diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-12-26 02:29:02 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-12-26 02:29:02 +0000 |
commit | 8aa719eb1afb6c6e0a5bf74cbdab79dc82da6c80 (patch) | |
tree | d297a64f5ff25395981334035d5deae8d13e69cc /extensions | |
parent | 5875e04f38e0e5c09e497dc735e287fc6cc626b3 (diff) |
o add IPv6 support
o clean up layer-4 compare functions
o finish the comparison infrastructure: support for tuple/mark matching
o fix bug in the default event display when used in conjunction with the
comparison infrastructure.
o Bumped version to 0.0.30
Thanks to Yasuyuki Kozakai for:
[LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections
that in included in this commit.
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libnetfilter_conntrack_icmp.c | 10 | ||||
-rw-r--r-- | extensions/libnetfilter_conntrack_sctp.c | 12 | ||||
-rw-r--r-- | extensions/libnetfilter_conntrack_tcp.c | 14 | ||||
-rw-r--r-- | extensions/libnetfilter_conntrack_udp.c | 12 |
4 files changed, 20 insertions, 28 deletions
diff --git a/extensions/libnetfilter_conntrack_icmp.c b/extensions/libnetfilter_conntrack_icmp.c index a69f43d..72a7eb0 100644 --- a/extensions/libnetfilter_conntrack_icmp.c +++ b/extensions/libnetfilter_conntrack_icmp.c @@ -56,22 +56,20 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & ICMP_TYPE) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type) - ret = 0; + return 0; if (flags & ICMP_CODE) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code) - ret = 0; + return 0; if (flags & ICMP_ID) if (ct1->tuple[NFCT_DIR_REPLY].l4src.icmp.id != ct2->tuple[NFCT_DIR_REPLY].l4src.icmp.id) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto icmp = { diff --git a/extensions/libnetfilter_conntrack_sctp.c b/extensions/libnetfilter_conntrack_sctp.c index aa06f6d..3785c2e 100644 --- a/extensions/libnetfilter_conntrack_sctp.c +++ b/extensions/libnetfilter_conntrack_sctp.c @@ -60,26 +60,24 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & SCTP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port) - ret = 0; + return 0; if (flags & SCTP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port) - ret = 0; + return 0; if (flags & SCTP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.sctp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.sctp.port) - ret = 0; + return 0; if (flags & SCTP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.sctp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.sctp.port) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto sctp = { diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c index dc50315..9efdbb7 100644 --- a/extensions/libnetfilter_conntrack_tcp.c +++ b/extensions/libnetfilter_conntrack_tcp.c @@ -98,29 +98,27 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & TCP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_STATE) if (ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto tcp = { diff --git a/extensions/libnetfilter_conntrack_udp.c b/extensions/libnetfilter_conntrack_udp.c index bd33280..c1d20c3 100644 --- a/extensions/libnetfilter_conntrack_udp.c +++ b/extensions/libnetfilter_conntrack_udp.c @@ -46,26 +46,24 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & UDP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port) - ret = 0; + return 0; if (flags & UDP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port) - ret = 0; + return 0; if (flags & UDP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.udp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.udp.port) - ret = 0; + return 0; if (flags & UDP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.udp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.udp.port) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto udp = { |