[netfilter-cvslog] r6826 - in trunk/conntrack-tools: . extensions include src

pablo at netfilter.org pablo at netfilter.org
Tue May 8 01:36:45 CEST 2007 

Author: pablo at netfilter.org
Date: 2007-05-08 01:36:45 +0200 (Tue, 08 May 2007)
New Revision: 6826

Modified:
   trunk/conntrack-tools/ChangeLog
   trunk/conntrack-tools/conntrack.8
   trunk/conntrack-tools/extensions/libct_proto_icmp.c
   trunk/conntrack-tools/extensions/libct_proto_tcp.c
   trunk/conntrack-tools/extensions/libct_proto_udp.c
   trunk/conntrack-tools/include/conntrack.h
   trunk/conntrack-tools/src/conntrack.c
Log:
o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'
o several fixes for the output of usage messages



Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/ChangeLog	2007-05-07 23:36:45 UTC (rev 6826)
@@ -32,13 +32,14 @@
 
 = conntrack =
 o port conntrack to the new libnetfilter_conntrack API
-o introduce '--xml' option for '-L', '-G' and '-E'
+o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'
 o deprecated '--id'
 o replace '-a' by '--src-nat' and '--dst-nat'
 o use positive logic in error handling
 o remove sctp support until is fully supported in the kernel side
 o update conntrack manpage
 o update test.sh file in examples/cli/
+o several fixes for the output of usage messages
 
 version 0.9.2 (2006/01/17)
 --------------------------

Modified: trunk/conntrack-tools/conntrack.8
===================================================================
--- trunk/conntrack-tools/conntrack.8	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/conntrack.8	2007-05-07 23:36:45 UTC (rev 6826)
@@ -4,7 +4,7 @@
 .\" Maintained by Pablo Neira Ayuso <pablo at netfilter.org (May 2007)
 
 .SH NAME
-conntrack \- administration tool for netfilter connection tracking
+conntrack \- command line interface for netfilter connection tracking
 .SH SYNOPSIS
 .BR "conntrack -L [table] [-z]"
 .br
@@ -19,9 +19,7 @@
 .BR "conntrack -F [table]"
 .SH DESCRIPTION
 .B conntrack
-is used to search, list, inspect and maintain the netfilter connection tracking
-subsystem of the Linux kernel.
-.PP
+provides a full featured userspace interface to the netfilter connection tracking system that is intended to replace the old /proc/net/ip_conntrack interface. This tool can be used to search, list, inspect and maintain the connection tracking subsystem of the Linux kernel.
 Using 
 .B conntrack
 , you can dump a list of all (or a filtered selection of) currently tracked
@@ -75,9 +73,9 @@
 Atomically zero counters after reading them.  This option is only valid in
 combination with the "-L, --dump" command options.
 .TP
-.BI "-x, --xml "
-Display output in XML format.  This option is only valid in combination with 
-the "-L, --dump", "-E, --event" and "-G, --get" command options.
+.BI "-o, --output [extended,xml,timestamp] "
+Display output in a certain format. This option is only valid in combination
+with the "-L, --dump", "-E, --event" and "-G, --get" command options.
 .TP
 .BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
 Set the bitmask of events that are to be generated by the in-kernel ctnetlink
@@ -132,6 +130,22 @@
 The exit code is 0 for correct function.  Errors which appear to be caused by
 invalid command line parameters cause an exit code of 2.  Any other errors
 cause an exit code of 1.
+.SH EXAMPLES
+.TP
+.B conntrack \-L
+Dump the connection tracking table in /proc/net/ip_conntrack format
+.TP
+.B conntrack \-L -o extended
+Dump the connection tracking table in /proc/net/nf_conntrack format
+.TP
+.B conntrack \-L \-o xml
+Dump the connection tracking table in XML
+.TP
+.B conntrack \-L -f ipv6 -o extended
+Only dump IPv6 connections in /proc/net/nf_conntrack format
+.TP
+.B conntrack \-E \-o timestamp
+Show connection events together with the timestamp
 .SH BUGS
 Bugs? What's this ;-)
 .SH SEE ALSO

Modified: trunk/conntrack-tools/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_icmp.c	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_icmp.c	2007-05-07 23:36:45 UTC (rev 6826)
@@ -26,22 +26,11 @@
 
 static void help()
 {
-	fprintf(stdout, "--icmp-type            icmp type\n");
-	fprintf(stdout, "--icmp-code            icmp code\n");
-	fprintf(stdout, "--icmp-id              icmp id\n");
+	fprintf(stdout, "  --icmp-type\t\t\ticmp type\n");
+	fprintf(stdout, "  --icmp-code\t\t\ticmp code\n");
+	fprintf(stdout, "  --icmp-id\t\t\ticmp id\n");
 }
 
-/* Add 1; spaces filled with 0. */
-static u_int8_t invmap[]
-	= { [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
-	    [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
-	    [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
-	    [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
-	    [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
-	    [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
-	    [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
-	    [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};
-
 static int parse(char c, char *argv[], 
 		 struct nf_conntrack *ct,
 		 struct nf_conntrack *exptuple,
@@ -56,10 +45,6 @@
 			nfct_set_attr_u8(ct, 
 					 ATTR_ICMP_TYPE,
 					 atoi(optarg));
-			/* FIXME: 
-			reply->l4dst.icmp.type =
-				invmap[orig->l4dst.icmp.type] - 1;
-			*/
 			*flags |= ICMP_TYPE;
 			break;
 		case '2':

Modified: trunk/conntrack-tools/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_tcp.c	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_tcp.c	2007-05-07 23:36:45 UTC (rev 6826)
@@ -45,15 +45,15 @@
 
 static void help()
 {
-	fprintf(stdout, "--orig-port-src        original source port\n");
-	fprintf(stdout, "--orig-port-dst        original destination port\n");
-	fprintf(stdout, "--reply-port-src       reply source port\n");
-	fprintf(stdout, "--reply-port-dst       reply destination port\n");
-	fprintf(stdout, "--mask-port-src	mask source port\n");
-	fprintf(stdout, "--mask-port-dst	mask destination port\n");
-	fprintf(stdout, "--tuple-port-src	expectation tuple src port\n");
-	fprintf(stdout, "--tuple-port-src	expectation tuple dst port\n");
-	fprintf(stdout, "--state                TCP state, fe. ESTABLISHED\n");
+	fprintf(stdout, "  --orig-port-src\t\toriginal source port\n");
+	fprintf(stdout, "  --orig-port-dst\t\toriginal destination port\n");
+	fprintf(stdout, "  --reply-port-src\t\treply source port\n");
+	fprintf(stdout, "  --reply-port-dst\t\treply destination port\n");
+	fprintf(stdout, "  --mask-port-src\t\tmask source port\n");
+	fprintf(stdout, "  --mask-port-dst\t\tmask destination port\n");
+	fprintf(stdout, "  --tuple-port-src\t\texpectation tuple src port\n");
+	fprintf(stdout, "  --tuple-port-src\t\texpectation tuple dst port\n");
+	fprintf(stdout, "  --state\t\t\tTCP state, fe. ESTABLISHED\n");
 }
 
 static int parse_options(char c, char *argv[],

Modified: trunk/conntrack-tools/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_udp.c	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_udp.c	2007-05-07 23:36:45 UTC (rev 6826)
@@ -31,14 +31,14 @@
 
 static void help()
 {
-	fprintf(stdout, "--orig-port-src        original source port\n");
-	fprintf(stdout, "--orig-port-dst        original destination port\n");
-	fprintf(stdout, "--reply-port-src       reply source port\n");
-	fprintf(stdout, "--reply-port-dst       reply destination port\n");
-	fprintf(stdout, "--mask-port-src	mask source port\n");
-	fprintf(stdout, "--mask-port-dst	mask destination port\n");
-	fprintf(stdout, "--tuple-port-src	expectation tuple src port\n");
-	fprintf(stdout, "--tuple-port-src	expectation tuple dst port\n");
+	fprintf(stdout, "  --orig-port-src\t\toriginal source port\n");
+	fprintf(stdout, "  --orig-port-dst\t\toriginal destination port\n");
+	fprintf(stdout, "  --reply-port-src\t\treply source port\n");
+	fprintf(stdout, "  --reply-port-dst\t\treply destination port\n");
+	fprintf(stdout, "  --mask-port-src\t\tmask source port\n");
+	fprintf(stdout, "  --mask-port-dst\t\tmask destination port\n");
+	fprintf(stdout, "  --tuple-port-src\t\texpectation tuple src port\n");
+	fprintf(stdout, "  --tuple-port-src\t\texpectation tuple dst port\n");
 }
 
 static int parse_options(char c, char *argv[],

Modified: trunk/conntrack-tools/include/conntrack.h
===================================================================
--- trunk/conntrack-tools/include/conntrack.h	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/include/conntrack.h	2007-05-07 23:36:45 UTC (rev 6826)
@@ -124,13 +124,24 @@
 	CT_OPT_DST_NAT_BIT	= 18,
 	CT_OPT_DST_NAT		= (1 << CT_OPT_DST_NAT_BIT),
 
-	CT_OPT_XML_BIT		= 19,
-	CT_OPT_XML		= (1 << CT_OPT_XML_BIT),
+	CT_OPT_OUTPUT_BIT	= 19,
+	CT_OPT_OUTPUT		= (1 << CT_OPT_OUTPUT_BIT),
 
-	CT_OPT_MAX		= CT_OPT_XML_BIT
+	CT_OPT_MAX		= CT_OPT_OUTPUT_BIT
 };
 #define NUMBER_OF_OPT	CT_OPT_MAX+1
 
+enum {
+	_O_XML_BIT		= 0,
+	_O_XML			= (1 << _O_XML_BIT),
+
+	_O_EXT_BIT		= 1,
+	_O_EXT			= (1 << _O_EXT_BIT),
+
+	_O_TMS_BIT		= 2,
+	_O_TMS			= (1 << _O_TMS_BIT),
+};
+
 struct ctproto_handler {
 	struct list_head 	head;
 

Modified: trunk/conntrack-tools/src/conntrack.c
===================================================================
--- trunk/conntrack-tools/src/conntrack.c	2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/src/conntrack.c	2007-05-07 23:36:45 UTC (rev 6826)
@@ -96,7 +96,7 @@
 	{"family", 1, 0, 'f'},
 	{"src-nat", 1, 0, 'n'},
 	{"dst-nat", 1, 0, 'g'},
-	{"xml", 0, 0, 'x'},
+	{"output", 0, 0, 'o'},
 	{0, 0, 0, 0}
 };
 
@@ -118,7 +118,7 @@
 static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
 /* Well, it's better than "Re: Linux vs FreeBSD" */
 {
-          /*   s d r q p t u z e x y k l a m i f n g x */
+          /*   s d r q p t u z e [ ] { } a m i f n g o */
 /*CT_LIST*/   {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2,0,0,2},
 /*CT_CREATE*/ {2,2,2,2,1,1,1,0,0,0,0,0,0,2,2,0,0,2,2,0},
 /*CT_UPDATE*/ {2,2,2,2,1,2,2,0,0,0,0,0,0,0,2,2,0,0,0,0},
@@ -343,7 +343,8 @@
 
 #define PARSE_STATUS 0
 #define PARSE_EVENT 1
-#define PARSE_MAX 2
+#define PARSE_OUTPUT 2
+#define PARSE_MAX 3
 
 static struct parse_parameter {
 	char 	*parameter[6];
@@ -355,6 +356,9 @@
 	{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
 	  {~0U, NF_NETLINK_CONNTRACK_NEW, NF_NETLINK_CONNTRACK_UPDATE, 
 	   NF_NETLINK_CONNTRACK_DESTROY} },
+	{ {"xml", "extended", "timestamp" }, 3, 
+	  { _O_XML, _O_EXT, _O_TMS },
+	},
 };
 
 static int
@@ -542,12 +546,12 @@
 
 static const char usage_conntrack_parameters[] =
 	"Conntrack parameters and options:\n"
-	"  -n, --src-nat ip\tsource NAT ip\n"
-	"  -g, --dst-nat ip\tdestination NAT ip\n"
+	"  -n, --src-nat ip\t\t\tsource NAT ip\n"
+	"  -g, --dst-nat ip\t\t\tdestination NAT ip\n"
 	"  -m, --mark mark\t\t\tSet mark\n"
 	"  -e, --event-mask eventmask\t\tEvent mask, eg. NEW,DESTROY\n"
 	"  -z, --zero \t\t\t\tZero counters while listing\n"
-	"  -x, --xml \t\t\t\tDisplay output in XML format\n";
+	"  -o, --output type[,...]\t\tOutput format, eg. xml\n";
 	;
 
 static const char usage_expectation_parameters[] =
@@ -571,7 +575,8 @@
   
 
 void usage(char *prog) {
-	fprintf(stdout, "Tool to manipulate conntrack and expectations. Version %s\n", VERSION);
+	fprintf(stdout, "Command line interface for the connection "
+			"tracking system. Version %s\n", VERSION);
 	fprintf(stdout, "Usage: %s [commands] [options]\n", prog);
 
 	fprintf(stdout, "\n%s", usage_commands);
@@ -581,7 +586,7 @@
 	fprintf(stdout, "\n%s", usage_parameters);
 }
 
-unsigned int output_flags = NFCT_O_DEFAULT;
+static unsigned int output_mask;
 
 static int event_cb(enum nf_conntrack_msg_type type,
 		    struct nf_conntrack *ct,
@@ -589,12 +594,25 @@
 {
 	char buf[1024];
 	struct nf_conntrack *obj = data;
+	unsigned int output_type = NFCT_O_DEFAULT;
+	unsigned int output_flags = 0;
 
 	if (options & CT_COMPARISON && !nfct_compare(obj, ct))
 		return NFCT_CB_CONTINUE;
 
-	nfct_snprintf(buf, 1024, ct, type, output_flags, 0);
+	if (output_mask & _O_XML)
+		output_type = NFCT_O_XML;
+	if (output_mask & _O_EXT)
+		output_flags = NFCT_OF_SHOW_LAYER3;
+	if ((output_mask & _O_TMS) && !(output_mask & _O_XML)) {
+		struct timeval tv;
+		gettimeofday(&tv, NULL);
+		printf("[%-8ld.%-6ld]\t", tv.tv_sec, tv.tv_usec);
+	}
+
+	nfct_snprintf(buf, 1024, ct, type, output_type, output_flags);
 	printf("%s\n", buf);
+	fflush(stdout);
 
 	return NFCT_CB_CONTINUE;
 }
@@ -605,11 +623,18 @@
 {
 	char buf[1024];
 	struct nf_conntrack *obj = data;
+	unsigned int output_type = NFCT_O_DEFAULT;
+	unsigned int output_flags = 0;
 
 	if (options & CT_COMPARISON && !nfct_compare(obj, ct))
 		return NFCT_CB_CONTINUE;
 
-	nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, output_flags, 0);
+	if (output_mask & _O_XML)
+		output_type = NFCT_O_XML;
+	if (output_mask & _O_EXT)
+		output_flags = NFCT_OF_SHOW_LAYER3;
+
+	nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, output_type, output_flags);
 	printf("%s\n", buf);
 
 	return NFCT_CB_CONTINUE;
@@ -652,7 +677,7 @@
 	memset(__exp, 0, sizeof(__exp));
 
 	while ((c = getopt_long(argc, argv, 
-		"L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:x", 
+		"L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:o:", 
 		opts, NULL)) != -1) {
 	switch(c) {
 		case 'L':
@@ -931,9 +956,9 @@
 				exit_error(PARAMETER_PROBLEM, "Unknown "
 					   "protocol family\n");
 			break;
-		case 'x':
-			options |= CT_OPT_XML;
-			output_flags = NFCT_O_XML;
+		case 'o':
+			options |= CT_OPT_OUTPUT;
+			parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
 			break;
 		default:
 			if (h && h->parse_opts

More information about the netfilter-cvslog mailing list