X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=src%2Fiptables.c;h=a2ed4c731e11bda9dfa9d7af92d18a09f90ccd27;hb=e5e5d99350fa54e22f07b90fbc3102df51565ad9;hp=05e3e24b92b9716612b13748d8027521c289bd54;hpb=ccc4feb9576f520596508418f404beb000fde1aa;p=collectd.git diff --git a/src/iptables.c b/src/iptables.c index 05e3e24b..a2ed4c73 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -25,10 +25,15 @@ **/ #include "collectd.h" + #include "common.h" #include "plugin.h" #include "configfile.h" +#ifdef HAVE_SYS_CAPABILITY_H +# include +#endif + #include #include @@ -111,7 +116,8 @@ static int iptables_config (const char *key, const char *value) else return (1); - ip_chain_t temp, *final, **list; + ip_chain_t temp = { 0 }; + ip_chain_t *final, **list; char *table; int table_len; char *chain; @@ -121,8 +127,6 @@ static int iptables_config (const char *key, const char *value) char *fields[4]; int fields_num; - memset (&temp, 0, sizeof (temp)); - value_copy = strdup (value); if (value_copy == NULL) { @@ -204,7 +208,7 @@ static int iptables_config (const char *key, const char *value) table = NULL; chain = NULL; - list = (ip_chain_t **) realloc (chain_list, (chain_num + 1) * sizeof (ip_chain_t *)); + list = realloc (chain_list, (chain_num + 1) * sizeof (ip_chain_t *)); if (list == NULL) { char errbuf[1024]; @@ -215,7 +219,7 @@ static int iptables_config (const char *key, const char *value) } chain_list = list; - final = (ip_chain_t *) malloc( sizeof(temp) ); + final = malloc(sizeof (*final)); if (final == NULL) { char errbuf[1024]; @@ -420,12 +424,11 @@ static void submit_chain (iptc_handle_t *handle, ip_chain_t *chain) static int iptables_read (void) { - int i; int num_failures = 0; ip_chain_t *chain; /* Init the iptc handle structure and query the correct table */ - for (i = 0; i < chain_num; i++) + for (int i = 0; i < chain_num; i++) { chain = chain_list[i]; @@ -489,9 +492,7 @@ static int iptables_read (void) static int iptables_shutdown (void) { - int i; - - for (i = 0; i < chain_num; i++) + for (int i = 0; i < chain_num; i++) { if ((chain_list[i] != NULL) && (chain_list[i]->rule_type == RTYPE_COMMENT)) sfree (chain_list[i]->rule.comment); @@ -502,10 +503,30 @@ static int iptables_shutdown (void) return (0); } /* int iptables_shutdown */ +static int iptables_init (void) +{ +#ifdef HAVE_SYS_CAPABILITY_H + if (check_capability (CAP_NET_ADMIN) != 0) + { + if (getuid () == 0) + WARNING ("iptables plugin: Running collectd as root, but the " + "CAP_NET_ADMIN capability is missing. The plugin's read " + "function will probably fail. Is your init system dropping " + "capabilities ?"); + else + WARNING ("iptables plugin: collectd doesn't have the CAP_NET_ADMIN " + "capability. If you don't want to run collectd as root, try " + "running \"setcap cap_net_admin=ep\" on the collectd binary."); + } +#endif + return (0); +} /* int iptables_init */ + void module_register (void) { plugin_register_config ("iptables", iptables_config, config_keys, config_keys_num); + plugin_register_init ("iptables", iptables_init); plugin_register_read ("iptables", iptables_read); plugin_register_shutdown ("iptables", iptables_shutdown); } /* void module_register */