[netfilter-cvslog] r3879 - trunk/conntrack/src

laforge at netfilter.org laforge at netfilter.org
Sat Apr 16 15:32:45 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-04-16 15:32:44 +0200 (Sat, 16 Apr 2005)
New Revision: 3879

Modified:
   trunk/conntrack/src/conntrack.c
   trunk/conntrack/src/libct.c
Log:
- add support for new list-conntrack-and-zero-counters flag (-z)
- distinguish between real NEW and UPDATE messages in event log
- add support to print the conntrack mark


Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2005-04-16 13:30:56 UTC (rev 3878)
+++ trunk/conntrack/src/conntrack.c	2005-04-16 13:32:44 UTC (rev 3879)
@@ -22,6 +22,10 @@
  *	for introducing me to advanced firewalling stuff.
  *
  *						--pablo 13/04/2005
+ *
+ * 2005-04-16 Harald Welte <laforge at netfilter.org>: 
+ * 	Add support for conntrack accounting and conntrack mark
+ *
  */
 #include <stdio.h>
 #include <getopt.h>
@@ -37,7 +41,7 @@
 #include "libct_proto.h"
 
 #define PROGNAME "conntrack"
-#define VERSION "0.12"
+#define VERSION "0.13"
 
 #if 0
 #define DEBUGP printf
@@ -94,11 +98,14 @@
 
 	CT_OPT_STATUS_BIT	= 7,
 	CT_OPT_STATUS		= (1 << CT_OPT_STATUS_BIT),
+
+	CT_OPT_ZERO_BIT		= 8,
+	CT_OPT_ZERO		= (1 << CT_OPT_ZERO_BIT),
 };
-#define NUMBER_OF_OPT   8
+#define NUMBER_OF_OPT   9
 
 static const char optflags[NUMBER_OF_OPT]
-= { 's', 'd', 'r', 'q', 'p', 'i', 't', 'u'};
+= { 's', 'd', 'r', 'q', 'p', 'i', 't', 'u', 'z'};
 
 static struct option original_opts[] = {
 	{"dump", 1, 0, 'L'},
@@ -115,6 +122,7 @@
 	{"timeout", 1, 0, 't'},
 	{"id", 1, 0, 'i'},
 	{"status", 1, 0, 'u'},
+	{"zero", 0, 0, 'z'},
 	{0, 0, 0, 0}
 };
 
@@ -135,13 +143,13 @@
 static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
 /* Well, it's better than "Re: Linux vs FreeBSD" */
 {
-          /*   -s  -d  -r  -q  -p  -i  -t  -u*/
-/*LIST*/      {'x','x','x','x','x','x','x','x'},
-/*CREATE*/    {'+','+','+','+','+','x','+','+'},
-/*DELETE*/    {' ',' ',' ',' ',' ','+','x','x'},
-/*GET*/       {' ',' ',' ',' ','+','+','x','x'},
-/*FLUSH*/     {'x','x','x','x','x','x','x','x'},
-/*EVENT*/     {'x','x','x','x','x','x','x','x'}
+          /*   -s  -d  -r  -q  -p  -i  -t  -u  -z */
+/*LIST*/      {'x','x','x','x','x','x','x','x',' '},
+/*CREATE*/    {'+','+','+','+','+','x','+','+','x'},
+/*DELETE*/    {' ',' ',' ',' ',' ','+','x','x','x'},
+/*GET*/       {' ',' ',' ',' ','+','+','x','x','x'},
+/*FLUSH*/     {'x','x','x','x','x','x','x','x','x'},
+/*EVENT*/     {'x','x','x','x','x','x','x','x','x'}
 };
 
 LIST_HEAD(proto_list);
@@ -293,6 +301,7 @@
 printf("-t			Timeout\n");
 printf("-i			Conntrack ID\n");
 printf("-u			Status\n");
+printf("-z			Zero Counters\n");
 }
 
 int main(int argc, char *argv[])
@@ -314,7 +323,7 @@
 	reply.dst.dir = IP_CT_DIR_REPLY;
 	
 	while ((c = getopt_long(argc, argv, 
-			"L:I:D:G:E:s:d:r:q:p:i:t:u:", opts, NULL)) != -1) {
+			"L:I:D:G:E:s:d:r:q:p:i:t:u:z", opts, NULL)) != -1) {
 	switch(c) {
 		case 'L':
 			command |= CT_LIST;
@@ -396,6 +405,9 @@
 					   "flag: %s\n", optarg);
 			break;
 		}
+		case 'z':
+			options |= CT_OPT_ZERO;
+			break;
 		default:
 			if (h && !h->parse(c - h->option_offset, argv, 
 					   &orig, &reply))
@@ -416,9 +428,12 @@
 	switch(command) {
 		case CT_LIST:
 			printf("list\n");
-			if (type == 0)
-				dump_conntrack_table();
-			else
+			if (type == 0) {
+				if (options & CT_OPT_ZERO)
+					dump_conntrack_table(1);
+				else
+					dump_conntrack_table(0);
+			} else
 				dump_expect_list();
 			break;
 		case CT_CREATE:

Modified: trunk/conntrack/src/libct.c
===================================================================
--- trunk/conntrack/src/libct.c	2005-04-16 13:30:56 UTC (rev 3878)
+++ trunk/conntrack/src/libct.c	2005-04-16 13:32:44 UTC (rev 3879)
@@ -64,9 +64,10 @@
 		int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
 
 		struct ip_conntrack_tuple *orig, *reply;
+		struct cta_counters *ctr;
 		unsigned long *status, *timeout;
 		struct cta_proto *proto;
-		unsigned long *id;
+		unsigned long *id, *mark;
 
 		while (NFA_OK(attr, attrlen)) {
 			switch(attr->nfa_type) {
@@ -90,23 +91,34 @@
 				break;
 			case CTA_STATUS:
 				status = NFA_DATA(attr);
-				printf("status:%u ", *status);
+				printf("status=%u ", *status);
 				break;
 			case CTA_PROTOINFO:
 				proto = NFA_DATA(attr);
 				if (proto2str[proto->num_proto])
-					printf("%s %d", proto2str[proto->num_proto], proto->num_proto);
+					printf("%s %d ", proto2str[proto->num_proto], proto->num_proto);
 				else
 					printf("unknown %d ", proto->num_proto);
 				break;
 			case CTA_TIMEOUT:
 				timeout = NFA_DATA(attr);
-				printf("timeout:%lu ", *timeout);
+				printf("timeout=%lu ", *timeout);
 				break;
 /*			case CTA_ID:
 				id = NFA_DATA(attr);
 				printf(" id:%lu ", *id);
 				break;*/
+			case CTA_MARK:
+				mark = NFA_DATA(attr);
+				printf("mark=%lu ", *mark);
+				break;
+			case CTA_COUNTERS:
+				ctr = NFA_DATA(attr);
+				printf("orig_packets=%lu orig_bytes=%lu, "
+				       "reply_packets=%lu reply_bytes=%lu ",
+				       ctr->orig.packets, ctr->orig.bytes,
+				       ctr->reply.packets, ctr->reply.bytes);
+				break;
 			}
 			DEBUGP("nfa->nfa_type: %d\n", attr->nfa_type);
 			DEBUGP("nfa->nfa_len: %d\n", attr->nfa_len);
@@ -121,13 +133,21 @@
 	return 0;
 }
 
-/* FIXME: use event messages better */
-static char *typemsg2str[] = {
-	"NEW",
-	"GET", 
-	"DESTROY"
-};
+static char *typemsg2str(type, flags)
+{
+	char *ret = "UNKNOWN";
 
+	if (type == IPCTNL_MSG_CT_NEW) {
+		if (flags & NLM_F_CREATE)
+			ret = "NEW";
+		else
+			ret = "UPDATE";
+	} else if (type == IPCTNL_MSG_CT_DELETE)
+		ret = "DESTROY";
+
+	return ret;
+}
+
 static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, 
 			 void *arg)
 {
@@ -151,14 +171,15 @@
 
 	DEBUGP("size:%d\n", nlh->nlmsg_len);
 
-	printf("type: [%s] ", typemsg2str[type]);
+	printf("type: [%s] ", typemsg2str(type, nlh->nlmsg_flags));
 
 	while (nlh->nlmsg_len > min_len) {
 		struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
 		int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
 
 		struct ip_conntrack_tuple *orig, *reply;
-		unsigned long *status, *timeout;
+		struct cta_counters *ctr;
+		unsigned long *status, *timeout, *mark;
 		struct cta_proto *proto;
 		unsigned long *id;
 
@@ -189,7 +210,7 @@
 			case CTA_PROTOINFO:
 				proto = NFA_DATA(attr);
 				if (proto2str[proto->num_proto])
-					printf("%s %d", proto2str[proto->num_proto], proto->num_proto);
+					printf("%s %d ", proto2str[proto->num_proto], proto->num_proto);
 				else
 					printf("unknown %d ", proto->num_proto);
 				break;
@@ -201,6 +222,17 @@
 				id = NFA_DATA(attr);
 				printf(" id:%lu ", *id);
 				break;*/
+			case CTA_MARK:
+				mark = NFA_DATA(attr);
+				printf("mark=%lu ", *mark);
+				break;
+			case CTA_COUNTERS:
+				ctr = NFA_DATA(attr);
+				printf("orig_packets=%lu orig_bytes=%lu, "
+				       "reply_packets=%lu reply_bytes=%lu ",
+				       ctr->orig.packets, ctr->orig.bytes,
+				       ctr->reply.packets, ctr->reply.bytes);
+				break;
 			}
 			DEBUGP("nfa->nfa_type: %d\n", attr->nfa_type);
 			DEBUGP("nfa->nfa_len: %d\n", attr->nfa_len);
@@ -365,8 +397,9 @@
 	}
 }
 
-void dump_conntrack_table()
+void dump_conntrack_table(int zero)
 {
+	int ret;
 	struct ctnl_handle cth;
 	struct ctnl_msg_handler h = {
 		.type = 0, /* Hm... really? */
@@ -380,7 +413,12 @@
 
 	ctnl_register_handler(&cth, &h);
 
-	if (ctnl_list_conntrack(&cth, AF_INET) != -100) {
+	if (zero) {
+		ret = ctnl_list_conntrack_zero_counters(&cth, AF_INET);
+	} else
+		ret = ctnl_list_conntrack(&cth, AF_INET);
+
+	if (ret != -100) {
 		printf("error list\n");
 		exit(0);
 	}

More information about the netfilter-cvslog mailing list