diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-10-07 17:43:58 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-10-07 17:43:58 +0200 |
| commit | 0fdd9806bdf69f1027497ec9a5ec452f2c0e99f0 (patch) | |
| tree | e6899a689d0e913284c61fb451629c4c5155fb46 /utils | |
| parent | 92e66d4e07d20e73606e2110144199b81663dc35 (diff) | |
utils: more realistic expectation creation for FTP helper
This patch changes the existing example to make it more realistic.
It also removes the timeout setup since this field is ignored by
ctnetlink if we specify a kernel-space conntrack helper to be used.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/conntrack_create.c | 1 | ||||
| -rw-r--r-- | utils/expect_create.c | 11 | ||||
| -rw-r--r-- | utils/expect_delete.c | 6 |
3 files changed, 9 insertions, 9 deletions
diff --git a/utils/conntrack_create.c b/utils/conntrack_create.c index e304fef..a168d2c 100644 --- a/utils/conntrack_create.c +++ b/utils/conntrack_create.c @@ -29,7 +29,6 @@ int main() nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); - nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp"); h = nfct_open(CONNTRACK, 0); if (!h) { diff --git a/utils/expect_create.c b/utils/expect_create.c index f05df6b..9e3c7fb 100644 --- a/utils/expect_create.c +++ b/utils/expect_create.c @@ -37,8 +37,9 @@ int main() nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY); - nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); + nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED); nfct_set_attr_u32(master, ATTR_TIMEOUT, 200); + nfct_set_attr(master, ATTR_HELPER_NAME, "ftp"); h = nfct_open(CONNTRACK, 0); if (!h) { @@ -63,11 +64,11 @@ int main() } nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET); - nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4")); - nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5")); + nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2")); nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240)); + nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0); nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241)); mask = nfct_new(); @@ -81,7 +82,7 @@ int main() nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff); nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0xffff); + nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0x0000); nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff); /* diff --git a/utils/expect_delete.c b/utils/expect_delete.c index a402757..d6b56f1 100644 --- a/utils/expect_delete.c +++ b/utils/expect_delete.c @@ -18,11 +18,11 @@ int main() } nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET); - nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4")); - nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5")); + nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2")); nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240)); + nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0); nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241)); exp = nfexp_new(); |