[netfilter-cvslog] r6826 - in trunk/conntrack-tools: . extensions
include src
pablo at netfilter.org
pablo at netfilter.org
Tue May 8 01:36:45 CEST 2007
Author: pablo at netfilter.org
Date: 2007-05-08 01:36:45 +0200 (Tue, 08 May 2007)
New Revision: 6826
Modified:
trunk/conntrack-tools/ChangeLog
trunk/conntrack-tools/conntrack.8
trunk/conntrack-tools/extensions/libct_proto_icmp.c
trunk/conntrack-tools/extensions/libct_proto_tcp.c
trunk/conntrack-tools/extensions/libct_proto_udp.c
trunk/conntrack-tools/include/conntrack.h
trunk/conntrack-tools/src/conntrack.c
Log:
o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'
o several fixes for the output of usage messages
Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/ChangeLog 2007-05-07 23:36:45 UTC (rev 6826)
@@ -32,13 +32,14 @@
= conntrack =
o port conntrack to the new libnetfilter_conntrack API
-o introduce '--xml' option for '-L', '-G' and '-E'
+o introduce '--output xml,extended,timestamp' option for '-L', '-G' and '-E'
o deprecated '--id'
o replace '-a' by '--src-nat' and '--dst-nat'
o use positive logic in error handling
o remove sctp support until is fully supported in the kernel side
o update conntrack manpage
o update test.sh file in examples/cli/
+o several fixes for the output of usage messages
version 0.9.2 (2006/01/17)
--------------------------
Modified: trunk/conntrack-tools/conntrack.8
===================================================================
--- trunk/conntrack-tools/conntrack.8 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/conntrack.8 2007-05-07 23:36:45 UTC (rev 6826)
@@ -4,7 +4,7 @@
.\" Maintained by Pablo Neira Ayuso <pablo at netfilter.org (May 2007)
.SH NAME
-conntrack \- administration tool for netfilter connection tracking
+conntrack \- command line interface for netfilter connection tracking
.SH SYNOPSIS
.BR "conntrack -L [table] [-z]"
.br
@@ -19,9 +19,7 @@
.BR "conntrack -F [table]"
.SH DESCRIPTION
.B conntrack
-is used to search, list, inspect and maintain the netfilter connection tracking
-subsystem of the Linux kernel.
-.PP
+provides a full featured userspace interface to the netfilter connection tracking system that is intended to replace the old /proc/net/ip_conntrack interface. This tool can be used to search, list, inspect and maintain the connection tracking subsystem of the Linux kernel.
Using
.B conntrack
, you can dump a list of all (or a filtered selection of) currently tracked
@@ -75,9 +73,9 @@
Atomically zero counters after reading them. This option is only valid in
combination with the "-L, --dump" command options.
.TP
-.BI "-x, --xml "
-Display output in XML format. This option is only valid in combination with
-the "-L, --dump", "-E, --event" and "-G, --get" command options.
+.BI "-o, --output [extended,xml,timestamp] "
+Display output in a certain format. This option is only valid in combination
+with the "-L, --dump", "-E, --event" and "-G, --get" command options.
.TP
.BI "-e, --event-mask " "[ALL|NEW|UPDATES|DESTROY][,...]"
Set the bitmask of events that are to be generated by the in-kernel ctnetlink
@@ -132,6 +130,22 @@
The exit code is 0 for correct function. Errors which appear to be caused by
invalid command line parameters cause an exit code of 2. Any other errors
cause an exit code of 1.
+.SH EXAMPLES
+.TP
+.B conntrack \-L
+Dump the connection tracking table in /proc/net/ip_conntrack format
+.TP
+.B conntrack \-L -o extended
+Dump the connection tracking table in /proc/net/nf_conntrack format
+.TP
+.B conntrack \-L \-o xml
+Dump the connection tracking table in XML
+.TP
+.B conntrack \-L -f ipv6 -o extended
+Only dump IPv6 connections in /proc/net/nf_conntrack format
+.TP
+.B conntrack \-E \-o timestamp
+Show connection events together with the timestamp
.SH BUGS
Bugs? What's this ;-)
.SH SEE ALSO
Modified: trunk/conntrack-tools/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_icmp.c 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_icmp.c 2007-05-07 23:36:45 UTC (rev 6826)
@@ -26,22 +26,11 @@
static void help()
{
- fprintf(stdout, "--icmp-type icmp type\n");
- fprintf(stdout, "--icmp-code icmp code\n");
- fprintf(stdout, "--icmp-id icmp id\n");
+ fprintf(stdout, " --icmp-type\t\t\ticmp type\n");
+ fprintf(stdout, " --icmp-code\t\t\ticmp code\n");
+ fprintf(stdout, " --icmp-id\t\t\ticmp id\n");
}
-/* Add 1; spaces filled with 0. */
-static u_int8_t invmap[]
- = { [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
- [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
- [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
- [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
- [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
- [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
- [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
- [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};
-
static int parse(char c, char *argv[],
struct nf_conntrack *ct,
struct nf_conntrack *exptuple,
@@ -56,10 +45,6 @@
nfct_set_attr_u8(ct,
ATTR_ICMP_TYPE,
atoi(optarg));
- /* FIXME:
- reply->l4dst.icmp.type =
- invmap[orig->l4dst.icmp.type] - 1;
- */
*flags |= ICMP_TYPE;
break;
case '2':
Modified: trunk/conntrack-tools/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_tcp.c 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_tcp.c 2007-05-07 23:36:45 UTC (rev 6826)
@@ -45,15 +45,15 @@
static void help()
{
- fprintf(stdout, "--orig-port-src original source port\n");
- fprintf(stdout, "--orig-port-dst original destination port\n");
- fprintf(stdout, "--reply-port-src reply source port\n");
- fprintf(stdout, "--reply-port-dst reply destination port\n");
- fprintf(stdout, "--mask-port-src mask source port\n");
- fprintf(stdout, "--mask-port-dst mask destination port\n");
- fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
- fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
- fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n");
+ fprintf(stdout, " --orig-port-src\t\toriginal source port\n");
+ fprintf(stdout, " --orig-port-dst\t\toriginal destination port\n");
+ fprintf(stdout, " --reply-port-src\t\treply source port\n");
+ fprintf(stdout, " --reply-port-dst\t\treply destination port\n");
+ fprintf(stdout, " --mask-port-src\t\tmask source port\n");
+ fprintf(stdout, " --mask-port-dst\t\tmask destination port\n");
+ fprintf(stdout, " --tuple-port-src\t\texpectation tuple src port\n");
+ fprintf(stdout, " --tuple-port-src\t\texpectation tuple dst port\n");
+ fprintf(stdout, " --state\t\t\tTCP state, fe. ESTABLISHED\n");
}
static int parse_options(char c, char *argv[],
Modified: trunk/conntrack-tools/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_udp.c 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/extensions/libct_proto_udp.c 2007-05-07 23:36:45 UTC (rev 6826)
@@ -31,14 +31,14 @@
static void help()
{
- fprintf(stdout, "--orig-port-src original source port\n");
- fprintf(stdout, "--orig-port-dst original destination port\n");
- fprintf(stdout, "--reply-port-src reply source port\n");
- fprintf(stdout, "--reply-port-dst reply destination port\n");
- fprintf(stdout, "--mask-port-src mask source port\n");
- fprintf(stdout, "--mask-port-dst mask destination port\n");
- fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
- fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
+ fprintf(stdout, " --orig-port-src\t\toriginal source port\n");
+ fprintf(stdout, " --orig-port-dst\t\toriginal destination port\n");
+ fprintf(stdout, " --reply-port-src\t\treply source port\n");
+ fprintf(stdout, " --reply-port-dst\t\treply destination port\n");
+ fprintf(stdout, " --mask-port-src\t\tmask source port\n");
+ fprintf(stdout, " --mask-port-dst\t\tmask destination port\n");
+ fprintf(stdout, " --tuple-port-src\t\texpectation tuple src port\n");
+ fprintf(stdout, " --tuple-port-src\t\texpectation tuple dst port\n");
}
static int parse_options(char c, char *argv[],
Modified: trunk/conntrack-tools/include/conntrack.h
===================================================================
--- trunk/conntrack-tools/include/conntrack.h 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/include/conntrack.h 2007-05-07 23:36:45 UTC (rev 6826)
@@ -124,13 +124,24 @@
CT_OPT_DST_NAT_BIT = 18,
CT_OPT_DST_NAT = (1 << CT_OPT_DST_NAT_BIT),
- CT_OPT_XML_BIT = 19,
- CT_OPT_XML = (1 << CT_OPT_XML_BIT),
+ CT_OPT_OUTPUT_BIT = 19,
+ CT_OPT_OUTPUT = (1 << CT_OPT_OUTPUT_BIT),
- CT_OPT_MAX = CT_OPT_XML_BIT
+ CT_OPT_MAX = CT_OPT_OUTPUT_BIT
};
#define NUMBER_OF_OPT CT_OPT_MAX+1
+enum {
+ _O_XML_BIT = 0,
+ _O_XML = (1 << _O_XML_BIT),
+
+ _O_EXT_BIT = 1,
+ _O_EXT = (1 << _O_EXT_BIT),
+
+ _O_TMS_BIT = 2,
+ _O_TMS = (1 << _O_TMS_BIT),
+};
+
struct ctproto_handler {
struct list_head head;
Modified: trunk/conntrack-tools/src/conntrack.c
===================================================================
--- trunk/conntrack-tools/src/conntrack.c 2007-05-07 02:08:36 UTC (rev 6825)
+++ trunk/conntrack-tools/src/conntrack.c 2007-05-07 23:36:45 UTC (rev 6826)
@@ -96,7 +96,7 @@
{"family", 1, 0, 'f'},
{"src-nat", 1, 0, 'n'},
{"dst-nat", 1, 0, 'g'},
- {"xml", 0, 0, 'x'},
+ {"output", 0, 0, 'o'},
{0, 0, 0, 0}
};
@@ -118,7 +118,7 @@
static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
/* Well, it's better than "Re: Linux vs FreeBSD" */
{
- /* s d r q p t u z e x y k l a m i f n g x */
+ /* s d r q p t u z e [ ] { } a m i f n g o */
/*CT_LIST*/ {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2,0,0,2},
/*CT_CREATE*/ {2,2,2,2,1,1,1,0,0,0,0,0,0,2,2,0,0,2,2,0},
/*CT_UPDATE*/ {2,2,2,2,1,2,2,0,0,0,0,0,0,0,2,2,0,0,0,0},
@@ -343,7 +343,8 @@
#define PARSE_STATUS 0
#define PARSE_EVENT 1
-#define PARSE_MAX 2
+#define PARSE_OUTPUT 2
+#define PARSE_MAX 3
static struct parse_parameter {
char *parameter[6];
@@ -355,6 +356,9 @@
{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
{~0U, NF_NETLINK_CONNTRACK_NEW, NF_NETLINK_CONNTRACK_UPDATE,
NF_NETLINK_CONNTRACK_DESTROY} },
+ { {"xml", "extended", "timestamp" }, 3,
+ { _O_XML, _O_EXT, _O_TMS },
+ },
};
static int
@@ -542,12 +546,12 @@
static const char usage_conntrack_parameters[] =
"Conntrack parameters and options:\n"
- " -n, --src-nat ip\tsource NAT ip\n"
- " -g, --dst-nat ip\tdestination NAT ip\n"
+ " -n, --src-nat ip\t\t\tsource NAT ip\n"
+ " -g, --dst-nat ip\t\t\tdestination NAT ip\n"
" -m, --mark mark\t\t\tSet mark\n"
" -e, --event-mask eventmask\t\tEvent mask, eg. NEW,DESTROY\n"
" -z, --zero \t\t\t\tZero counters while listing\n"
- " -x, --xml \t\t\t\tDisplay output in XML format\n";
+ " -o, --output type[,...]\t\tOutput format, eg. xml\n";
;
static const char usage_expectation_parameters[] =
@@ -571,7 +575,8 @@
void usage(char *prog) {
- fprintf(stdout, "Tool to manipulate conntrack and expectations. Version %s\n", VERSION);
+ fprintf(stdout, "Command line interface for the connection "
+ "tracking system. Version %s\n", VERSION);
fprintf(stdout, "Usage: %s [commands] [options]\n", prog);
fprintf(stdout, "\n%s", usage_commands);
@@ -581,7 +586,7 @@
fprintf(stdout, "\n%s", usage_parameters);
}
-unsigned int output_flags = NFCT_O_DEFAULT;
+static unsigned int output_mask;
static int event_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
@@ -589,12 +594,25 @@
{
char buf[1024];
struct nf_conntrack *obj = data;
+ unsigned int output_type = NFCT_O_DEFAULT;
+ unsigned int output_flags = 0;
if (options & CT_COMPARISON && !nfct_compare(obj, ct))
return NFCT_CB_CONTINUE;
- nfct_snprintf(buf, 1024, ct, type, output_flags, 0);
+ if (output_mask & _O_XML)
+ output_type = NFCT_O_XML;
+ if (output_mask & _O_EXT)
+ output_flags = NFCT_OF_SHOW_LAYER3;
+ if ((output_mask & _O_TMS) && !(output_mask & _O_XML)) {
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ printf("[%-8ld.%-6ld]\t", tv.tv_sec, tv.tv_usec);
+ }
+
+ nfct_snprintf(buf, 1024, ct, type, output_type, output_flags);
printf("%s\n", buf);
+ fflush(stdout);
return NFCT_CB_CONTINUE;
}
@@ -605,11 +623,18 @@
{
char buf[1024];
struct nf_conntrack *obj = data;
+ unsigned int output_type = NFCT_O_DEFAULT;
+ unsigned int output_flags = 0;
if (options & CT_COMPARISON && !nfct_compare(obj, ct))
return NFCT_CB_CONTINUE;
- nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, output_flags, 0);
+ if (output_mask & _O_XML)
+ output_type = NFCT_O_XML;
+ if (output_mask & _O_EXT)
+ output_flags = NFCT_OF_SHOW_LAYER3;
+
+ nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, output_type, output_flags);
printf("%s\n", buf);
return NFCT_CB_CONTINUE;
@@ -652,7 +677,7 @@
memset(__exp, 0, sizeof(__exp));
while ((c = getopt_long(argc, argv,
- "L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:x",
+ "L::I::U::D::G::E::F::hVs:d:r:q:p:t:u:e:a:z[:]:{:}:m:i::f:o:",
opts, NULL)) != -1) {
switch(c) {
case 'L':
@@ -931,9 +956,9 @@
exit_error(PARAMETER_PROBLEM, "Unknown "
"protocol family\n");
break;
- case 'x':
- options |= CT_OPT_XML;
- output_flags = NFCT_O_XML;
+ case 'o':
+ options |= CT_OPT_OUTPUT;
+ parse_parameter(optarg, &output_mask, PARSE_OUTPUT);
break;
default:
if (h && h->parse_opts
More information about the netfilter-cvslog
mailing list