[netfilter-cvslog] r6418 - in trunk/conntrack: . src
pablo at netfilter.org
pablo at netfilter.org
Sun Jan 15 04:50:25 CET 2006
Author: pablo at netfilter.org
Date: 2006-01-15 04:50:24 +0100 (Sun, 15 Jan 2006)
New Revision: 6418
Modified:
trunk/conntrack/ChangeLog
trunk/conntrack/src/conntrack.c
Log:
o Add support to filter dumped entries. ie:
- display all the connections to IMAPS servers
conntrack -L -p tcp --orig-port-dst 993
- display all the connection marked with 2
conntrack -L -m 2
Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog 2006-01-15 03:10:02 UTC (rev 6417)
+++ trunk/conntrack/ChangeLog 2006-01-15 03:50:24 UTC (rev 6418)
@@ -1,6 +1,11 @@
2006-01-15
<pablo at netfilter.org>
o Added missing parameters to set the ports of an expectation tuple
+ o Add support to filter dumped entries.
+ ie: conntrack -L -p tcp --orig-port-dst 993
+ display all the connections to IMAPS servers
+ conntrack -L -m 2
+ display all the connection marked with 2
o Bumped version to 1.00beta2
2005-12-26
Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c 2006-01-15 03:10:02 UTC (rev 6417)
+++ trunk/conntrack/src/conntrack.c 2006-01-15 03:50:24 UTC (rev 6418)
@@ -113,7 +113,7 @@
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
/* s d r q p t u z e x y k l a m i f*/
-/*CT_LIST*/ {0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,2},
+/*CT_LIST*/ {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2},
/*CT_CREATE*/ {2,2,2,2,1,1,1,0,0,0,0,0,0,2,2,0,0},
/*CT_UPDATE*/ {2,2,2,2,1,2,2,0,0,0,0,0,0,0,2,2,0},
/*CT_DELETE*/ {2,2,2,2,2,0,0,0,0,0,0,0,0,0,0,2,0},
@@ -585,6 +585,8 @@
fprintf(stdout, "\n%s", usage_parameters);
}
+#define CT_COMPARISON (CT_OPT_PROTO | CT_OPT_ORIG | CT_OPT_REPL | CT_OPT_MARK)
+
static struct nfct_tuple orig, reply, mask;
static struct nfct_tuple exptuple;
static struct ctproto_handler *h;
@@ -596,15 +598,17 @@
static unsigned int status;
static unsigned int mark;
static unsigned int id = NFCT_ANY_ID;
+static struct nfct_conntrack_compare cmp;
int main(int argc, char *argv[])
{
char c;
unsigned int command = 0, options = 0;
unsigned int type = 0, event_mask = 0;
- unsigned int l3flags = 0, l4flags = 0;
+ unsigned int l3flags = 0, l4flags = 0, metaflags = 0;
int res = 0;
int family = AF_UNSPEC;
+ struct nfct_conntrack_compare *pcmp;
while ((c = getopt_long(argc, argv,
"L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:",
@@ -784,7 +788,9 @@
nat_parse(optarg, 1, &range);
break;
case 'm':
+ options |= CT_OPT_MARK;
mark = atol(optarg);
+ metaflags |= NFCT_MARK;
break;
case 'i': {
char *s = NULL;
@@ -848,14 +854,33 @@
if (!cth)
exit_error(OTHER_PROBLEM, "Can't open handler");
+ if (options & CT_COMPARISON) {
+
+ if (options & CT_OPT_ZERO)
+ exit_error(PARAMETER_PROBLEM, "Can't use -z "
+ "with filtering parameters");
+
+ ct = nfct_conntrack_alloc(&orig, &reply, timeout,
+ &proto, status, mark, id,
+ NULL);
+ if (!ct)
+ exit_error(OTHER_PROBLEM, "Not enough memory");
+
+ cmp.ct = ct;
+ cmp.flags = metaflags;
+ cmp.l3flags = l3flags;
+ cmp.l4flags = l4flags;
+ pcmp = &cmp;
+ }
+
if (options & CT_OPT_ID)
nfct_register_callback(cth,
nfct_default_conntrack_display_id,
- NULL);
+ (void *) pcmp);
else
nfct_register_callback(cth,
nfct_default_conntrack_display,
- NULL);
+ (void *) pcmp);
if (options & CT_OPT_ZERO)
res =
@@ -1036,11 +1061,6 @@
break;
case CT_EVENT:
- ct = nfct_conntrack_alloc(&orig, &reply, timeout,
- &proto, status, mark, id, NULL);
- if (!ct)
- exit_error(OTHER_PROBLEM, "Not enough memory");
-
if (options & CT_OPT_EVENT_MASK)
cth = nfct_open(CONNTRACK, event_mask);
else
@@ -1050,20 +1070,23 @@
exit_error(OTHER_PROBLEM, "Can't open handler");
signal(SIGINT, event_sighandler);
- if (options & (CT_OPT_PROTO | CT_OPT_ORIG | CT_OPT_REPL)) {
- struct nfct_conntrack_compare cmp = {
- .ct = ct,
- .flags = 0,
- .l3flags = l3flags,
- .l4flags = l4flags
- };
- nfct_register_callback(cth,
- nfct_default_conntrack_event_display,
- (void *)&cmp);
- } else {
- nfct_register_callback(cth,
- nfct_default_conntrack_event_display, NULL);
+ if (options & CT_COMPARISON) {
+ ct = nfct_conntrack_alloc(&orig, &reply, timeout,
+ &proto, status, mark, id,
+ NULL);
+ if (!ct)
+ exit_error(OTHER_PROBLEM, "Not enough memory");
+
+ cmp.ct = ct;
+ cmp.flags = metaflags;
+ cmp.l3flags = l3flags;
+ cmp.l4flags = l4flags;
+ pcmp = &cmp;
}
+
+ nfct_register_callback(cth,
+ nfct_default_conntrack_event_display,
+ (void *) pcmp);
res = nfct_event_conntrack(cth);
nfct_close(cth);
break;
More information about the netfilter-cvslog
mailing list