[conntrack-tools] conntrack: add DCCP role parameter for conntrack creation

Fri Apr 24 20:47:28 CEST 2009

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=7866b938a909439fa09ea7f16f8676cdac5ea532
commit 7866b938a909439fa09ea7f16f8676cdac5ea532
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Apr 24 12:22:49 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Apr 24 12:22:49 2009 +0200

    conntrack: add DCCP role parameter for conntrack creation
    
    This patch adds `--role' parameter for DCCP which is required to
    create entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  7866b938a909439fa09ea7f16f8676cdac5ea532 (commit)
      from  400ae54438c4b85126f9fab0ae1dc067823b70f7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7866b938a909439fa09ea7f16f8676cdac5ea532
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri Apr 24 12:22:49 2009 +0200

    conntrack: add DCCP role parameter for conntrack creation
    
    This patch adds `--role' parameter for DCCP which is required to
    create entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 conntrack.8                   |    4 +-
 extensions/libct_proto_dccp.c |   92 ++++++++++++++++++++++++-----------------
 2 files changed, 57 insertions(+), 39 deletions(-)
This patch adds `--role' parameter for DCCP which is required to
create entries.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/conntrack.8 b/conntrack.8
index 6aa5c3b..983fc31 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -237,7 +237,7 @@ Verification tag (32-bits value) in the original direction
 .BI "--reply-vtag " "value"
 Verification tag (32-bits value) in the reply direction
 .TP
-DCCP-specific fields:
+DCCP-specific fields (needs Linux >= 2.6.30):
 .TP
 .BI "--sport, --orig-port-src " "PORT"
 Source port in original direction
@@ -253,6 +253,8 @@ Destination port in reply direction
 .TP
 .BI "--state " "[NONE | REQUEST | RESPOND | PARTOPEN | OPEN | CLOSEREQ | CLOSING | TIMEWAIT]"
 DCCP state
+.BI "--role " "[client | server]"
+Role that the original conntrack tuple is tracking
 .TP
 GRE-specific fields:
 .TP
diff --git a/extensions/libct_proto_dccp.c b/extensions/libct_proto_dccp.c
index deb3e28..586c4cc 100644
--- a/extensions/libct_proto_dccp.c
+++ b/extensions/libct_proto_dccp.c
@@ -30,22 +30,24 @@ enum {
 	CT_DCCP_MASK_DPORT	= (1 << 5),
 	CT_DCCP_STATE		= (1 << 6),
 	CT_DCCP_EXPTUPLE_SPORT	= (1 << 7),
-	CT_DCCP_EXPTUPLE_DPORT	= (1 << 8)
+	CT_DCCP_EXPTUPLE_DPORT	= (1 << 8),
+	CT_DCCP_ROLE		= (1 << 9),
 };
 
 #define DCCP_OPT_MAX	13
 static struct option opts[DCCP_OPT_MAX] = {
-	{ .name = "orig-port-src",	.has_arg = 1, .val = '1' },
-	{ .name = "orig-port-dst",	.has_arg = 1, .val = '2' },
-	{ .name = "reply-port-src",	.has_arg = 1, .val = '3' },
-	{ .name = "reply-port-dst",	.has_arg = 1, .val = '4' },
-	{ .name = "mask-port-src",	.has_arg = 1, .val = '5' },
-	{ .name = "mask-port-dst",	.has_arg = 1, .val = '6' },
-	{ .name = "state",		.has_arg = 1, .val = '7' },
-	{ .name = "tuple-port-src",	.has_arg = 1, .val = '8' },
-	{ .name = "tuple-port-dst",	.has_arg = 1, .val = '9' },
-	{ .name = "sport",		.has_arg = 1, .val = '1' }, /* alias */
-	{ .name = "dport",		.has_arg = 1, .val = '2' }, /* alias */
+	{ .name = "orig-port-src",	.has_arg = 1, .val = 1 },
+	{ .name = "orig-port-dst",	.has_arg = 1, .val = 2 },
+	{ .name = "reply-port-src",	.has_arg = 1, .val = 3 },
+	{ .name = "reply-port-dst",	.has_arg = 1, .val = 4 },
+	{ .name = "mask-port-src",	.has_arg = 1, .val = 5 },
+	{ .name = "mask-port-dst",	.has_arg = 1, .val = 6 },
+	{ .name = "state",		.has_arg = 1, .val = 7 },
+	{ .name = "tuple-port-src",	.has_arg = 1, .val = 8 },
+	{ .name = "tuple-port-dst",	.has_arg = 1, .val = 9 },
+	{ .name = "sport",		.has_arg = 1, .val = 1 }, /* alias */
+	{ .name = "dport",		.has_arg = 1, .val = 2 }, /* alias */
+	{ .name = "role",		.has_arg = 1, .val = 10 },
 	{ 0, 0, 0, 0},
 };
 
@@ -58,28 +60,29 @@ static const char *dccp_optflags[DCCP_OPT_MAX] = {
 	[5] = "mask-port-dst",
 	[6] = "state",
 	[7] = "tuple-port-src",
-	[8] = "tuple-port-dst"
+	[8] = "tuple-port-dst",
+	[9] = "role"
 };
 
 static char dccp_commands_v_options[NUMBER_OF_CMD][DCCP_OPT_MAX] =
 /* Well, it's better than "Re: Sevilla vs Betis" */
 {
-	    	/* 1 2 3 4 5 6 7 8 9 */
-/*CT_LIST*/   	  {2,2,2,2,0,0,2,0,0},
-/*CT_CREATE*/	  {3,3,3,3,0,0,1,0,0},
-/*CT_UPDATE*/	  {2,2,2,2,0,0,2,0,0},
-/*CT_DELETE*/	  {2,2,2,2,0,0,2,0,0},
-/*CT_GET*/	  {3,3,3,3,0,0,2,0,0},
-/*CT_FLUSH*/	  {0,0,0,0,0,0,0,0,0},
-/*CT_EVENT*/	  {2,2,2,2,0,0,2,0,0},
-/*CT_VERSION*/	  {0,0,0,0,0,0,0,0,0},
-/*CT_HELP*/	  {0,0,0,0,0,0,0,0,0},
-/*EXP_LIST*/	  {0,0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/	  {1,1,1,1,1,1,0,1,1},
-/*EXP_DELETE*/	  {1,1,1,1,0,0,0,0,0},
-/*EXP_GET*/	  {1,1,1,1,0,0,0,0,0},
-/*EXP_FLUSH*/	  {0,0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/	  {0,0,0,0,0,0,0,0,0},
+	    	/* 1 2 3 4 5 6 7 8 9 10*/
+/*CT_LIST*/   	  {2,2,2,2,0,0,2,0,0,0},
+/*CT_CREATE*/	  {3,3,3,3,0,0,1,0,0,1},
+/*CT_UPDATE*/	  {2,2,2,2,0,0,2,0,0,0},
+/*CT_DELETE*/	  {2,2,2,2,0,0,2,0,0,0},
+/*CT_GET*/	  {3,3,3,3,0,0,2,0,0,0},
+/*CT_FLUSH*/	  {0,0,0,0,0,0,0,0,0,0},
+/*CT_EVENT*/	  {2,2,2,2,0,0,2,0,0,0},
+/*CT_VERSION*/	  {0,0,0,0,0,0,0,0,0,0},
+/*CT_HELP*/	  {0,0,0,0,0,0,0,0,0,0},
+/*EXP_LIST*/	  {0,0,0,0,0,0,0,0,0,0},
+/*EXP_CREATE*/	  {1,1,1,1,1,1,0,1,1,1},
+/*EXP_DELETE*/	  {1,1,1,1,0,0,0,0,0,0},
+/*EXP_GET*/	  {1,1,1,1,0,0,0,0,0,0},
+/*EXP_FLUSH*/	  {0,0,0,0,0,0,0,0,0,0},
+/*EXP_EVENT*/	  {0,0,0,0,0,0,0,0,0,0},
 };
 
 static const char *dccp_states[DCCP_CONNTRACK_MAX] = {
@@ -118,43 +121,43 @@ static int parse_options(char c,
 	u_int16_t port;
 
 	switch(c) {
-	case '1':
+	case 1:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, port);
 		nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_ORIG_SPORT;
 		break;
-	case '2':
+	case 2:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, port);
 		nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_ORIG_DPORT;
 		break;
-	case '3':
+	case 3:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, port);
 		nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_REPL_SPORT;
 		break;
-	case '4':
+	case 4:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, port);
 		nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_REPL_DPORT;
 		break;
-	case '5':
+	case 5:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(mask, ATTR_ORIG_PORT_SRC, port);
 		nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_MASK_SPORT;
 		break;
-	case '6':
+	case 6:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(mask, ATTR_ORIG_PORT_DST, port);
 		nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
 		*flags |= CT_DCCP_MASK_DPORT;
 		break;
-	case '7':
+	case 7:
 		for (i=0; i<DCCP_CONNTRACK_MAX; i++) {
 			if (strcmp(optarg, dccp_states[i]) == 0) {
 				nfct_set_attr_u8(ct, ATTR_DCCP_STATE, i);
@@ -166,18 +169,31 @@ static int parse_options(char c,
 				   "Unknown DCCP state `%s'", optarg);
 		*flags |= CT_DCCP_STATE;
 		break;
-	case '8':
+	case 8:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_SRC, port);
 		nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
 		*flags |= CT_DCCP_EXPTUPLE_SPORT;
 		break;
-	case '9':
+	case 9:
 		port = htons(atoi(optarg));
 		nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_DST, port); 
 		nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
 		*flags |= CT_DCCP_EXPTUPLE_DPORT;
 		break;
+	case 10:
+		if (strncasecmp(optarg, "client", strlen(optarg)) == 0) {
+			nfct_set_attr_u8(ct, ATTR_DCCP_ROLE,
+					 DCCP_CONNTRACK_ROLE_CLIENT);
+		} else if (strncasecmp(optarg, "server", strlen(optarg)) == 0) {
+			nfct_set_attr_u8(ct, ATTR_DCCP_ROLE,
+					 DCCP_CONNTRACK_ROLE_SERVER);
+		} else {
+			exit_error(PARAMETER_PROBLEM,
+				   "Unknown DCCP role `%s'", optarg);
+		}
+		*flags |= CT_DCCP_ROLE;
+		break;
 	}
 	return 1;
 }

