From f9dc4d2ed9f724057ed107839aa8ca6122f7b46c Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>
Date: Sun, 16 Oct 2005 19:44:46 +0000
Subject: Major changes, this library isn't libnfnetlink_conntrack anymore. We
 provide an high level interface that abstracts from the netlink sockets. Now
 users don't need to know anything about them.

---
 extensions/Makefile.am                   | 16 ++++++
 extensions/libnetfilter_conntrack_icmp.c | 65 ++++++++++++++++++++++++
 extensions/libnetfilter_conntrack_sctp.c | 69 ++++++++++++++++++++++++++
 extensions/libnetfilter_conntrack_tcp.c  | 84 ++++++++++++++++++++++++++++++++
 extensions/libnetfilter_conntrack_udp.c  | 53 ++++++++++++++++++++
 5 files changed, 287 insertions(+)
 create mode 100644 extensions/Makefile.am
 create mode 100644 extensions/libnetfilter_conntrack_icmp.c
 create mode 100644 extensions/libnetfilter_conntrack_sctp.c
 create mode 100644 extensions/libnetfilter_conntrack_tcp.c
 create mode 100644 extensions/libnetfilter_conntrack_udp.c

(limited to 'extensions')

diff --git a/extensions/Makefile.am b/extensions/Makefile.am
new file mode 100644
index 0000000..c06e9f6
--- /dev/null
+++ b/extensions/Makefile.am
@@ -0,0 +1,16 @@
+AUTOMAKE_OPTIONS = no-dependencies foreign
+
+EXTRA_DIST = $(man_MANS) acinclude.m4
+
+man_MANS =
+
+INCLUDES=-I../include -I${KERNELDIR}
+CFLAGS=-fPIC -Wall
+LIBS=
+
+lib_LTLIBRARIES = libnetfilter_conntrack_tcp.la libnetfilter_conntrack_udp.la libnetfilter_conntrack_icmp.la libnetfilter_conntrack_sctp.la
+
+libnetfilter_conntrack_tcp_la_SOURCES = libnetfilter_conntrack_tcp.c 
+libnetfilter_conntrack_udp_la_SOURCES = libnetfilter_conntrack_udp.c
+libnetfilter_conntrack_icmp_la_SOURCES = libnetfilter_conntrack_icmp.c
+libnetfilter_conntrack_sctp_la_SOURCES = libnetfilter_conntrack_sctp.c
diff --git a/extensions/libnetfilter_conntrack_icmp.c b/extensions/libnetfilter_conntrack_icmp.c
new file mode 100644
index 0000000..38ad41a
--- /dev/null
+++ b/extensions/libnetfilter_conntrack_icmp.c
@@ -0,0 +1,65 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ */
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h> /* For htons */
+#include <linux/netfilter/nfnetlink_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
+{
+	if (cda[CTA_PROTO_ICMP_TYPE-1])
+		tuple->l4dst.icmp.type =
+			*(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_TYPE-1]);
+
+	if (cda[CTA_PROTO_ICMP_CODE-1])
+		tuple->l4dst.icmp.code =
+			*(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_CODE-1]);
+
+	if (cda[CTA_PROTO_ICMP_ID-1])
+		tuple->l4src.icmp.id =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
+}
+
+int print_proto(char *buf, struct nfct_tuple *t)
+{
+	int size = 0;
+	
+	size += sprintf(buf, "type=%d code=%d ", t->l4dst.icmp.type,
+					         t->l4dst.icmp.code);
+	/* ID only makes sense with ECHO */
+	if (t->l4dst.icmp.type == 8)
+		size += sprintf(buf, "id=%d ", t->l4src.icmp.id);
+
+	return size;
+}
+
+static struct nfct_proto icmp = {
+	.name 			= "icmp",
+	.protonum		= IPPROTO_ICMP,
+	.parse_proto		= parse_proto,
+	.print_proto		= print_proto,
+	.version		= LIBNETFILTER_CONNTRACK_VERSION
+};
+
+void __attribute__ ((constructor)) init(void);
+void __attribute__ ((destructor)) fini(void);
+
+void init(void)
+{
+	nfct_register_proto(&icmp);
+}
+
+void fini(void)
+{
+	nfct_unregister_proto(&icmp);
+}
diff --git a/extensions/libnetfilter_conntrack_sctp.c b/extensions/libnetfilter_conntrack_sctp.c
new file mode 100644
index 0000000..a42a6c8
--- /dev/null
+++ b/extensions/libnetfilter_conntrack_sctp.c
@@ -0,0 +1,69 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ */
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h> /* For htons */
+#include <linux/netfilter/nfnetlink_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
+{
+	if (cda[CTA_PROTO_SRC_PORT-1])
+		tuple->l4src.sctp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
+		tuple->l4dst.sctp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
+}
+
+void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
+{
+/*	if (cda[CTA_PROTOINFO_SCTP_STATE-1])
+                ct->protoinfo.sctp.state =
+                        *(u_int8_t *)NFA_DATA(cda[CTA_PROTOINFO_SCTP_STATE-1]);
+*/
+}
+
+int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo)
+{
+/*	fprintf(stdout, "%s ", states[protoinfo->sctp.state]); */
+	return 0;
+}
+
+int print_proto(char *buf, struct nfct_tuple *tuple)
+{
+	return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.sctp.port),
+						  htons(tuple->l4dst.sctp.port)));
+}
+
+static struct nfct_proto sctp = {
+	.name 			= "sctp",
+	.protonum		= IPPROTO_SCTP,
+	.parse_proto		= parse_proto,
+	.parse_protoinfo	= parse_protoinfo,
+	.print_proto		= print_proto,
+	.print_protoinfo	= print_protoinfo,
+	.version		= LIBNETFILTER_CONNTRACK_VERSION
+};
+
+void __attribute__ ((constructor)) init(void);
+void __attribute__ ((destructor)) fini(void);
+
+void init(void)
+{
+	nfct_register_proto(&sctp);
+}
+
+void fini(void)
+{
+	nfct_unregister_proto(&sctp);
+}
diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c
new file mode 100644
index 0000000..5b53fd1
--- /dev/null
+++ b/extensions/libnetfilter_conntrack_tcp.c
@@ -0,0 +1,84 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ */
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h> /* For htons */
+#include <linux/netfilter/nfnetlink_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static const char *states[] = {
+	"NONE",
+	"SYN_SENT",
+	"SYN_RECV",
+	"ESTABLISHED",
+	"FIN_WAIT",
+	"CLOSE_WAIT",
+	"LAST_ACK",
+	"TIME_WAIT",
+	"CLOSE",
+	"LISTEN"
+};
+
+void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
+{
+	if (cda[CTA_PROTO_SRC_PORT-1])
+		tuple->l4src.tcp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
+		tuple->l4dst.tcp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
+}
+
+void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
+{
+	struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+	
+	nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);
+	
+	if (tb[CTA_PROTOINFO_TCP_STATE-1])
+                ct->protoinfo.tcp.state =
+                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
+}
+
+int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo)
+{
+	return(sprintf(buf, "%s ", states[protoinfo->tcp.state]));
+}
+
+int print_proto(char *buf, struct nfct_tuple *tuple)
+{
+	return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.tcp.port),
+					          htons(tuple->l4dst.tcp.port)));
+}
+
+static struct nfct_proto tcp = {
+	.name 			= "tcp",
+	.protonum		= IPPROTO_TCP,
+	.parse_protoinfo	= parse_protoinfo,
+	.parse_proto		= parse_proto,
+	.print_protoinfo	= print_protoinfo,
+	.print_proto		= print_proto,
+	.version		= LIBNETFILTER_CONNTRACK_VERSION
+};
+
+void __attribute__ ((constructor)) init(void);
+void __attribute__ ((destructor)) fini(void);
+
+void init(void)
+{
+	nfct_register_proto(&tcp);
+}
+
+void fini(void)
+{
+	nfct_unregister_proto(&tcp);
+}
diff --git a/extensions/libnetfilter_conntrack_udp.c b/extensions/libnetfilter_conntrack_udp.c
new file mode 100644
index 0000000..de7c9f7
--- /dev/null
+++ b/extensions/libnetfilter_conntrack_udp.c
@@ -0,0 +1,53 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ */
+#include <stdio.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <string.h>
+#include <netinet/in.h> /* For htons */
+#include <linux/netfilter/nfnetlink_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
+{
+	if (cda[CTA_PROTO_SRC_PORT-1])
+		tuple->l4src.udp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
+	if (cda[CTA_PROTO_DST_PORT-1])
+		tuple->l4dst.udp.port =
+			*(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
+}
+
+int print_proto(char *buf, struct nfct_tuple *tuple)
+{
+	return (sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.udp.port),
+					           htons(tuple->l4dst.udp.port)));
+}
+
+static struct nfct_proto udp = {
+	.name 			= "udp",
+	.protonum		= IPPROTO_UDP,
+	.parse_proto		= parse_proto,
+	.print_proto		= print_proto,
+	.version		= LIBNETFILTER_CONNTRACK_VERSION,
+};
+
+void __attribute__ ((constructor)) init(void);
+void __attribute__ ((destructor)) fini(void);
+
+void init(void)
+{
+	nfct_register_proto(&udp);
+}
+
+void fini(void)
+{
+	nfct_unregister_proto(&udp);
+}
-- 
cgit v1.2.3