
+* This program is free software; you can redistribute it and/or modify *
+* it under the terms of the GNU General Public License as published by *
+* the Free Software Foundation; either version 2 of the License, or *
+* (at your option) any later version. *
+* *
+* This program is distributed in the hope that it will be useful, *
+* but WITHOUT ANY WARRANTY; without even the implied warranty of *
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+* GNU General Public License for more details. *
+* *
+* You should have received a copy of the GNU General Public License *
+* along with this program; if not, write to the *
+* Free Software Foundation, Inc., *
+* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
+***************************************************************************/
+
+
+#include <kuniqueapplication.h>
+#include <kaboutdata.h>
+#include <kcmdlineargs.h>
+#include <kdebug.h>
+#include <klocale.h>
+#include <dcopclient.h>
+#include "kmfiptinterface.h"
+#include "version.h"
+static const char description[] =
+ I18N_NOOP( "A KDE KPart Application" );
+
+static const char version[] = "0.1";
+
+static KCmdLineOptions options[] =
+ {
+ KCmdLineLastOption
+ };
+
+int main ( int argc, char *argv[] ) {
+ KLocale::setMainCatalogue( "kdelibs" );
+ KAboutData aboutdata( "kmfiptinterface", I18N_NOOP( "KDE" ),
+ version, description,
+ KAboutData::License_GPL, "(C) 2001, Christian Hubinger" );
+ aboutdata.addAuthor( "Christian Hubinger", I18N_NOOP( "Developer" ), "[email protected]" );
+
+ KCmdLineArgs::init( argc, argv, &aboutdata );
+ KCmdLineArgs::addCmdLineOptions( options );
+ KUniqueApplication::addCmdLineOptions();
+ kdDebug() << "Starting up...!" << endl;
+ if ( ! KUniqueApplication::start() ) {
+ kdDebug() << "kmfiptinterface is already running!" << endl;
+ return ( 0 );
+ }
+
+ KUniqueApplication app;
+ kdDebug() << "starting kmfiptinterface " << endl;
+ // This app is started automatically, no need for session management
+ app.dcopClient() ->setAcceptCalls( true );
+ kdDebug() << app.dcopClient() ->appId() << endl;
+ kdDebug() << "starting kmfiptinterface " << endl;
+
+ app.disableSessionManagement();
+ /*KMFIPTInterface *service =*/ new KMFIPTInterface;
+ return app.exec();
+
+}