[netfilter-cvslog] r4148 - in trunk/conntrack: extensions src

laforge at netfilter.org laforge at netfilter.org
Fri Jul 22 09:40:36 CEST 2005


Author: laforge at netfilter.org
Date: 2005-07-22 09:40:26 +0200 (Fri, 22 Jul 2005)
New Revision: 4148

Modified:
   trunk/conntrack/extensions/libct_proto_icmp.c
   trunk/conntrack/extensions/libct_proto_sctp.c
   trunk/conntrack/extensions/libct_proto_tcp.c
   trunk/conntrack/extensions/libct_proto_udp.c
   trunk/conntrack/src/conntrack.c
   trunk/conntrack/src/libct.c
Log:
major re-sync with current names/definitions in libctnetlink and kernel


Modified: trunk/conntrack/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_icmp.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/extensions/libct_proto_icmp.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -1,5 +1,6 @@
 /*
  * (C) 2005 by Pablo Neira Ayuso <pablo at eurodev.net>
+ *	       Harald Welte <laforge at netfilter.org>
  *
  *      This program is free software; you can redistribute it and/or modify
  *      it under the terms of the GNU General Public License as published by
@@ -68,6 +69,21 @@
 	return 1;
 }
 
+void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple)
+{
+	if (cda[CTA_PROTO_ICMP_TYPE-1])
+		tuple->l4dst.icmp.type =
+			*(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_TYPE-1]);
+
+	if (cda[CTA_PROTO_ICMP_CODE-1])
+		tuple->l4dst.icmp.code =
+			*(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_CODE-1]);
+
+	if (cda[CTA_PROTO_ICMP_ID-1])
+		tuple->l4src.icmp.id =
+			*(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
+}
+
 int final_check(unsigned int flags,
 		struct ctnl_tuple *orig,
 		struct ctnl_tuple *reply)
@@ -82,7 +98,7 @@
 
 void print_proto(struct ctnl_tuple *t)
 {
-	fprintf(stdout, "type=%d code=%d id=%d", t->l4dst.icmp.type, 
+	fprintf(stdout, "type=%d code=%d id=%d ", t->l4dst.icmp.type, 
 				             	 t->l4dst.icmp.code,
 						 t->l4src.icmp.id);
 }
@@ -91,6 +107,7 @@
 	.name 		= "icmp",
 	.protonum	= 1,
 	.parse_opts	= parse,
+	.parse_proto	= parse_proto,
 	.print_proto	= print_proto,
 	.final_check	= final_check,
 	.help		= help,

Modified: trunk/conntrack/extensions/libct_proto_sctp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_sctp.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/extensions/libct_proto_sctp.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <getopt.h>
 #include <stdlib.h>
+#include <string.h>
 #include <netinet/in.h> /* For htons */
 #include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
 #include "libct_proto.h"
@@ -138,12 +139,12 @@
 
 void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple)
 {
-	if (cda[CTA_PROTO_SCTP_SRC-1])
+	if (cda[CTA_PROTO_SRC_PORT-1])
 		tuple->l4src.sctp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SCTP_SRC-1]);
-	if (cda[CTA_PROTO_SCTP_DST-1])
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
 		tuple->l4dst.sctp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SCTP_DST-1]);
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
 }
 
 void parse_protoinfo(struct nfattr *cda[], struct ctnl_conntrack *ct)

Modified: trunk/conntrack/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_tcp.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/extensions/libct_proto_tcp.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <getopt.h>
 #include <stdlib.h>
+#include <string.h>
 #include <netinet/in.h> /* For htons */
 #include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
 #include "libct_proto.h"
@@ -160,12 +161,12 @@
 
 void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple)
 {
-	if (cda[CTA_PROTO_TCP_SRC-1])
+	if (cda[CTA_PROTO_SRC_PORT-1])
 		tuple->l4src.tcp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_TCP_SRC-1]);
-	if (cda[CTA_PROTO_TCP_DST-1])
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
 		tuple->l4dst.tcp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_TCP_DST-1]);
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
 }
 
 void parse_protoinfo(struct nfattr *cda[], struct ctnl_conntrack *ct)

Modified: trunk/conntrack/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_udp.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/extensions/libct_proto_udp.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -127,12 +127,12 @@
 
 void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple)
 {
-	if (cda[CTA_PROTO_UDP_SRC-1])
+	if (cda[CTA_PROTO_SRC_PORT-1])
 		tuple->l4src.udp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_UDP_SRC-1]);
-	if (cda[CTA_PROTO_UDP_DST-1])
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
 		tuple->l4dst.udp.port =
-			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_UDP_DST-1]);
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
 }
 
 void print_proto(struct ctnl_tuple *tuple)

Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/src/conntrack.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -455,7 +455,7 @@
 }
 
 static void
-add_command(int *cmd, const int newcmd, const int othercmds)
+add_command(unsigned int *cmd, const int newcmd, const int othercmds)
 {
 	if (*cmd & (~othercmds))
 		exit_error(PARAMETER_PROBLEM, "Invalid commands combination\n");
@@ -884,7 +884,7 @@
 							 timeout);
 			else if (options & CT_OPT_REPL)
 				res = create_expectation(&reply,
-							 CTA_TUPLE_RPLY,
+							 CTA_TUPLE_REPLY,
 							 &exptuple,
 							 &mask,
 							 timeout);
@@ -909,7 +909,7 @@
 				res = delete_conntrack(&orig, CTA_TUPLE_ORIG, 
 						       CTNL_DIR_ORIGINAL);
 			else if (options & CT_OPT_REPL)
-				res = delete_conntrack(&reply, CTA_TUPLE_RPLY,
+				res = delete_conntrack(&reply, CTA_TUPLE_REPLY,
 						       CTNL_DIR_REPLY);
 			break;
 
@@ -917,21 +917,21 @@
 			if (options & CT_OPT_ORIG)
 				res = delete_expectation(&orig, CTA_TUPLE_ORIG);
 			else if (options & CT_OPT_REPL)
-				res = delete_expectation(&reply, CTA_TUPLE_RPLY);
+				res = delete_expectation(&reply, CTA_TUPLE_REPLY);
 			break;
 
 		case CT_GET:
 			if (options & CT_OPT_ORIG)
 				res = get_conntrack(&orig, CTA_TUPLE_ORIG, id);
 			else if (options & CT_OPT_REPL)
-				res = get_conntrack(&reply, CTA_TUPLE_RPLY, id);
+				res = get_conntrack(&reply, CTA_TUPLE_REPLY, id);
 			break;
 
 		case EXP_GET:
 			if (options & CT_OPT_ORIG)
 				res = get_expect(&orig, CTA_TUPLE_ORIG);
 			else if (options & CT_OPT_REPL)
-				res = get_expect(&reply, CTA_TUPLE_RPLY);
+				res = get_expect(&reply, CTA_TUPLE_REPLY);
 			break;
 
 		case CT_FLUSH:

Modified: trunk/conntrack/src/libct.c
===================================================================
--- trunk/conntrack/src/libct.c	2005-07-22 07:39:17 UTC (rev 4147)
+++ trunk/conntrack/src/libct.c	2005-07-22 07:40:26 UTC (rev 4148)
@@ -13,11 +13,12 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <errno.h>
+#include <string.h>
 /* From kernel.h */
 #define INT_MAX         ((int)(~0U>>1))
 #define INT_MIN         (-INT_MAX - 1)
 #include <linux/netfilter_ipv4/ip_conntrack.h>
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
 #include "libctnetlink.h"
 #include "libnfnetlink.h"
 #include "linux_list.h"
@@ -48,7 +49,7 @@
 
 	memset(tb, 0, CTA_IP_MAX * sizeof(struct nfattr *));
 
-        nfnl_parse_attr(tb, CTA_IP_MAX, NFA_DATA(attr), NFA_PAYLOAD(attr));
+        nfnl_parse_nested(tb, CTA_IP_MAX, attr);
 	if (tb[CTA_IP_V4_SRC-1])
 		tuple->src.v4 = *(u_int32_t *)NFA_DATA(tb[CTA_IP_V4_SRC-1]);
 
@@ -64,7 +65,7 @@
 
 	memset(tb, 0, CTA_PROTO_MAX * sizeof(struct nfattr *));
 
-	nfnl_parse_attr(tb, CTA_IP_MAX, NFA_DATA(attr), NFA_PAYLOAD(attr));	
+	nfnl_parse_nested(tb, CTA_IP_MAX, attr);
 	if (tb[CTA_PROTO_NUM-1])
 		tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);
 	
@@ -79,7 +80,7 @@
 
 	memset(tb, 0, CTA_TUPLE_MAX*sizeof(struct nfattr *));
 
-	nfnl_parse_attr(tb, CTA_TUPLE_MAX, NFA_DATA(attr), NFA_PAYLOAD(attr));
+	nfnl_parse_nested(tb, CTA_TUPLE_MAX, attr);
 	if (tb[CTA_TUPLE_IP-1])
 		parse_ip(tb[CTA_TUPLE_IP-1], tuple);
 	if (tb[CTA_TUPLE_PROTO-1])
@@ -93,7 +94,7 @@
 
 	memset(tb, 0, CTA_PROTOINFO_MAX*sizeof(struct nfattr *));
 
-	nfnl_parse_attr(tb,CTA_PROTOINFO_MAX,NFA_DATA(attr), NFA_PAYLOAD(attr));
+	nfnl_parse_nested(tb,CTA_PROTOINFO_MAX, attr);
 
 	h = findproto(proto2str[ct->tuple[CTNL_DIR_ORIGINAL].protonum]);
         if (h && h->parse_protoinfo)
@@ -107,27 +108,23 @@
 
 	memset(tb, 0, CTA_COUNTERS_MAX*sizeof(struct nfattr *));
 
-	nfnl_parse_attr(tb, CTA_COUNTERS_MAX, NFA_DATA(attr),NFA_PAYLOAD(attr));
-	if (tb[CTA_COUNTERS_PACKETS_ORIG-1])
+	nfnl_parse_nested(tb, CTA_COUNTERS_MAX, attr);
+	if (tb[CTA_COUNTERS_PACKETS-1])
 		ct->counters[CTNL_DIR_ORIGINAL].packets
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS_ORIG-1]);
-	if (tb[CTA_COUNTERS_BYTES_ORIG-1])
+		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]);
+	if (tb[CTA_COUNTERS_BYTES-1])
 		ct->counters[CTNL_DIR_ORIGINAL].bytes
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES_ORIG-1]);
-	if (tb[CTA_COUNTERS_PACKETS_RPLY-1])
-		ct->counters[CTNL_DIR_REPLY].packets
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS_RPLY-1]);
-	if (tb[CTA_COUNTERS_BYTES_RPLY-1])
-		ct->counters[CTNL_DIR_REPLY].bytes
-		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES_RPLY-1]);
+		      = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES-1]);
 }
 
+/* Some people seem to like counting in decimal... */
 #define STATUS		1
 #define PROTOINFO 	2
 #define TIMEOUT		4
 #define MARK		8
 #define COUNTERS	16
 #define USE		32
+#define ID		64
 
 static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
 {
@@ -153,7 +150,7 @@
 		case CTA_TUPLE_ORIG:
 			parse_tuple(attr, &ct.tuple[CTNL_DIR_ORIGINAL]);
 			break;
-		case CTA_TUPLE_RPLY:
+		case CTA_TUPLE_REPLY:
 			parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);
 			break;
 		case CTA_STATUS:
@@ -172,14 +169,19 @@
 			ct.mark = *(unsigned long *)NFA_DATA(attr);
 			flags |= MARK;
 			break;
-		case CTA_COUNTERS:
-			parse_counters(attr, &ct, CTA_COUNTERS-1);
+		case CTA_COUNTERS_ORIG:
+		case CTA_COUNTERS_REPLY:
+			parse_counters(attr, &ct, attr->nfa_type-1);
 			flags |= COUNTERS;
 			break;
 		case CTA_USE:
 			ct.use = *(unsigned int *)NFA_DATA(attr);
 			flags |= USE;
 			break;
+		case CTA_ID:
+			ct.id = *(u_int32_t *)NFA_DATA(attr);
+			flags |= ID;
+			break;
 		}
 		attr = NFA_NEXT(attr, attrlen);
 	}
@@ -227,6 +229,8 @@
 		fprintf(stdout, "mark=%lu ", ct.mark);
 	if (flags & USE)
 		fprintf(stdout, "use=%u ", ct.use);
+	if (flags & ID)
+		fprintf(stdout, "id=%u ", ct.id);
 
 	fprintf(stdout, "\n");
 
@@ -257,19 +261,22 @@
 }
 
 void parse_expect(struct nfattr *attr, struct ctnl_tuple *tuple, 
-		  struct ctnl_tuple *mask, unsigned long *timeout)
+		  struct ctnl_tuple *mask, unsigned long *timeout,
+		  u_int32_t *id)
 {
 	struct nfattr *tb[CTA_EXPECT_MAX];
 
 	memset(tb, 0, CTA_EXPECT_MAX*sizeof(struct nfattr *));
 
-	nfnl_parse_attr(tb, CTA_EXPECT_MAX, NFA_DATA(attr), NFA_PAYLOAD(attr));
+	nfnl_parse_nested(tb, CTA_EXPECT_MAX, attr);
 	if (tb[CTA_EXPECT_TUPLE-1])
 		parse_tuple(tb[CTA_EXPECT_TUPLE-1], tuple);
 	if (tb[CTA_EXPECT_MASK-1])
 		parse_tuple(tb[CTA_EXPECT_MASK-1], mask);
 	if (tb[CTA_EXPECT_TIMEOUT-1])
 		*timeout = *(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]);
+	if (tb[CTA_EXPECT_ID-1])
+		*id = *(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]);
 }
 
 static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
@@ -282,6 +289,8 @@
 	int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
 	struct ctnl_tuple tuple, mask;
 	unsigned long timeout = 0;
+	u_int32_t id = 0;
+	unsigned int flags;
 
 	memset(&tuple, 0, sizeof(struct ctnl_tuple));
 	memset(&mask, 0, sizeof(struct ctnl_tuple));
@@ -294,7 +303,8 @@
 	while (NFA_OK(attr, attrlen)) {
 		switch(attr->nfa_type) {
 			case CTA_EXPECT:
-				parse_expect(attr, &tuple, &mask, &timeout);
+				parse_expect(attr, &tuple, &mask, &timeout,
+					     &id);
 				break;
 		}
 		attr = NFA_NEXT(attr, attrlen);
@@ -305,10 +315,14 @@
 		NIPQUAD(tuple.src.v4),
 		NIPQUAD(tuple.dst.v4));
 
-	fprintf(stdout, "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
+	fprintf(stdout, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ",
 		NIPQUAD(mask.src.v4),
 		NIPQUAD(mask.dst.v4));
 
+	fprintf(stdout, "id=0x%x ", id);
+	
+	fputc('\n', stdout);
+
 	return 0;
 }
 




More information about the netfilter-cvslog mailing list