[netfilter-cvslog] r6417 - in trunk/conntrack: . extensions include
src
pablo at netfilter.org
pablo at netfilter.org
Sun Jan 15 04:10:03 CET 2006
Author: pablo at netfilter.org
Date: 2006-01-15 04:10:02 +0100 (Sun, 15 Jan 2006)
New Revision: 6417
Modified:
trunk/conntrack/ChangeLog
trunk/conntrack/configure.in
trunk/conntrack/extensions/libct_proto_sctp.c
trunk/conntrack/extensions/libct_proto_tcp.c
trunk/conntrack/extensions/libct_proto_udp.c
trunk/conntrack/include/conntrack.h
trunk/conntrack/src/conntrack.c
trunk/conntrack/test.sh
Log:
o Added missing parameters to set the ports of an expectation tuple
o Bumped version to 1.00beta2
Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/ChangeLog 2006-01-15 03:10:02 UTC (rev 6417)
@@ -1,3 +1,8 @@
+2006-01-15
+<pablo at netfilter.org>
+ o Added missing parameters to set the ports of an expectation tuple
+ o Bumped version to 1.00beta2
+
2005-12-26
<pablo at netfilter.org>
o add IPv6 support: main change
Modified: trunk/conntrack/configure.in
===================================================================
--- trunk/conntrack/configure.in 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/configure.in 2006-01-15 03:10:02 UTC (rev 6417)
@@ -2,7 +2,7 @@
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(conntrack, 1.00beta1)
+AM_INIT_AUTOMAKE(conntrack, 1.00beta2)
#AM_CONFIG_HEADER(config.h)
AC_PROG_CC
Modified: trunk/conntrack/extensions/libct_proto_sctp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_sctp.c 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_sctp.c 2006-01-15 03:10:02 UTC (rev 6417)
@@ -1,5 +1,6 @@
/*
* (C) 2005 by Harald Welte <laforge at netfilter.org>
+ * 2006 by Pablo Neira Ayuso <pablo at netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -21,7 +22,9 @@
{"orig-port-dst", 1, 0, '2'},
{"reply-port-src", 1, 0, '3'},
{"reply-port-dst", 1, 0, '4'},
- {"state", 1, 0, '7'},
+ {"state", 1, 0, '5'},
+ {"tuple-port-src", 1, 0, '6'},
+ {"tuple-port-dst", 1, 0, '7'},
{0, 0, 0, 0}
};
@@ -43,11 +46,14 @@
fprintf(stdout, "--reply-port-src reply source port\n");
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--state SCTP state, fe. ESTABLISHED\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -95,6 +101,18 @@
*flags |= SCTP_STATE;
}
break;
+ case '6':
+ if (optarg) {
+ exptuple->l4src.sctp.port = htons(atoi(optarg));
+ *flags |= SCTP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '7':
+ if (optarg) {
+ exptuple->l4dst.sctp.port = htons(atoi(optarg));
+ *flags |= SCTP_EXPTUPLE_DPORT;
+ }
+
}
return 1;
}
Modified: trunk/conntrack/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_tcp.c 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_tcp.c 2006-01-15 03:10:02 UTC (rev 6417)
@@ -25,6 +25,8 @@
{"mask-port-src", 1, 0, '5'},
{"mask-port-dst", 1, 0, '6'},
{"state", 1, 0, '7'},
+ {"tuple-port-src", 1, 0, '8'},
+ {"tuple-port-dst", 1, 0, '9'},
{0, 0, 0, 0}
};
@@ -49,12 +51,15 @@
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--mask-port-src mask source port\n");
fprintf(stdout, "--mask-port-dst mask destination port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -112,6 +117,18 @@
*flags |= TCP_STATE;
}
break;
+ case '8':
+ if (optarg) {
+ exptuple->l4src.tcp.port = htons(atoi(optarg));
+ *flags |= TCP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '9':
+ if (optarg) {
+ exptuple->l4dst.tcp.port = htons(atoi(optarg));
+ *flags |= TCP_EXPTUPLE_DPORT;
+ }
+ break;
}
return 1;
}
Modified: trunk/conntrack/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_udp.c 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_udp.c 2006-01-15 03:10:02 UTC (rev 6417)
@@ -22,6 +22,8 @@
{"reply-port-dst", 1, 0, '4'},
{"mask-port-src", 1, 0, '5'},
{"mask-port-dst", 1, 0, '6'},
+ {"tuple-port-src", 1, 0, '7'},
+ {"tuple-port-dst", 1, 0, '8'},
{0, 0, 0, 0}
};
@@ -33,11 +35,14 @@
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--mask-port-src mask source port\n");
fprintf(stdout, "--mask-port-dst mask destination port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -79,6 +84,18 @@
*flags |= UDP_MASK_DPORT;
}
break;
+ case '7':
+ if (optarg) {
+ exptuple->l4src.udp.port = htons(atoi(optarg));
+ *flags |= UDP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '8':
+ if (optarg) {
+ exptuple->l4dst.udp.port = htons(atoi(optarg));
+ *flags |= UDP_EXPTUPLE_DPORT;
+ }
+
}
return 1;
}
Modified: trunk/conntrack/include/conntrack.h
===================================================================
--- trunk/conntrack/include/conntrack.h 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/include/conntrack.h 2006-01-15 03:10:02 UTC (rev 6417)
@@ -134,6 +134,7 @@
int (*parse_opts)(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags);
Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/src/conntrack.c 2006-01-15 03:10:02 UTC (rev 6417)
@@ -812,7 +812,7 @@
default:
if (h && h->parse_opts
&&!h->parse_opts(c - h->option_offset, argv, &orig,
- &reply, &mask, &proto,
+ &reply, &exptuple, &mask, &proto,
&l4flags))
exit_error(PARAMETER_PROBLEM, "parse error\n");
Modified: trunk/conntrack/test.sh
===================================================================
--- trunk/conntrack/test.sh 2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/test.sh 2006-01-15 03:10:02 UTC (rev 6417)
@@ -78,7 +78,8 @@
--tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \
--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
- -t 200 --mask-port-src 10 --mask-port-dst 300
+ -t 200 --tuple-port-src 10 --tuple-port-dst 300 \
+ --mask-port-src 10 --mask-port-dst 300
;;
get-expect)
$CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \
More information about the netfilter-cvslog
mailing list