[netfilter-cvslog] r4444 - in trunk/conntrack: . extensions include src

pablo at netfilter.org pablo at netfilter.org
Thu Nov 3 21:47:19 CET 2005 

Author: pablo at netfilter.org
Date: 2005-11-03 21:47:17 +0100 (Thu, 03 Nov 2005)
New Revision: 4444

Modified:
   trunk/conntrack/ChangeLog
   trunk/conntrack/extensions/libct_proto_icmp.c
   trunk/conntrack/extensions/libct_proto_sctp.c
   trunk/conntrack/extensions/libct_proto_tcp.c
   trunk/conntrack/extensions/libct_proto_udp.c
   trunk/conntrack/include/conntrack.h
   trunk/conntrack/src/conntrack.c
Log:
See ChangeLog



Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/ChangeLog	2005-11-03 20:47:17 UTC (rev 4444)
@@ -5,6 +5,13 @@
 	CAP_NET_ADMIN
 <pablo at eurodev.net>
 	o check if --state missing when -p is passed
+	o command type is passed to final_check: checkings based on the
+	command can be done now.
+	o kill duplicated definition of IPS_* bits: Already present in 
+	libnetfilter_conntrack.
+	o Move action and command enum to conntrack.h
+	o kill NIPQUAD macro
+	o make conntrack handler cth static.
 	o Bumped version to 0.96
 
 2005-11-01

Modified: trunk/conntrack/extensions/libct_proto_icmp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_icmp.c	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/extensions/libct_proto_icmp.c	2005-11-03 20:47:17 UTC (rev 4444)
@@ -87,6 +87,7 @@
 }
 
 int final_check(unsigned int flags,
+		unsigned int command,
 		struct nfct_tuple *orig,
 		struct nfct_tuple *reply)
 {

Modified: trunk/conntrack/extensions/libct_proto_sctp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_sctp.c	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/extensions/libct_proto_sctp.c	2005-11-03 20:47:17 UTC (rev 4444)
@@ -116,6 +116,7 @@
 }
 
 int final_check(unsigned int flags,
+		unsigned int command,
 		struct nfct_tuple *orig,
 		struct nfct_tuple *reply)
 {
@@ -136,10 +137,11 @@
 	    && ((flags & (REPL_SPORT|REPL_DPORT))))
 		ret = 1;
 
-	if (ret & (flags & STATE))
-		return 1;
+	/* --state is missing and we are trying to create a conntrack */
+	if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+		ret = 0;
 
-	return 0;
+	return ret;
 }
 
 static struct ctproto_handler sctp = {

Modified: trunk/conntrack/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_tcp.c	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/extensions/libct_proto_tcp.c	2005-11-03 20:47:17 UTC (rev 4444)
@@ -139,6 +139,7 @@
 }
 
 int final_check(unsigned int flags,
+		unsigned int command,
 		struct nfct_tuple *orig,
 		struct nfct_tuple *reply)
 {
@@ -159,10 +160,11 @@
 	    && ((flags & (REPL_SPORT|REPL_DPORT))))
 		ret = 1;
 
-	if (ret && (flags & STATE))
-		return 1;
+	/* --state is missing and we are trying to create a conntrack */
+	if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+		ret = 0;
 
-	return 0;
+	return ret;
 }
 
 static struct ctproto_handler tcp = {

Modified: trunk/conntrack/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_udp.c	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/extensions/libct_proto_udp.c	2005-11-03 20:47:17 UTC (rev 4444)
@@ -103,6 +103,7 @@
 }
 
 int final_check(unsigned int flags,
+		unsigned int command,
 		struct nfct_tuple *orig,
 		struct nfct_tuple *reply)
 {

Modified: trunk/conntrack/include/conntrack.h
===================================================================
--- trunk/conntrack/include/conntrack.h	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/include/conntrack.h	2005-11-03 20:47:17 UTC (rev 4444)
@@ -8,13 +8,113 @@
 #define PROGNAME "conntrack"
 #define CONNTRACK_VERSION "0.96"
 
-/* FIXME: These should be independent from kernel space */
-#define IPS_ASSURED (1 << 2)
-#define IPS_SEEN_REPLY (1 << 1)
-#define IPS_SRC_NAT_DONE (1 << 7)
-#define IPS_DST_NAT_DONE (1 << 8)
-#define IPS_CONFIRMED (1 << 3)
+enum action {
+	CT_NONE		= 0,
+	
+	CT_LIST_BIT 	= 0,
+	CT_LIST 	= (1 << CT_LIST_BIT),
+	
+	CT_CREATE_BIT	= 1,
+	CT_CREATE	= (1 << CT_CREATE_BIT),
 
+	CT_UPDATE_BIT	= 2,
+	CT_UPDATE	= (1 << CT_UPDATE_BIT),
+	
+	CT_DELETE_BIT	= 3,
+	CT_DELETE	= (1 << CT_DELETE_BIT),
+	
+	CT_GET_BIT	= 4,
+	CT_GET		= (1 << CT_GET_BIT),
+
+	CT_FLUSH_BIT	= 5,
+	CT_FLUSH	= (1 << CT_FLUSH_BIT),
+
+	CT_EVENT_BIT	= 6,
+	CT_EVENT	= (1 << CT_EVENT_BIT),
+
+	CT_VERSION_BIT	= 7,
+	CT_VERSION	= (1 << CT_VERSION_BIT),
+
+	CT_HELP_BIT	= 8,
+	CT_HELP		= (1 << CT_HELP_BIT),
+
+	EXP_LIST_BIT 	= 9,
+	EXP_LIST 	= (1 << EXP_LIST_BIT),
+	
+	EXP_CREATE_BIT	= 10,
+	EXP_CREATE	= (1 << EXP_CREATE_BIT),
+	
+	EXP_DELETE_BIT	= 11,
+	EXP_DELETE	= (1 << EXP_DELETE_BIT),
+	
+	EXP_GET_BIT	= 12,
+	EXP_GET		= (1 << EXP_GET_BIT),
+
+	EXP_FLUSH_BIT	= 13,
+	EXP_FLUSH	= (1 << EXP_FLUSH_BIT),
+
+	EXP_EVENT_BIT	= 14,
+	EXP_EVENT	= (1 << EXP_EVENT_BIT),
+};
+#define NUMBER_OF_CMD   15
+
+enum options {
+	CT_OPT_ORIG_SRC_BIT	= 0,
+	CT_OPT_ORIG_SRC 	= (1 << CT_OPT_ORIG_SRC_BIT),
+	
+	CT_OPT_ORIG_DST_BIT	= 1,
+	CT_OPT_ORIG_DST		= (1 << CT_OPT_ORIG_DST_BIT),
+
+	CT_OPT_ORIG		= (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST),
+	
+	CT_OPT_REPL_SRC_BIT	= 2,
+	CT_OPT_REPL_SRC		= (1 << CT_OPT_REPL_SRC_BIT),
+	
+	CT_OPT_REPL_DST_BIT	= 3,
+	CT_OPT_REPL_DST		= (1 << CT_OPT_REPL_DST_BIT),
+
+	CT_OPT_REPL		= (CT_OPT_REPL_SRC | CT_OPT_REPL_DST),
+
+	CT_OPT_PROTO_BIT	= 4,
+	CT_OPT_PROTO		= (1 << CT_OPT_PROTO_BIT),
+
+	CT_OPT_TIMEOUT_BIT	= 5,
+	CT_OPT_TIMEOUT		= (1 << CT_OPT_TIMEOUT_BIT),
+
+	CT_OPT_STATUS_BIT	= 6,
+	CT_OPT_STATUS		= (1 << CT_OPT_STATUS_BIT),
+
+	CT_OPT_ZERO_BIT		= 7,
+	CT_OPT_ZERO		= (1 << CT_OPT_ZERO_BIT),
+
+	CT_OPT_EVENT_MASK_BIT	= 8,
+	CT_OPT_EVENT_MASK	= (1 << CT_OPT_EVENT_MASK_BIT),
+
+	CT_OPT_EXP_SRC_BIT	= 9,
+	CT_OPT_EXP_SRC		= (1 << CT_OPT_EXP_SRC_BIT),
+
+	CT_OPT_EXP_DST_BIT	= 10,
+	CT_OPT_EXP_DST		= (1 << CT_OPT_EXP_DST_BIT),
+
+	CT_OPT_MASK_SRC_BIT	= 11,
+	CT_OPT_MASK_SRC		= (1 << CT_OPT_MASK_SRC_BIT),
+
+	CT_OPT_MASK_DST_BIT	= 12,
+	CT_OPT_MASK_DST		= (1 << CT_OPT_MASK_DST_BIT),
+
+	CT_OPT_NATRANGE_BIT	= 13,
+	CT_OPT_NATRANGE		= (1 << CT_OPT_NATRANGE_BIT),
+
+	CT_OPT_MARK_BIT		= 14,
+	CT_OPT_MARK		= (1 << CT_OPT_MARK_BIT),
+
+	CT_OPT_ID_BIT		= 15,
+	CT_OPT_ID		= (1 << CT_OPT_ID_BIT),
+
+	CT_OPT_MAX		= CT_OPT_ID
+};
+#define NUMBER_OF_OPT   CT_OPT_MAX
+
 struct ctproto_handler {
 	struct list_head 	head;
 
@@ -32,6 +132,7 @@
 		     unsigned int *flags);
 
 	int (*final_check)(unsigned int flags,
+			   unsigned int command,
 			   struct nfct_tuple *orig,
 			   struct nfct_tuple *reply);
 
@@ -44,10 +145,4 @@
 
 extern void register_proto(struct ctproto_handler *h);
 
-#define NIPQUAD(addr) \
-	((unsigned char *)&addr)[0], \
-	((unsigned char *)&addr)[1], \
-	((unsigned char *)&addr)[2], \
-	((unsigned char *)&addr)[3]
-
 #endif

Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2005-11-03 19:57:50 UTC (rev 4443)
+++ trunk/conntrack/src/conntrack.c	2005-11-03 20:47:17 UTC (rev 4444)
@@ -52,119 +52,12 @@
 #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
 #endif
 
-enum action {
-	CT_NONE		= 0,
-	
-	CT_LIST_BIT 	= 0,
-	CT_LIST 	= (1 << CT_LIST_BIT),
-	
-	CT_CREATE_BIT	= 1,
-	CT_CREATE	= (1 << CT_CREATE_BIT),
-
-	CT_UPDATE_BIT	= 2,
-	CT_UPDATE	= (1 << CT_UPDATE_BIT),
-	
-	CT_DELETE_BIT	= 3,
-	CT_DELETE	= (1 << CT_DELETE_BIT),
-	
-	CT_GET_BIT	= 4,
-	CT_GET		= (1 << CT_GET_BIT),
-
-	CT_FLUSH_BIT	= 5,
-	CT_FLUSH	= (1 << CT_FLUSH_BIT),
-
-	CT_EVENT_BIT	= 6,
-	CT_EVENT	= (1 << CT_EVENT_BIT),
-
-	CT_VERSION_BIT	= 7,
-	CT_VERSION	= (1 << CT_VERSION_BIT),
-
-	CT_HELP_BIT	= 8,
-	CT_HELP		= (1 << CT_HELP_BIT),
-
-	EXP_LIST_BIT 	= 9,
-	EXP_LIST 	= (1 << EXP_LIST_BIT),
-	
-	EXP_CREATE_BIT	= 10,
-	EXP_CREATE	= (1 << EXP_CREATE_BIT),
-	
-	EXP_DELETE_BIT	= 11,
-	EXP_DELETE	= (1 << EXP_DELETE_BIT),
-	
-	EXP_GET_BIT	= 12,
-	EXP_GET		= (1 << EXP_GET_BIT),
-
-	EXP_FLUSH_BIT	= 13,
-	EXP_FLUSH	= (1 << EXP_FLUSH_BIT),
-
-	EXP_EVENT_BIT	= 14,
-	EXP_EVENT	= (1 << EXP_EVENT_BIT),
-};
-#define NUMBER_OF_CMD   15
-
 static const char cmdflags[NUMBER_OF_CMD]
 = {'L','I','U','D','G','F','E','V','h','L','I','D','G','F','E'};
 
 static const char cmd_need_param[NUMBER_OF_CMD]
 = {' ','x','x','x','x',' ',' ',' ',' ',' ','x','x','x',' ',' '};
 
-enum options {
-	CT_OPT_ORIG_SRC_BIT	= 0,
-	CT_OPT_ORIG_SRC 	= (1 << CT_OPT_ORIG_SRC_BIT),
-	
-	CT_OPT_ORIG_DST_BIT	= 1,
-	CT_OPT_ORIG_DST		= (1 << CT_OPT_ORIG_DST_BIT),
-
-	CT_OPT_ORIG		= (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST),
-	
-	CT_OPT_REPL_SRC_BIT	= 2,
-	CT_OPT_REPL_SRC		= (1 << CT_OPT_REPL_SRC_BIT),
-	
-	CT_OPT_REPL_DST_BIT	= 3,
-	CT_OPT_REPL_DST		= (1 << CT_OPT_REPL_DST_BIT),
-
-	CT_OPT_REPL		= (CT_OPT_REPL_SRC | CT_OPT_REPL_DST),
-
-	CT_OPT_PROTO_BIT	= 4,
-	CT_OPT_PROTO		= (1 << CT_OPT_PROTO_BIT),
-
-	CT_OPT_TIMEOUT_BIT	= 5,
-	CT_OPT_TIMEOUT		= (1 << CT_OPT_TIMEOUT_BIT),
-
-	CT_OPT_STATUS_BIT	= 6,
-	CT_OPT_STATUS		= (1 << CT_OPT_STATUS_BIT),
-
-	CT_OPT_ZERO_BIT		= 7,
-	CT_OPT_ZERO		= (1 << CT_OPT_ZERO_BIT),
-
-	CT_OPT_EVENT_MASK_BIT	= 8,
-	CT_OPT_EVENT_MASK	= (1 << CT_OPT_EVENT_MASK_BIT),
-
-	CT_OPT_EXP_SRC_BIT	= 9,
-	CT_OPT_EXP_SRC		= (1 << CT_OPT_EXP_SRC_BIT),
-
-	CT_OPT_EXP_DST_BIT	= 10,
-	CT_OPT_EXP_DST		= (1 << CT_OPT_EXP_DST_BIT),
-
-	CT_OPT_MASK_SRC_BIT	= 11,
-	CT_OPT_MASK_SRC		= (1 << CT_OPT_MASK_SRC_BIT),
-
-	CT_OPT_MASK_DST_BIT	= 12,
-	CT_OPT_MASK_DST		= (1 << CT_OPT_MASK_DST_BIT),
-
-	CT_OPT_NATRANGE_BIT	= 13,
-	CT_OPT_NATRANGE		= (1 << CT_OPT_NATRANGE_BIT),
-
-	CT_OPT_MARK_BIT		= 14,
-	CT_OPT_MARK		= (1 << CT_OPT_MARK_BIT),
-
-	CT_OPT_ID_BIT		= 15,
-	CT_OPT_ID		= (1 << CT_OPT_ID_BIT),
-
-	CT_OPT_MAX		= CT_OPT_ID
-};
-#define NUMBER_OF_OPT   CT_OPT_MAX
-
 static const char optflags[NUMBER_OF_OPT]
 = {'s','d','r','q','p','t','u','z','e','[',']','{','}','a','m','i'};
 
@@ -199,7 +92,7 @@
 
 #define OPTION_OFFSET 256
 
-struct nfct_handle *cth;
+static struct nfct_handle *cth;
 static struct option *opts = original_opts;
 static unsigned int global_option_offset = 0;
 
@@ -895,7 +788,7 @@
 
 	if (!(command & CT_HELP)
 	    && h && h->final_check 
-	    && !h->final_check(extra_flags, &orig, &reply)) {
+	    && !h->final_check(extra_flags, command, &orig, &reply)) {
 		usage(argv[0]);
 		extension_help(h);
 		exit_error(PARAMETER_PROBLEM, "Missing protocol arguments!\n");

More information about the netfilter-cvslog mailing list