diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libct_proto_dccp.c | 50 | ||||
-rw-r--r-- | extensions/libct_proto_gre.c | 42 | ||||
-rw-r--r-- | extensions/libct_proto_icmp.c | 47 | ||||
-rw-r--r-- | extensions/libct_proto_icmpv6.c | 47 | ||||
-rw-r--r-- | extensions/libct_proto_sctp.c | 45 | ||||
-rw-r--r-- | extensions/libct_proto_tcp.c | 43 | ||||
-rw-r--r-- | extensions/libct_proto_udp.c | 42 | ||||
-rw-r--r-- | extensions/libct_proto_udplite.c | 42 | ||||
-rw-r--r-- | extensions/libct_proto_unknown.c | 11 |
9 files changed, 241 insertions, 128 deletions
diff --git a/extensions/libct_proto_dccp.c b/extensions/libct_proto_dccp.c index f6258ad..0204929 100644 --- a/extensions/libct_proto_dccp.c +++ b/extensions/libct_proto_dccp.c @@ -67,22 +67,23 @@ static const char *dccp_optflags[DCCP_OPT_MAX] = { static char dccp_commands_v_options[NUMBER_OF_CMD][DCCP_OPT_MAX] = /* Well, it's better than "Re: Sevilla vs Betis" */ { - /* 1 2 3 4 5 6 7 8 9 10*/ -/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1}, -/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,2,0,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 9 10 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0,1}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0,0}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0,0}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0,1}, }; static const char *dccp_states[DCCP_CONNTRACK_MAX] = { @@ -198,6 +199,22 @@ static int parse_options(char c, return 1; } + +static const char *dccp_roles[__DCCP_CONNTRACK_ROLE_MAX] = { + [DCCP_CONNTRACK_ROLE_CLIENT] = "client", + [DCCP_CONNTRACK_ROLE_SERVER] = "server", +}; + +static const struct ct_print_opts dccp_print_opts[] = { + { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, NULL }, + { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, NULL }, + { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, NULL }, + { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, NULL }, + { "--state", ATTR_DCCP_STATE, CT_ATTR_TYPE_U8, DCCP_CONNTRACK_MAX, dccp_states }, + { "--role", ATTR_DCCP_ROLE, CT_ATTR_TYPE_U8, __DCCP_CONNTRACK_ROLE_MAX, dccp_roles }, + {}, +}; + #define DCCP_VALID_FLAGS_MAX 2 static unsigned int dccp_valid_flags[DCCP_VALID_FLAGS_MAX] = { CT_DCCP_ORIG_SPORT | CT_DCCP_ORIG_DPORT, @@ -235,6 +252,7 @@ static struct ctproto_handler dccp = { .protonum = IPPROTO_DCCP, .parse_opts = parse_options, .final_check = final_check, + .print_opts = dccp_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_gre.c b/extensions/libct_proto_gre.c index 2dc63d1..2f216b9 100644 --- a/extensions/libct_proto_gre.c +++ b/extensions/libct_proto_gre.c @@ -66,22 +66,23 @@ static void help(void) static char gre_commands_v_options[NUMBER_OF_CMD][GRE_OPT_MAX] = { - /* 1 2 3 4 5 6 7 8 */ -/*CT_LIST*/ {2,2,2,2,0,0,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,0,0}, -/*CT_UPDATE*/ {2,2,2,2,0,0,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,1,1,1,1,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,0,0}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,1,1,1,1,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,0,0}, }; static int parse_options(char c, @@ -144,6 +145,14 @@ static int parse_options(char c, return 1; } +static const struct ct_print_opts gre_print_opts[] = { + { "--srckey", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--dstkey", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-key-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-key-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + {}, +}; + #define GRE_VALID_FLAGS_MAX 2 static unsigned int gre_valid_flags[GRE_VALID_FLAGS_MAX] = { CT_GRE_ORIG_SKEY | CT_GRE_ORIG_DKEY, @@ -181,6 +190,7 @@ static struct ctproto_handler gre = { .protonum = IPPROTO_GRE, .parse_opts = parse_options, .final_check = final_check, + .print_opts = gre_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index 2ce1c65..9f67cf4 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -40,22 +40,23 @@ static const char *icmp_optflags[ICMP_NUMBER_OF_OPT] = { static char icmp_commands_v_options[NUMBER_OF_CMD][ICMP_NUMBER_OF_OPT] = /* Well, it's better than "Re: Maradona vs Pele" */ { - /* 1 2 3 */ -/*CT_LIST*/ {2,2,2}, -/*CT_CREATE*/ {1,1,2}, -/*CT_UPDATE*/ {2,2,2}, -/*CT_DELETE*/ {2,2,2}, -/*CT_GET*/ {1,1,2}, -/*CT_FLUSH*/ {0,0,0}, -/*CT_EVENT*/ {2,2,2}, -/*CT_VERSION*/ {0,0,0}, -/*CT_HELP*/ {0,0,0}, -/*EXP_LIST*/ {0,0,0}, -/*EXP_CREATE*/ {0,0,0}, -/*EXP_DELETE*/ {0,0,0}, -/*EXP_GET*/ {0,0,0}, -/*EXP_FLUSH*/ {0,0,0}, -/*EXP_EVENT*/ {0,0,0}, + /* 1 2 3 */ + [CT_LIST_BIT] = {2,2,2}, + [CT_CREATE_BIT] = {1,1,2}, + [CT_UPDATE_BIT] = {2,2,2}, + [CT_DELETE_BIT] = {2,2,2}, + [CT_GET_BIT] = {1,1,2}, + [CT_FLUSH_BIT] = {0,0,0}, + [CT_EVENT_BIT] = {2,2,2}, + [CT_VERSION_BIT] = {0,0,0}, + [CT_HELP_BIT] = {0,0,0}, + [EXP_LIST_BIT] = {0,0,0}, + [EXP_CREATE_BIT] = {0,0,0}, + [EXP_DELETE_BIT] = {0,0,0}, + [EXP_GET_BIT] = {0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0}, + [EXP_EVENT_BIT] = {0,0,0}, + [CT_ADD_BIT] = {1,1,2}, }; static void help(void) @@ -78,24 +79,37 @@ static int parse(char c, tmp = atoi(optarg); nfct_set_attr_u8(ct, ATTR_ICMP_TYPE, tmp); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP); *flags |= CT_ICMP_TYPE; break; case '2': tmp = atoi(optarg); nfct_set_attr_u8(ct, ATTR_ICMP_CODE, tmp); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP); *flags |= CT_ICMP_CODE; break; case '3': id = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_ICMP_ID, id); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP); *flags |= CT_ICMP_ID; break; } return 1; } +static const struct ct_print_opts icmp_print_opts[] = { + { "--icmp-type", ATTR_ICMP_TYPE, CT_ATTR_TYPE_U8, 0, 0 }, + { "--icmp-code", ATTR_ICMP_CODE, CT_ATTR_TYPE_U8, 0, 0 }, + { "--icmp-id", ATTR_ICMP_ID, CT_ATTR_TYPE_BE16, 0, 0 }, + {} +}; + static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) @@ -111,6 +125,7 @@ static struct ctproto_handler icmp = { .protonum = IPPROTO_ICMP, .parse_opts = parse, .final_check = final_check, + .print_opts = icmp_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_icmpv6.c b/extensions/libct_proto_icmpv6.c index 18dd3e5..216757e 100644 --- a/extensions/libct_proto_icmpv6.c +++ b/extensions/libct_proto_icmpv6.c @@ -43,22 +43,23 @@ static const char *icmpv6_optflags[ICMPV6_NUMBER_OF_OPT] = { static char icmpv6_commands_v_options[NUMBER_OF_CMD][ICMPV6_NUMBER_OF_OPT] = /* Well, it's better than "Re: Maradona vs Pele" */ { - /* 1 2 3 */ -/*CT_LIST*/ {2,2,2}, -/*CT_CREATE*/ {1,1,2}, -/*CT_UPDATE*/ {2,2,2}, -/*CT_DELETE*/ {2,2,2}, -/*CT_GET*/ {1,1,2}, -/*CT_FLUSH*/ {0,0,0}, -/*CT_EVENT*/ {2,2,2}, -/*CT_VERSION*/ {0,0,0}, -/*CT_HELP*/ {0,0,0}, -/*EXP_LIST*/ {0,0,0}, -/*EXP_CREATE*/ {0,0,0}, -/*EXP_DELETE*/ {0,0,0}, -/*EXP_GET*/ {0,0,0}, -/*EXP_FLUSH*/ {0,0,0}, -/*EXP_EVENT*/ {0,0,0}, + /* 1 2 3 */ + [CT_LIST_BIT] = {2,2,2}, + [CT_CREATE_BIT] = {1,1,2}, + [CT_UPDATE_BIT] = {2,2,2}, + [CT_DELETE_BIT] = {2,2,2}, + [CT_GET_BIT] = {1,1,2}, + [CT_FLUSH_BIT] = {0,0,0}, + [CT_EVENT_BIT] = {2,2,2}, + [CT_VERSION_BIT] = {0,0,0}, + [CT_HELP_BIT] = {0,0,0}, + [EXP_LIST_BIT] = {0,0,0}, + [EXP_CREATE_BIT] = {0,0,0}, + [EXP_DELETE_BIT] = {0,0,0}, + [EXP_GET_BIT] = {0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0}, + [EXP_EVENT_BIT] = {0,0,0}, + [CT_ADD_BIT] = {1,1,2}, }; static void help(void) @@ -81,24 +82,37 @@ static int parse(char c, tmp = atoi(optarg); nfct_set_attr_u8(ct, ATTR_ICMP_TYPE, tmp); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6); *flags |= CT_ICMP_TYPE; break; case '2': tmp = atoi(optarg); nfct_set_attr_u8(ct, ATTR_ICMP_CODE, tmp); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6); *flags |= CT_ICMP_CODE; break; case '3': id = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_ICMP_ID, id); nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6); + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6); *flags |= CT_ICMP_ID; break; } return 1; } +static const struct ct_print_opts icmpv6_print_opts[] = { + {"--icmpv6-type", ATTR_ICMP_TYPE, CT_ATTR_TYPE_U8, 0, 0}, + {"--icmpv6-code", ATTR_ICMP_CODE, CT_ATTR_TYPE_U8, 0, 0}, + {"--icmpv6-id", ATTR_ICMP_ID, CT_ATTR_TYPE_BE16, 0, 0}, + {}, +}; + static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) @@ -113,6 +127,7 @@ static struct ctproto_handler icmpv6 = { .protonum = IPPROTO_ICMPV6, .parse_opts = parse, .final_check = final_check, + .print_opts = icmpv6_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 04828bf..8099b83 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -70,22 +70,23 @@ static const char *sctp_optflags[SCTP_OPT_MAX] = { static char sctp_commands_v_options[NUMBER_OF_CMD][SCTP_OPT_MAX] = /* Well, it's better than "Re: Sevilla vs Betis" */ { - /* 1 2 3 4 5 6 7 8 9 10 11*/ -/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1,1}, -/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,2,2}, -/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,2,0,0,2,2}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 9 10 11 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0,1,1}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0,2,2}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0,2,2}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0,1,1}, }; static const char *sctp_states[SCTP_CONNTRACK_MAX] = { @@ -198,6 +199,17 @@ parse_options(char c, struct nf_conntrack *ct, return 1; } +static const struct ct_print_opts sctp_print_opts[] = { + { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--state", ATTR_SCTP_STATE, CT_ATTR_TYPE_U8, SCTP_CONNTRACK_MAX, sctp_states }, + { "--orig-vtag", ATTR_SCTP_VTAG_ORIG, CT_ATTR_TYPE_BE32, 0, 0 }, + { "--reply-vtag", ATTR_SCTP_VTAG_REPL, CT_ATTR_TYPE_BE32, 0, 0 }, + {}, +}; + #define SCTP_VALID_FLAGS_MAX 2 static unsigned int dccp_valid_flags[SCTP_VALID_FLAGS_MAX] = { CT_SCTP_ORIG_SPORT | CT_SCTP_ORIG_DPORT, @@ -235,6 +247,7 @@ static struct ctproto_handler sctp = { .protonum = IPPROTO_SCTP, .parse_opts = parse_options, .final_check = final_check, + .print_opts = sctp_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 8a37a55..27f5833 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -54,22 +54,23 @@ static const char *tcp_optflags[TCP_NUMBER_OF_OPT] = { static char tcp_commands_v_options[NUMBER_OF_CMD][TCP_NUMBER_OF_OPT] = /* Well, it's better than "Re: Sevilla vs Betis" */ { - /* 1 2 3 4 5 6 7 8 9 */ -/*CT_LIST*/ {2,2,2,2,0,0,2,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0}, -/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,2,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 9 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0}, }; static const char *tcp_states[TCP_CONNTRACK_MAX] = { @@ -177,6 +178,15 @@ static int parse_options(char c, return 1; } +static const struct ct_print_opts tcp_print_opts[] = { + { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--state", ATTR_TCP_STATE, CT_ATTR_TYPE_U8, TCP_CONNTRACK_MAX, tcp_states }, + {}, +}; + #define TCP_VALID_FLAGS_MAX 2 static unsigned int tcp_valid_flags[TCP_VALID_FLAGS_MAX] = { CT_TCP_ORIG_SPORT | CT_TCP_ORIG_DPORT, @@ -228,6 +238,7 @@ static struct ctproto_handler tcp = { .protonum = IPPROTO_TCP, .parse_opts = parse_options, .final_check = final_check, + .print_opts = tcp_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index e30637c..a78857f 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -62,22 +62,23 @@ static void help(void) static char udp_commands_v_options[NUMBER_OF_CMD][UDP_NUMBER_OF_OPT] = /* Well, it's better than "Re: Galeano vs Vargas Llosa" */ { - /* 1 2 3 4 5 6 7 8 */ -/*CT_LIST*/ {2,2,2,2,0,0,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,0,0}, -/*CT_UPDATE*/ {2,2,2,2,0,0,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,0,0,1,1,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,0,0}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,0,0,1,1,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,0,0}, }; static int parse_options(char c, @@ -144,6 +145,14 @@ static int parse_options(char c, return 1; } +static const struct ct_print_opts udp_print_opts[] = { + {"--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0}, + {"--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0}, + {"--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0}, + {"--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0}, + {}, +}; + #define UDP_VALID_FLAGS_MAX 2 static unsigned int udp_valid_flags[UDP_VALID_FLAGS_MAX] = { CT_UDP_ORIG_SPORT | CT_UDP_ORIG_DPORT, @@ -181,6 +190,7 @@ static struct ctproto_handler udp = { .protonum = IPPROTO_UDP, .parse_opts = parse_options, .final_check = final_check, + .print_opts = udp_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_udplite.c b/extensions/libct_proto_udplite.c index f46cef0..3df3142 100644 --- a/extensions/libct_proto_udplite.c +++ b/extensions/libct_proto_udplite.c @@ -70,22 +70,23 @@ static void help(void) static char udplite_commands_v_options[NUMBER_OF_CMD][UDP_OPT_MAX] = { - /* 1 2 3 4 5 6 7 8 */ -/*CT_LIST*/ {2,2,2,2,0,0,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,0,0}, -/*CT_UPDATE*/ {2,2,2,2,0,0,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,0,0,1,1,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 */ + [CT_LIST_BIT] = {2,2,2,2,0,0,0,0}, + [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0}, + [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0}, + [CT_GET_BIT] = {3,3,3,3,0,0,0,0}, + [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0}, + [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0}, + [CT_HELP_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_CREATE_BIT] = {1,1,0,0,1,1,1,1}, + [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_GET_BIT] = {1,1,1,1,0,0,0,0}, + [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0}, + [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0}, + [CT_ADD_BIT] = {3,3,3,3,0,0,0,0}, }; static int parse_options(char c, @@ -148,6 +149,14 @@ static int parse_options(char c, return 1; } +static const struct ct_print_opts udplite_print_opts[] = { + { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + {}, +}; + #define UDPLITE_VALID_FLAGS_MAX 2 static unsigned int udplite_valid_flags[UDPLITE_VALID_FLAGS_MAX] = { CT_UDPLITE_ORIG_SPORT | CT_UDPLITE_ORIG_DPORT, @@ -186,6 +195,7 @@ static struct ctproto_handler udplite = { .protonum = IPPROTO_UDPLITE, .parse_opts = parse_options, .final_check = final_check, + .print_opts = udplite_print_opts, .help = help, .opts = opts, .version = VERSION, diff --git a/extensions/libct_proto_unknown.c b/extensions/libct_proto_unknown.c index 2a47704..b877c56 100644 --- a/extensions/libct_proto_unknown.c +++ b/extensions/libct_proto_unknown.c @@ -21,10 +21,21 @@ static void help(void) fprintf(stdout, " no options (unsupported)\n"); } +static void final_check(unsigned int flags, + unsigned int cmd, + struct nf_conntrack *ct) +{ + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO) && + nfct_attr_is_set(ct, ATTR_L4PROTO) && + !nfct_attr_is_set(ct, ATTR_REPL_L4PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, nfct_get_attr_u8(ct, ATTR_L4PROTO)); +} + struct ctproto_handler ct_proto_unknown = { .name = "unknown", .help = help, .opts = opts, + .final_check = final_check, .version = VERSION, }; |