summaryrefslogtreecommitdiffstats
path: root/src/helpers
Commit message (Collapse)AuthorAgeFilesLines
* src: fix build with musl libcRodrigo Rebello2015-11-231-0/+1
| | | | | | | | | | | | | | The GNU version of 'struct tcphdr' is not exposed by musl libc headers unless _GNU_SOURCE is defined. Without this definition, the build fails with: rpc.c: In function 'rpc_helper_cb': rpc.c:351:15: error: 'struct tcphdr' has no member named 'doff' offset += th->doff * 4; ^ Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Define _GNU_SOURCE to get members of tcphdr&ucphdrFelix Janda2015-05-213-0/+3
| | | | | | | | | The source uses linux names for members of tcphdr. For example "source" instead of "th_sport", ... musl libc's headers need _GNU_SOURCE defined in order to expose these. Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Use stdint typesFelix Janda2015-05-213-4/+4
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: userspace SSDP helperAsh Hughes2014-03-122-1/+140
| | | | | | | | | | | | | Here is a patch which adds a userspace conntrack helper for the SSDP protocol. This is based on the code found at: http://marc.info/?t=132945775100001&r=1&w=2 I'm not sure how to get my laptop to play at IPv6, so I've not tested this part, but I've tested the IPv4 section and it works. Signed-off-by: Ash Hughes <ashley.hughes@blueyonder.co.uk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: add amanda helperPablo Neira Ayuso2013-10-072-1/+209
| | | | | | | This patch adds a userspace port of the amanda helper that is currently implemented in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
* conntrackd: cthelper: add TFTP helperPablo Neira Ayuso2013-10-032-0/+143
| | | | | | | | This patch adds an userspace port of the TFTP helper that is currently implemented in the kernel. This includes NAT support. It requires a Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: cthelper: add SANE helperPablo Neira Ayuso2013-10-032-1/+178
| | | | | This patch adds an userspace port of the SANE helper that is currently implemented in the kernel. This requires Linux kernel 3.12 to work.
* conntrackd: helpers: add DHCPv6 helperPablo Neira Ayuso2013-09-262-1/+129
| | | | | | | | | | | | | | | This patch adds support for the DHCPv6 helper. 1) nfct helper add dhcpv6 inet6 udp 2) ip6tables -I OUTPUT -t raw -p udp --sport 546 -j CT --helper dhcpv6 3) run conntrackd You should see: % conntrack -L exp -f ipv6 279 proto=17 src=:: dst=ff02::1:2 sport=0 dport=546 mask-src=:: mask-dst=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff sport=0 dport=65535 master-src=fe80::221:ccff:fe4a:7f9c master-dst=ff02::1:2 sport=546 dport=547 PERMANENT class=0 helper=dhcpv6 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cthelper: ftp: fix EPRT case for IPv4Pablo Neira Ayuso2012-08-211-1/+6
| | | | | | | | | %pI4 also exists in the Linux kernel. It would be good to have some generic functions to convert binary data to address string. Later. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: TNS helper added to cthelperJozsef Kadlecsik2012-08-012-1/+413
| | | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: RPC helper added to cthelperJozsef Kadlecsik2012-08-012-2/+493
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | How to use this helper in a few steps: 1) You can enable this helper via: nfct helper add rpc inet tcp nfct helper add rpc inet udp 2) Configure /etc/conntrackd/conntrackd.conf and launch it. 3) You can test this helper locally with the following rule-set: iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P OUTPUT DROP 4) Configure NFS and export some local directory. Then, mount it with version 3. mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/ You should see permanent expectations created for this. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: add cthelper infrastructure (+ example FTP helper)Pablo Neira Ayuso2012-08-012-0/+608
This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>