From 1c596b9ec8f26ee5e044e033509e656e8376a395 Mon Sep 17 00:00:00 2001 From: Mikhail Sennikovsky Date: Thu, 29 Oct 2020 12:51:55 +0100 Subject: conntrack: implement save output format This commit allows dumping conntrack entries in the format used by the conntrack parameters, aka "save" output format. This is useful for saving ct entry data to allow applying it later on. To enable the "save" output the "-o save" parameter needs to be passed to the conntrack tool invocation. [ pablo@netfilter.org: several updates to the original patch ] Signed-off-by: Mikhail Sennikovsky Signed-off-by: Pablo Neira Ayuso --- extensions/libct_proto_tcp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'extensions/libct_proto_tcp.c') diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 8a37a55..3da0dc6 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -177,6 +177,15 @@ static int parse_options(char c, return 1; } +static const struct ct_print_opts tcp_print_opts[] = { + { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 }, + { "--state", ATTR_TCP_STATE, CT_ATTR_TYPE_U8, TCP_CONNTRACK_MAX, tcp_states }, + {}, +}; + #define TCP_VALID_FLAGS_MAX 2 static unsigned int tcp_valid_flags[TCP_VALID_FLAGS_MAX] = { CT_TCP_ORIG_SPORT | CT_TCP_ORIG_DPORT, @@ -228,6 +237,7 @@ static struct ctproto_handler tcp = { .protonum = IPPROTO_TCP, .parse_opts = parse_options, .final_check = final_check, + .print_opts = tcp_print_opts, .help = help, .opts = opts, .version = VERSION, -- cgit v1.2.3