[netfilter-cvslog] r6417 - in trunk/conntrack: . extensions include src

pablo at netfilter.org pablo at netfilter.org
Sun Jan 15 04:10:03 CET 2006


Author: pablo at netfilter.org
Date: 2006-01-15 04:10:02 +0100 (Sun, 15 Jan 2006)
New Revision: 6417

Modified:
   trunk/conntrack/ChangeLog
   trunk/conntrack/configure.in
   trunk/conntrack/extensions/libct_proto_sctp.c
   trunk/conntrack/extensions/libct_proto_tcp.c
   trunk/conntrack/extensions/libct_proto_udp.c
   trunk/conntrack/include/conntrack.h
   trunk/conntrack/src/conntrack.c
   trunk/conntrack/test.sh
Log:
o Added missing parameters to set the ports of an expectation tuple
o Bumped version to 1.00beta2



Modified: trunk/conntrack/ChangeLog
===================================================================
--- trunk/conntrack/ChangeLog	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/ChangeLog	2006-01-15 03:10:02 UTC (rev 6417)
@@ -1,3 +1,8 @@
+2006-01-15
+<pablo at netfilter.org>
+	o Added missing parameters to set the ports of an expectation tuple
+	o Bumped version to 1.00beta2
+
 2005-12-26
 <pablo at netfilter.org>
 	o add IPv6 support: main change

Modified: trunk/conntrack/configure.in
===================================================================
--- trunk/conntrack/configure.in	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/configure.in	2006-01-15 03:10:02 UTC (rev 6417)
@@ -2,7 +2,7 @@
 
 AC_CANONICAL_SYSTEM
 
-AM_INIT_AUTOMAKE(conntrack, 1.00beta1)
+AM_INIT_AUTOMAKE(conntrack, 1.00beta2)
 #AM_CONFIG_HEADER(config.h)
 
 AC_PROG_CC

Modified: trunk/conntrack/extensions/libct_proto_sctp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_sctp.c	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_sctp.c	2006-01-15 03:10:02 UTC (rev 6417)
@@ -1,5 +1,6 @@
 /*
  * (C) 2005 by Harald Welte <laforge at netfilter.org>
+ *     2006 by Pablo Neira Ayuso <pablo at netfilter.org>
  *
  *      This program is free software; you can redistribute it and/or modify
  *      it under the terms of the GNU General Public License as published by
@@ -21,7 +22,9 @@
 	{"orig-port-dst", 1, 0, '2'},
 	{"reply-port-src", 1, 0, '3'},
 	{"reply-port-dst", 1, 0, '4'},
-	{"state", 1, 0, '7'},
+	{"state", 1, 0, '5'},
+	{"tuple-port-src", 1, 0, '6'},
+	{"tuple-port-dst", 1, 0, '7'},
 	{0, 0, 0, 0}
 };
 
@@ -43,11 +46,14 @@
 	fprintf(stdout, "--reply-port-src       reply source port\n");
 	fprintf(stdout, "--reply-port-dst       reply destination port\n");
 	fprintf(stdout, "--state                SCTP state, fe. ESTABLISHED\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple src port\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple dst port\n");
 }
 
 static int parse_options(char c, char *argv[], 
 			 struct nfct_tuple *orig,
 			 struct nfct_tuple *reply,
+			 struct nfct_tuple *exptuple,
 			 struct nfct_tuple *mask,
 			 union nfct_protoinfo *proto,
 			 unsigned int *flags)
@@ -95,6 +101,18 @@
 				*flags |= SCTP_STATE;
 			}
 			break;
+		case '6':
+			if (optarg) {
+				exptuple->l4src.sctp.port = htons(atoi(optarg));
+				*flags |= SCTP_EXPTUPLE_SPORT;
+			}
+			break;
+		case '7':
+			if (optarg) {
+				exptuple->l4dst.sctp.port = htons(atoi(optarg));
+				*flags |= SCTP_EXPTUPLE_DPORT;
+			}
+
 	}
 	return 1;
 }

Modified: trunk/conntrack/extensions/libct_proto_tcp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_tcp.c	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_tcp.c	2006-01-15 03:10:02 UTC (rev 6417)
@@ -25,6 +25,8 @@
 	{"mask-port-src", 1, 0, '5'},
 	{"mask-port-dst", 1, 0, '6'},
 	{"state", 1, 0, '7'},
+	{"tuple-port-src", 1, 0, '8'},
+	{"tuple-port-dst", 1, 0, '9'},
 	{0, 0, 0, 0}
 };
 
@@ -49,12 +51,15 @@
 	fprintf(stdout, "--reply-port-dst       reply destination port\n");
 	fprintf(stdout, "--mask-port-src	mask source port\n");
 	fprintf(stdout, "--mask-port-dst	mask destination port\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple src port\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple dst port\n");
 	fprintf(stdout, "--state                TCP state, fe. ESTABLISHED\n");
 }
 
 static int parse_options(char c, char *argv[], 
 			 struct nfct_tuple *orig,
 			 struct nfct_tuple *reply,
+			 struct nfct_tuple *exptuple,
 			 struct nfct_tuple *mask,
 			 union nfct_protoinfo *proto,
 			 unsigned int *flags)
@@ -112,6 +117,18 @@
 				*flags |= TCP_STATE;
 			}
 			break;
+		case '8':
+			if (optarg) {
+				exptuple->l4src.tcp.port = htons(atoi(optarg));
+				*flags |= TCP_EXPTUPLE_SPORT;
+			}
+			break;
+		case '9':
+			if (optarg) {
+				exptuple->l4dst.tcp.port = htons(atoi(optarg));
+				*flags |= TCP_EXPTUPLE_DPORT;
+			}
+			break;
 	}
 	return 1;
 }

Modified: trunk/conntrack/extensions/libct_proto_udp.c
===================================================================
--- trunk/conntrack/extensions/libct_proto_udp.c	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/extensions/libct_proto_udp.c	2006-01-15 03:10:02 UTC (rev 6417)
@@ -22,6 +22,8 @@
 	{"reply-port-dst", 1, 0, '4'},
 	{"mask-port-src", 1, 0, '5'},
 	{"mask-port-dst", 1, 0, '6'},
+	{"tuple-port-src", 1, 0, '7'},
+	{"tuple-port-dst", 1, 0, '8'},
 	{0, 0, 0, 0}
 };
 
@@ -33,11 +35,14 @@
 	fprintf(stdout, "--reply-port-dst       reply destination port\n");
 	fprintf(stdout, "--mask-port-src	mask source port\n");
 	fprintf(stdout, "--mask-port-dst	mask destination port\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple src port\n");
+	fprintf(stdout, "--tuple-port-src	expectation tuple dst port\n");
 }
 
 static int parse_options(char c, char *argv[], 
 			 struct nfct_tuple *orig,
 			 struct nfct_tuple *reply,
+			 struct nfct_tuple *exptuple,
 			 struct nfct_tuple *mask,
 			 union nfct_protoinfo *proto,
 			 unsigned int *flags)
@@ -79,6 +84,18 @@
 				*flags |= UDP_MASK_DPORT;
 			}
 			break;
+		case '7':
+			if (optarg) {
+				exptuple->l4src.udp.port = htons(atoi(optarg));
+				*flags |= UDP_EXPTUPLE_SPORT;
+			}
+			break;
+		case '8':
+			if (optarg) {
+				exptuple->l4dst.udp.port = htons(atoi(optarg));
+				*flags |= UDP_EXPTUPLE_DPORT;
+			}
+
 	}
 	return 1;
 }

Modified: trunk/conntrack/include/conntrack.h
===================================================================
--- trunk/conntrack/include/conntrack.h	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/include/conntrack.h	2006-01-15 03:10:02 UTC (rev 6417)
@@ -134,6 +134,7 @@
 	int (*parse_opts)(char c, char *argv[], 
 		     struct nfct_tuple *orig,
 		     struct nfct_tuple *reply,
+		     struct nfct_tuple *exptuple,
 		     struct nfct_tuple *mask,
 		     union nfct_protoinfo *proto,
 		     unsigned int *flags);

Modified: trunk/conntrack/src/conntrack.c
===================================================================
--- trunk/conntrack/src/conntrack.c	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/src/conntrack.c	2006-01-15 03:10:02 UTC (rev 6417)
@@ -812,7 +812,7 @@
 		default:
 			if (h && h->parse_opts 
 			    &&!h->parse_opts(c - h->option_offset, argv, &orig, 
-				             &reply, &mask, &proto, 
+				             &reply, &exptuple, &mask, &proto, 
 					     &l4flags))
 				exit_error(PARAMETER_PROBLEM, "parse error\n");
 

Modified: trunk/conntrack/test.sh
===================================================================
--- trunk/conntrack/test.sh	2006-01-15 03:08:46 UTC (rev 6416)
+++ trunk/conntrack/test.sh	2006-01-15 03:10:02 UTC (rev 6417)
@@ -78,7 +78,8 @@
 		--tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \
 		--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
 		-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
-		-t 200 --mask-port-src 10 --mask-port-dst 300
+		-t 200 --tuple-port-src 10 --tuple-port-dst 300 \
+		--mask-port-src 10 --mask-port-dst 300
 		;;
 	get-expect)
 		$CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \




More information about the netfilter-cvslog mailing list