[netfilter-cvslog] r4321 - in trunk/conntrack: . extensions src
pablo at netfilter.org
pablo at netfilter.org
Fri Oct 7 15:09:24 CEST 2005
Author: pablo at netfilter.org
Date: 2005-10-07 15:09:22 +0200 (Fri, 07 Oct 2005)
New Revision: 4321
Modified:
trunk/conntrack/ChangeLog
trunk/conntrack/extensions/libct_proto_icmp.c
trunk/conntrack/src/libct.c
Log:
See Changelog
Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog 2005-10-06 18:21:57 UTC (rev 4320)
+++ trunk/conntrack/ChangeLog 2005-10-07 13:09:22 UTC (rev 4321)
@@ -1,3 +1,10 @@
+2005-10-07
+<chentschel at iplan.com.ar>
+ o Fixed ICMP options
+<pablo at netfilter.org>
+ o Multiple fixes for the ICMP protocol handler
+ o Fix ICMP output: wrong output. type and code were set to zero.
+
2005-10-05
<pablo at netfilter.org>
o Fix up counters
Modified: trunk/conntrack/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_icmp.c 2005-10-06 18:21:57 UTC (rev 4320)
+++ trunk/conntrack/extensions/libct_proto_icmp.c 2005-10-07 13:09:22 UTC (rev 4321)
@@ -12,12 +12,13 @@
#include <getopt.h>
#include <stdlib.h>
#include <netinet/in.h> /* For htons */
+#include <netinet/ip_icmp.h>
#include "libct_proto.h"
static struct option opts[] = {
- {"--icmp-type", 1, 0, '1'},
- {"--icmp-code", 1, 0, '2'},
- {"--icmp-id", 1, 0, '3'},
+ {"icmp-type", 1, 0, '1'},
+ {"icmp-code", 1, 0, '2'},
+ {"icmp-id", 1, 0, '3'},
{0, 0, 0, 0}
};
@@ -39,6 +40,17 @@
fprintf(stdout, "--icmp-id icmp id\n");
}
+/* Add 1; spaces filled with 0. */
+static u_int8_t invmap[]
+ = { [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
+ [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
+ [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
+ [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
+ [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
+ [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
+ [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
+ [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};
+
int parse(char c, char *argv[],
struct ctnl_tuple *orig,
struct ctnl_tuple *reply,
@@ -50,18 +62,22 @@
case '1':
if (optarg) {
orig->l4dst.icmp.type = atoi(optarg);
+ reply->l4dst.icmp.type =
+ invmap[orig->l4dst.icmp.type] - 1;
*flags |= ICMP_TYPE;
}
break;
case '2':
if (optarg) {
orig->l4dst.icmp.code = atoi(optarg);
+ reply->l4dst.icmp.code = 0;
*flags |= ICMP_CODE;
}
break;
case '3':
if (optarg) {
orig->l4src.icmp.id = atoi(optarg);
+ reply->l4dst.icmp.id = 0;
*flags |= ICMP_ID;
}
break;
@@ -81,7 +97,7 @@
if (cda[CTA_PROTO_ICMP_ID-1])
tuple->l4src.icmp.id =
- *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
+ *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
}
int final_check(unsigned int flags,
@@ -98,9 +114,11 @@
void print_proto(struct ctnl_tuple *t)
{
- fprintf(stdout, "type=%d code=%d id=%d ", t->l4dst.icmp.type,
- t->l4dst.icmp.code,
- t->l4src.icmp.id);
+ fprintf(stdout, "type=%d code=%d ", t->l4dst.icmp.type,
+ t->l4dst.icmp.code);
+ /* ID only makes sense with ECHO */
+ if (t->l4dst.icmp.type == 8)
+ fprintf(stdout, "id=%d ", t->l4src.icmp.id);
}
static struct ctproto_handler icmp = {
Modified: trunk/conntrack/src/libct.c
===================================================================
--- trunk/conntrack/src/libct.c 2005-10-06 18:21:57 UTC (rev 4320)
+++ trunk/conntrack/src/libct.c 2005-10-07 13:09:22 UTC (rev 4321)
@@ -70,7 +70,7 @@
memset(tb, 0, CTA_PROTO_MAX * sizeof(struct nfattr *));
- nfnl_parse_nested(tb, CTA_IP_MAX, attr);
+ nfnl_parse_nested(tb, CTA_PROTO_MAX, attr);
if (tb[CTA_PROTO_NUM-1])
tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);
More information about the netfilter-cvslog
mailing list