[netfilter-cvslog] r4209 - in trunk/conntrack: . extensions src

pablo at netfilter.org pablo at netfilter.org
Tue Aug 2 15:21:29 CEST 2005 

Author: pablo at netfilter.org
Date: 2005-08-02 15:21:25 +0200 (Tue, 02 Aug 2005)
New Revision: 4209

Modified:
   trunk/conntrack/extensions/libct_proto_sctp.c
   trunk/conntrack/extensions/libct_proto_tcp.c
   trunk/conntrack/extensions/libct_proto_udp.c
   trunk/conntrack/src/conntrack.c
   trunk/conntrack/src/libct.c
   trunk/conntrack/test.sh
Log:
More re-sync to work fine with current ip_conntrack_netlink implementation
available in Harald's 2.6.14 tree.


Modified: trunk/conntrack/extensions/libct_proto_sctp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_sctp.c	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/extensions/libct_proto_sctp.c	2005-08-02 13:21:25 UTC (rev 4209)
@@ -12,7 +12,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
 #include "libct_proto.h"
 #include "libctnetlink.h"
 

Modified: trunk/conntrack/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_tcp.c	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/extensions/libct_proto_tcp.c	2005-08-02 13:21:25 UTC (rev 4209)
@@ -12,7 +12,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
 #include "libct_proto.h"
 #include "libctnetlink.h"
 
@@ -114,7 +114,7 @@
 			break;
 		case '6':
 			if (optarg) {
-				mask->l4src.tcp.port = htons(atoi(optarg));
+				mask->l4dst.tcp.port = htons(atoi(optarg));
 				*flags |= MASK_DPORT;
 			}
 			break;

Modified: trunk/conntrack/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_udp.c	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/extensions/libct_proto_udp.c	2005-08-02 13:21:25 UTC (rev 4209)
@@ -11,7 +11,7 @@
 #include <getopt.h>
 #include <stdlib.h>
 #include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
 #include "libct_proto.h"
 #include "libctnetlink.h"
 
@@ -95,7 +95,7 @@
 			break;
 		case '6':
 			if (optarg) {
-				mask->l4src.udp.port = htons(atoi(optarg));
+				mask->l4dst.udp.port = htons(atoi(optarg));
 				*flags |= MASK_DPORT;
 			}
 			break;

Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/src/conntrack.c	2005-08-02 13:21:25 UTC (rev 4209)
@@ -679,6 +679,7 @@
 	memset(&orig, 0, sizeof(struct ctnl_tuple));
 	memset(&reply, 0, sizeof(struct ctnl_tuple));
 	memset(&mask, 0, sizeof(struct ctnl_tuple));
+	memset(&exptuple, 0, sizeof(struct ctnl_tuple));
 	memset(&range, 0, sizeof(struct ctnl_nat));
 	
 	while ((c = getopt_long(argc, argv, 
@@ -768,6 +769,8 @@
 				exit_error(PARAMETER_PROBLEM, "proto needed\n");
 			orig.protonum = h->protonum;
 			reply.protonum = h->protonum;
+			exptuple.protonum = h->protonum;
+			mask.protonum = h->protonum;
 			opts = merge_options(opts, h->opts, 
 					     &h->option_offset);
 			break;
@@ -791,22 +794,22 @@
 		case 'z':
 			options |= CT_OPT_ZERO;
 			break;
-		case 'k':
+		case '{':
 			options |= CT_OPT_MASK_SRC;
 			if (optarg)
 				mask.src.v4 = inet_addr(optarg);
 			break;
-		case 'l':
+		case '}':
 			options |= CT_OPT_MASK_DST;
 			if (optarg)
 				mask.dst.v4 = inet_addr(optarg);
 			break;
-		case 'x':
+		case '[':
 			options |= CT_OPT_EXP_SRC;
 			if (optarg)
 				exptuple.src.v4 = inet_addr(optarg);
 			break;
-		case 'y':
+		case ']':
 			options |= CT_OPT_EXP_DST;
 			if (optarg)
 				exptuple.dst.v4 = inet_addr(optarg);

Modified: trunk/conntrack/src/libct.c
===================================================================
--- trunk/conntrack/src/libct.c	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/src/libct.c	2005-08-02 13:21:25 UTC (rev 4209)
@@ -35,6 +35,14 @@
 extern struct list_head proto_list;
 extern char *proto2str[];
 
+static void dump_tuple(struct ctnl_tuple *tp)
+{
+	fprintf(stdout, "tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",
+			tp, tp->protonum,
+			NIPQUAD(tp->src.v4), ntohs(tp->l4src.all),
+			NIPQUAD(tp->dst.v4), ntohs(tp->l4dst.all));
+}
+
 static void print_status(unsigned int status)
 {
 	if (status & IPS_ASSURED)
@@ -100,7 +108,7 @@
         if (h && h->parse_protoinfo)
 		h->parse_protoinfo(tb, ct);
 }
-	
+
 static void parse_counters(struct nfattr *attr, struct ctnl_conntrack *ct,
 			   enum ctattr_type parent)
 {
@@ -111,10 +119,10 @@
 	nfnl_parse_nested(tb, CTA_COUNTERS_MAX, attr);
 	if (tb[CTA_COUNTERS_PACKETS-1])
 		ct->counters[CTNL_DIR_ORIGINAL].packets
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]);
+			= *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]);
 	if (tb[CTA_COUNTERS_BYTES-1])
 		ct->counters[CTNL_DIR_ORIGINAL].bytes
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES-1]);
+			= *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES-1]);
 }
 
 /* Some people seem to like counting in decimal... */
@@ -154,7 +162,7 @@
 			parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);
 			break;
 		case CTA_STATUS:
-			ct.status = *(unsigned int *)NFA_DATA(attr);
+			ct.status = ntohl(*(unsigned int *)NFA_DATA(attr));
 			flags |= STATUS;
 			break;
 		case CTA_PROTOINFO:
@@ -162,11 +170,11 @@
 			flags |= PROTOINFO;
 			break;
 		case CTA_TIMEOUT:
-			ct.timeout = *(unsigned long *)NFA_DATA(attr);
+			ct.timeout = ntohl(*(unsigned long *)NFA_DATA(attr));
 			flags |= TIMEOUT;
 			break;
 		case CTA_MARK:
-			ct.mark = *(unsigned long *)NFA_DATA(attr);
+			ct.mark = ntohl(*(unsigned long *)NFA_DATA(attr));
 			flags |= MARK;
 			break;
 		case CTA_COUNTERS_ORIG:
@@ -175,11 +183,11 @@
 			flags |= COUNTERS;
 			break;
 		case CTA_USE:
-			ct.use = *(unsigned int *)NFA_DATA(attr);
+			ct.use = ntohl(*(unsigned int *)NFA_DATA(attr));
 			flags |= USE;
 			break;
 		case CTA_ID:
-			ct.id = *(u_int32_t *)NFA_DATA(attr);
+			ct.id = ntohl(*(u_int32_t *)NFA_DATA(attr));
 			flags |= ID;
 			break;
 		}
@@ -274,9 +282,9 @@
 	if (tb[CTA_EXPECT_MASK-1])
 		parse_tuple(tb[CTA_EXPECT_MASK-1], mask);
 	if (tb[CTA_EXPECT_TIMEOUT-1])
-		*timeout = *(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]);
+		*timeout = htonl(*(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]));
 	if (tb[CTA_EXPECT_ID-1])
-		*id = *(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]);
+		*id = htonl(*(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]));
 }
 
 static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
@@ -319,7 +327,7 @@
 		NIPQUAD(mask.src.v4),
 		NIPQUAD(mask.dst.v4));
 
-	fprintf(stdout, "id=0x%x ", id);
+	fprintf(stdout, "id=%u ", id);
 	
 	fputc('\n', stdout);
 
@@ -339,8 +347,8 @@
 	memset(&ct, 0, sizeof(struct ctnl_conntrack));
 	ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
 	ct.tuple[CTNL_DIR_REPLY] = *reply;
-	ct.timeout = timeout;
-	ct.status = status;
+	ct.timeout = htonl(timeout);
+	ct.status = htonl(status);
 	ct.protoinfo = *proto;
 	if (range)
 		ct.nat = *range;
@@ -367,8 +375,8 @@
 	memset(&ct, 0, sizeof(struct ctnl_conntrack));
 	ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
 	ct.tuple[CTNL_DIR_REPLY] = *reply;
-	ct.timeout = timeout;
-	ct.status = status;
+	ct.timeout = htonl(timeout);
+	ct.status = htonl(status);
 	ct.protoinfo = *proto;
 	
 	if ((ret = ctnl_open(&cth, 0)) < 0)
@@ -518,7 +526,7 @@
 		.handler = expect_handler
 	};
 	int ret;
-	
+
 	if ((ret = ctnl_open(&cth, 0)) < 0)
 		return ret;
 
@@ -546,7 +554,6 @@
 int get_expect(struct ctnl_tuple *tuple,
 	       enum ctattr_type t)
 {
-	/*
 	struct ctnl_msg_handler h = {
 		.type = IPCTNL_MSG_EXP_NEW,
 		.handler = expect_handler
@@ -562,7 +569,6 @@
 	ctnl_close(&cth);
 
 	return ret;
-	*/
 }
 
 int create_expectation(struct ctnl_tuple *tuple,
@@ -571,22 +577,20 @@
 		       struct ctnl_tuple *mask,
 		       unsigned long timeout)
 {
-	/*
 	int ret;
 	
 	if ((ret = ctnl_open(&cth, 0)) < 0)
 		return ret;
 
+
 	ret = ctnl_new_expect(&cth, tuple, t, exptuple, mask, timeout);
 	ctnl_close(&cth);
 
 	return ret;
-	*/
 }
 
 int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t)
 {
-	/*
 	int ret;
 	
 	if ((ret = ctnl_open(&cth, 0)) < 0)
@@ -596,7 +600,6 @@
 	ctnl_close(&cth);
 
 	return ret;
-	*/
 }
 
 int event_expectation(unsigned int event_mask)

Modified: trunk/conntrack/test.sh
===================================================================
--- trunk/conntrack/test.sh	2005-07-31 20:26:37 UTC (rev 4208)
+++ trunk/conntrack/test.sh	2005-08-02 13:21:25 UTC (rev 4209)
@@ -75,7 +75,7 @@
 	create-expect)
 		# requires modprobe ip_conntrack_ftp
 		$CONNTRACK -I expect --orig-src $SRC --orig-dst $DST \
-		--exp-src 4.4.4.4 --exp-dst 5.5.5.5 \
+		--tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \
 		--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
 		-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
 		-t 200 --mask-port-src 10 --mask-port-dst 300

More information about the netfilter-cvslog mailing list