[netfilter-cvslog] r7476 - in trunk/conntrack-tools: extensions include src
pablo at netfilter.org
pablo at netfilter.org
Sun Apr 13 23:59:46 CEST 2008
Author: pablo at netfilter.org
Date: 2008-04-13 23:59:46 +0200 (Sun, 13 Apr 2008)
New Revision: 7476
Modified:
trunk/conntrack-tools/extensions/libct_proto_icmp.c
trunk/conntrack-tools/extensions/libct_proto_icmpv6.c
trunk/conntrack-tools/extensions/libct_proto_tcp.c
trunk/conntrack-tools/extensions/libct_proto_udp.c
trunk/conntrack-tools/include/conntrack.h
trunk/conntrack-tools/src/conntrack.c
Log:
fix conntrack -U -p tcp [...]
Modified: trunk/conntrack-tools/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_icmp.c 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/extensions/libct_proto_icmp.c 2008-04-13 21:59:46 UTC (rev 7476)
@@ -74,6 +74,9 @@
nfct_set_attr_u8(ct,
ATTR_ICMP_TYPE,
atoi(optarg));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+
*flags |= ICMP_TYPE;
break;
case '2':
@@ -83,6 +86,9 @@
nfct_set_attr_u8(ct,
ATTR_ICMP_CODE,
atoi(optarg));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+
*flags |= ICMP_CODE;
break;
case '3':
@@ -92,6 +98,9 @@
nfct_set_attr_u16(ct,
ATTR_ICMP_ID,
htons(atoi(optarg)));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+
*flags |= ICMP_ID;
break;
}
Modified: trunk/conntrack-tools/extensions/libct_proto_icmpv6.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_icmpv6.c 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/extensions/libct_proto_icmpv6.c 2008-04-13 21:59:46 UTC (rev 7476)
@@ -77,6 +77,9 @@
nfct_set_attr_u8(ct,
ATTR_ICMP_TYPE,
atoi(optarg));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+
*flags |= ICMP_TYPE;
break;
@@ -87,6 +90,9 @@
nfct_set_attr_u8(ct,
ATTR_ICMP_CODE,
atoi(optarg));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+
*flags |= ICMP_CODE;
break;
@@ -97,6 +103,9 @@
nfct_set_attr_u16(ct,
ATTR_ICMP_ID,
htons(atoi(optarg)));
+
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+
*flags |= ICMP_ID;
break;
}
Modified: trunk/conntrack-tools/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_tcp.c 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/extensions/libct_proto_tcp.c 2008-04-13 21:59:46 UTC (rev 7476)
@@ -103,6 +103,8 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_ORIG_SPORT;
break;
case '2':
@@ -113,6 +115,8 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_ORIG_DPORT;
break;
case '3':
@@ -123,6 +127,8 @@
ATTR_REPL_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_REPL_SPORT;
break;
case '4':
@@ -133,6 +139,8 @@
ATTR_REPL_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_REPL_DPORT;
break;
case '5':
@@ -143,6 +151,8 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_MASK_SPORT;
break;
case '6':
@@ -153,6 +163,8 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
+
*flags |= TCP_MASK_DPORT;
break;
case '7':
@@ -180,6 +192,10 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(exptuple,
+ ATTR_ORIG_L4PROTO,
+ IPPROTO_TCP);
+
*flags |= TCP_EXPTUPLE_SPORT;
break;
case '9':
@@ -190,6 +206,10 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(exptuple,
+ ATTR_ORIG_L4PROTO,
+ IPPROTO_TCP);
+
*flags |= TCP_EXPTUPLE_DPORT;
break;
}
Modified: trunk/conntrack-tools/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack-tools/extensions/libct_proto_udp.c 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/extensions/libct_proto_udp.c 2008-04-13 21:59:46 UTC (rev 7476)
@@ -85,6 +85,8 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_ORIG_SPORT;
break;
case '2':
@@ -95,6 +97,8 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_ORIG_DPORT;
break;
case '3':
@@ -105,6 +109,8 @@
ATTR_REPL_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_REPL_SPORT;
break;
case '4':
@@ -115,6 +121,8 @@
ATTR_REPL_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_REPL_DPORT;
break;
case '5':
@@ -125,6 +133,8 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_MASK_SPORT;
break;
case '6':
@@ -135,6 +145,8 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_UDP);
+
*flags |= UDP_MASK_DPORT;
break;
case '7':
@@ -145,6 +157,10 @@
ATTR_ORIG_PORT_SRC,
htons(atoi(optarg)));
+ nfct_set_attr_u8(exptuple,
+ ATTR_ORIG_L4PROTO,
+ IPPROTO_UDP);
+
*flags |= UDP_EXPTUPLE_SPORT;
break;
case '8':
@@ -155,6 +171,10 @@
ATTR_ORIG_PORT_DST,
htons(atoi(optarg)));
+ nfct_set_attr_u8(exptuple,
+ ATTR_ORIG_L4PROTO,
+ IPPROTO_UDP);
+
*flags |= UDP_EXPTUPLE_DPORT;
break;
}
Modified: trunk/conntrack-tools/include/conntrack.h
===================================================================
--- trunk/conntrack-tools/include/conntrack.h 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/include/conntrack.h 2008-04-13 21:59:46 UTC (rev 7476)
@@ -82,6 +82,9 @@
CT_OPT_PROTO_BIT = 4,
CT_OPT_PROTO = (1 << CT_OPT_PROTO_BIT),
+ CT_OPT_TUPLE_ORIG = (CT_OPT_ORIG | CT_OPT_PROTO),
+ CT_OPT_TUPLE_REPL = (CT_OPT_REPL | CT_OPT_PROTO),
+
CT_OPT_TIMEOUT_BIT = 5,
CT_OPT_TIMEOUT = (1 << CT_OPT_TIMEOUT_BIT),
Modified: trunk/conntrack-tools/src/conntrack.c
===================================================================
--- trunk/conntrack-tools/src/conntrack.c 2008-04-13 05:32:06 UTC (rev 7475)
+++ trunk/conntrack-tools/src/conntrack.c 2008-04-13 21:59:46 UTC (rev 7476)
@@ -737,9 +737,9 @@
if (ignore_nat(tmp, ct))
return NFCT_CB_CONTINUE;
- if (options & CT_OPT_ORIG && !nfct_cmp(tmp, ct, NFCT_CMP_ORIG))
+ if (options & CT_OPT_TUPLE_ORIG && !nfct_cmp(tmp, ct, NFCT_CMP_ORIG))
return NFCT_CB_CONTINUE;
- if (options & CT_OPT_REPL && !nfct_cmp(tmp, ct, NFCT_CMP_REPL))
+ if (options & CT_OPT_TUPLE_REPL && !nfct_cmp(tmp, ct, NFCT_CMP_REPL))
return NFCT_CB_CONTINUE;
nfct_copy(tmp, ct, NFCT_CP_ORIG);
@@ -935,14 +935,6 @@
"`%s' unsupported protocol",
optarg);
- nfct_set_attr_u8(obj, ATTR_ORIG_L4PROTO, h->protonum);
- nfct_set_attr_u8(obj, ATTR_REPL_L4PROTO, h->protonum);
- nfct_set_attr_u8(exptuple,
- ATTR_ORIG_L4PROTO,
- h->protonum);
- nfct_set_attr_u8(mask,
- ATTR_ORIG_L4PROTO,
- h->protonum);
opts = merge_options(opts, h->opts, &h->option_offset);
if (opts == NULL)
exit_error(OTHER_PROBLEM, "out of memory");
@@ -1052,6 +1044,11 @@
if (family == AF_UNSPEC)
family = AF_INET;
+ /* set the protocol number if we have seen -p with no parameters */
+ if (h && !nfct_attr_is_set(obj, ATTR_ORIG_L4PROTO) &&
+ !nfct_attr_is_set(obj, ATTR_REPL_L4PROTO))
+ nfct_set_attr_u8(obj, ATTR_L4PROTO, h->protonum);
+
cmd = bit2cmd(command);
generic_cmd_check(cmd, options);
generic_opt_check(options,
More information about the netfilter-cvslog
mailing list