summaryrefslogtreecommitdiffstats
path: root/src/conntrack/snprintf_xml.c
Commit message (Collapse)AuthorAgeFilesLines
* conntrack: add zone attribute to tupleDaniel Borkmann2015-09-291-3/+10
| | | | | | | | This patch adds the front-end to the recent ctnetlink interface changes that add the zone attribute into the tuple. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: Use stdint types everywhereFelix Janda2015-05-251-2/+2
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: api: add nfct_snprintf_labelsFlorian Westphal2013-07-041-1/+32
| | | | | | | | | | | | | | | | | | | | nfct_snprintf doesn't print connlabels, as they're system specific and can easily generate lots of output. This adds a new helper function, nfct_snprintf_labels. It behaves like nfct_snprintf, except that the label names in the labelmap whose bits are contained in connlabel attribute bitset are added to the buffer. output looks like this: output looks like this: ... mark=0 use=1 labels=eth0-in,eth1-in or <labels> <label>eth0-in</label> <label>eth1-in</label> </labels> Signed-off-by: Florian Westphal <fw@strlen.de>
* snprintf: print conntrack helper name, tooFlorian Westphal2012-05-201-0/+16
| | | | Signed-off-by: Florian Westphal <fw@strlen.de>
* expect: add XML support for nfexp_snprintf()Pablo Neira Ayuso2012-01-221-38/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example of the XML output: <flow type="new"> <layer3 protonum="2" protoname="IPv4"> <expected> <src>192.168.0.2</src> <dst>192.168.1.2</dst> </expected> <mask> <src>255.255.255.255</src> <dst>255.255.255.255</dst> </mask> <master> <src>192.168.0.2</src> <dst>192.168.1.2</dst> </master> </layer3> <layer4 protonum="6" protoname="tcp"> <expected> <sport>0</sport> <dport>41739</dport> </expected> <mask> <sport>0</sport> <dport>65535</dport> </mask> <master> <sport>36390</sport> <dport>21</dport> </master> </layer4> <meta> <helper-name>ftp</helper-name> <timeout>300</timeout> <zone>0</zone> </meta> </flow> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: put nf_expect and nf_conntrack into dietPablo Neira Ayuso2012-01-041-48/+56
| | | | | | | | | | | | | | | | Now, struct nf_expect takes only 192 bytes, instead of 1KB. struct nf_conntrack takes 296 bytes instead of 328 bytes. The size of the nf_expect structure has been reduced by rearranging the layout of the nf_conntrack structure. For the nf_conntrack case, this removes the allocation of room for attributes that the master tuple does not use (more specifically, the NATseq bytes). This patch modifies the binary layout of struct nf_conntrack. This should not be a problem since the definition of this object is opaque (it can be only accessed via get/set API). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: clarify licensing terms of library (GPLv2+)Pablo Neira Ayuso2011-12-301-3/+5
| | | | | | | | | | | | | | | | This patch is *not* changing the licensing terms of this library (which was initially released under GPLv2 and later on extended to GPLv2+ after contacting all the contributors who kindly agreed to extend it to any later GPL version). Jan says: "In libnetfilter_conntrack, there are many .c files declaring GNU GPL incorporated herein by reference without telling which version(s) exactly apply. Given src/main.c for example is actually GPL-2.0+, the reference made is ambiguous." This patch should definitely clarify this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add timestamp supportPablo Neira Ayuso2011-02-171-24/+127
| | | | | | | | | | | | This patch adds the connection tracking extension that allows conntrack timestamping. This requires a Linux kernel >= 2.6.38. We have now 65 attributes, we need 96 bits to store what attributes are set in the objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for CTA_SECCTXPablo Neira Ayuso2011-01-161-0/+6
| | | | | | | This patch adds support for the new attribute CTA_SECCTX that supersedes CTA_SECMARK. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix independent metadata checkings in XML outputPablo Neira Ayuso2010-10-281-2/+8
| | | | | | | | This patch adds some missing attribute checkings in the XML output that may result in inconsistent output (thus, displaying some attributes out of <meta dir="independent">...</meta>) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ct: add zone supportPablo Neira Ayuso2010-05-031-0/+5
| | | | | | Add Patrick's zone support for libnetfilter_conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: perform strict checking for the protocol state valuePablo Neira Ayuso2009-05-301-3/+9
| | | | | | | | This patch avoids possible out-of-bound array access if protocol states higher than the accepted are used. Reported-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: fix missing port output in DCCPPablo Neira Ayuso2009-04-241-0/+1
| | | | | | | | | | This patch adds missing DCCP ports in the output: # conntrack -D -p dccp dccp 33 18 RESPOND src=1.1.1.1 dst=2.2.2.2 packets=0 bytes=0 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 packets=0 bytes=0 mark=0 secmark=0 use=2 conntrack v0.9.12 (conntrack-tools): 1 flow entries have been deleted. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: fix output of GRE dstkey in XMLPablo Neira Ayuso2009-04-181-1/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: fix missing protocol state support in XML outputPablo Neira Ayuso2009-04-141-5/+27
| | | | | | | This patch adds the missing bits to display the protocol state in the XML output. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: remove duplicated protocol string definitionsPablo Neira Ayuso2009-04-141-18/+2
| | | | | | | | This patch merges duplicated protocol string definitions in the snprintf infrastructure. I have also fixed the size of the string array. This patch is a cleanup. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add initial DCCP supportPablo Neira Ayuso2009-04-141-0/+1
| | | | | | This patch adds initial DCCP support for libnetfilter_conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for UDPlite transport protocolPablo Neira Ayuso2009-03-051-1/+2
| | | | | | This patch adds support for UDPlite transport protocol. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add support for GRE transport protocolPablo Neira Ayuso2009-03-051-1/+13
| | | | | | | This patch adds support for GRE transport protocol. Tested-by: Byan Buff <bduff@ecessa.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* snprintf: fix compilation warning in 64-bits platformsPablo Neira Ayuso2008-10-301-2/+2
| | | | | | | We have to cast the counters to unsigned long long to fix a compilation warning in 64-bits platforms. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cleanup: split internal.h into several internal header filesPablo Neira Ayuso2008-07-251-1/+1
| | | | | | | This patch cleanups the internal headers by splitting them into several logical pieces. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* - bump version to 0.0.92/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-161-0/+6
| | | | | | | | - recover the ID support - add support for timeout comparison - ignore set operation for counters and use attributes - fix broken status comparison - statify several __snprintf functions
* This rather trivial patch adds ICMPv6 support for libnetfilter_conntrack,/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-251-0/+1
| | | | | | but only for the new API - deprecated/extensions was left unchanged. Signed-off-by: Krzysztof Oledzki <ole@ans.pl>
* - fix broken 'deprecated backward compatibility'svn_t_libnetfilter_conntrack-0.0.89/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-221-1/+1
| | | | - fix glibc 2.7.20 compilation (based on patch from Paul P. Konkoff)
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-0/+40
|
* add support for udplite/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-171-0/+2
|
* - add support for secmark/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-171-0/+7
| | | | - fix typo s/test_but/test_bit/
* nfct_snprintf now returns the number of bytes that would have been written, ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-67/+67
| | | | not just the number of bytes written. Emulate snprintf behaviour as in specified in C99
* fix nfct_snprintf behaviour if the buffer passed is too small (similar to ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-071-108/+34
| | | | C99 convention)
* - delete ctnl_test.c since it contains examples of the old *deprecated* API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-201-2/+2
| | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c
* Fix minor nitpick in the XML output (Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-291-2/+2
|
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-191-0/+413
- object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.