[netfilter-cvslog] r6418 - in trunk/conntrack: . src

pablo at netfilter.org pablo at netfilter.org
Sun Jan 15 04:50:25 CET 2006


Author: pablo at netfilter.org
Date: 2006-01-15 04:50:24 +0100 (Sun, 15 Jan 2006)
New Revision: 6418

Modified:
   trunk/conntrack/ChangeLog
   trunk/conntrack/src/conntrack.c
Log:
o Add support to filter dumped entries. ie:
	- display all the connections to IMAPS servers
	conntrack -L -p tcp --orig-port-dst 993
	- display all the connection marked with 2
	conntrack -L -m 2



Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog	2006-01-15 03:10:02 UTC (rev 6417)
+++ trunk/conntrack/ChangeLog	2006-01-15 03:50:24 UTC (rev 6418)
@@ -1,6 +1,11 @@
 2006-01-15
 <pablo at netfilter.org>
 	o Added missing parameters to set the ports of an expectation tuple
+	o Add support to filter dumped entries. 
+	  ie: conntrack -L -p tcp --orig-port-dst 993
+	  display all the connections to IMAPS servers
+	      conntrack -L -m 2
+	  display all the connection marked with 2
 	o Bumped version to 1.00beta2
 
 2005-12-26

Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2006-01-15 03:10:02 UTC (rev 6417)
+++ trunk/conntrack/src/conntrack.c	2006-01-15 03:50:24 UTC (rev 6418)
@@ -113,7 +113,7 @@
 /* Well, it's better than "Re: Linux vs FreeBSD" */
 {
           /*   s d r q p t u z e x y k l a m i f*/
-/*CT_LIST*/   {0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2},
+/*CT_LIST*/   {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2},
 /*CT_CREATE*/ {2,2,2,2,1,1,1,0,0,0,0,0,0,2,2,0,0},
 /*CT_UPDATE*/ {2,2,2,2,1,2,2,0,0,0,0,0,0,0,2,2,0},
 /*CT_DELETE*/ {2,2,2,2,2,0,0,0,0,0,0,0,0,0,0,2,0},
@@ -585,6 +585,8 @@
 	fprintf(stdout, "\n%s", usage_parameters);
 }
 
+#define CT_COMPARISON (CT_OPT_PROTO | CT_OPT_ORIG | CT_OPT_REPL | CT_OPT_MARK)
+
 static struct nfct_tuple orig, reply, mask;
 static struct nfct_tuple exptuple;
 static struct ctproto_handler *h;
@@ -596,15 +598,17 @@
 static unsigned int status;
 static unsigned int mark;
 static unsigned int id = NFCT_ANY_ID;
+static struct nfct_conntrack_compare cmp;
 
 int main(int argc, char *argv[])
 {
 	char c;
 	unsigned int command = 0, options = 0;
 	unsigned int type = 0, event_mask = 0;
-	unsigned int l3flags = 0, l4flags = 0;
+	unsigned int l3flags = 0, l4flags = 0, metaflags = 0;
 	int res = 0;
 	int family = AF_UNSPEC;
+	struct nfct_conntrack_compare *pcmp;
 
 	while ((c = getopt_long(argc, argv, 
 		"L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:", 
@@ -784,7 +788,9 @@
 			nat_parse(optarg, 1, &range);
 			break;
 		case 'm':
+			options |= CT_OPT_MARK;
 			mark = atol(optarg);
+			metaflags |= NFCT_MARK;
 			break;
 		case 'i': {
 			char *s = NULL;
@@ -848,14 +854,33 @@
 		if (!cth)
 			exit_error(OTHER_PROBLEM, "Can't open handler");
 
+		if (options & CT_COMPARISON) {
+
+			if (options & CT_OPT_ZERO)
+				exit_error(PARAMETER_PROBLEM, "Can't use -z "
+					   "with filtering parameters");
+
+			ct = nfct_conntrack_alloc(&orig, &reply, timeout,
+						  &proto, status, mark, id,
+						  NULL);
+			if (!ct)
+				exit_error(OTHER_PROBLEM, "Not enough memory");
+			
+			cmp.ct = ct;
+			cmp.flags = metaflags;
+			cmp.l3flags = l3flags;
+			cmp.l4flags = l4flags;
+			pcmp = &cmp;
+		}
+
 		if (options & CT_OPT_ID)
 			nfct_register_callback(cth, 
 					nfct_default_conntrack_display_id,
-					NULL);
+					(void *) pcmp);
 		else
 			nfct_register_callback(cth,
 					nfct_default_conntrack_display,
-					NULL);
+					(void *) pcmp);
 			
 		if (options & CT_OPT_ZERO)
 			res = 
@@ -1036,11 +1061,6 @@
 		break;
 		
 	case CT_EVENT:
-		ct = nfct_conntrack_alloc(&orig, &reply, timeout,
-					  &proto, status, mark, id, NULL);
-		if (!ct)
-			exit_error(OTHER_PROBLEM, "Not enough memory");
-
 		if (options & CT_OPT_EVENT_MASK)
 			cth = nfct_open(CONNTRACK, event_mask);
 		else
@@ -1050,20 +1070,23 @@
 			exit_error(OTHER_PROBLEM, "Can't open handler");
 		signal(SIGINT, event_sighandler);
 
-		if (options & (CT_OPT_PROTO | CT_OPT_ORIG | CT_OPT_REPL)) {
-			struct nfct_conntrack_compare cmp = {
-				.ct = ct,
-				.flags = 0,
-				.l3flags = l3flags,
-				.l4flags = l4flags
-			};
-			nfct_register_callback(cth,
-				nfct_default_conntrack_event_display, 
-				(void *)&cmp);
-		} else {
-			nfct_register_callback(cth, 
-				nfct_default_conntrack_event_display, NULL);
+		if (options & CT_COMPARISON) {
+			ct = nfct_conntrack_alloc(&orig, &reply, timeout,
+						  &proto, status, mark, id, 
+						  NULL);
+			if (!ct)
+				exit_error(OTHER_PROBLEM, "Not enough memory");
+
+			cmp.ct = ct;
+			cmp.flags = metaflags;
+			cmp.l3flags = l3flags;
+			cmp.l4flags = l4flags;
+			pcmp = &cmp;
 		}
+
+		nfct_register_callback(cth,
+				       nfct_default_conntrack_event_display, 
+				       (void *) pcmp);
 		res = nfct_event_conntrack(cth);
 		nfct_close(cth);
 		break;




More information about the netfilter-cvslog mailing list