From 5ca4eb30d62e0ab2768d64de5c70931292213338 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 21 Feb 2017 18:11:31 +0100 Subject: src: add initial ct helper support This adds initial support for defining conntrack helper objects which can then be assigned to connections using the objref infrastructure: table ip filter { ct helper ftp-standard { type "ftp" protocol tcp } chain y { tcp dport 21 ct helper set "ftp-standard" } } Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- src/rule.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'src/rule.c') diff --git a/src/rule.c b/src/rule.c index 056d5ce8..17c20f35 100644 --- a/src/rule.c +++ b/src/rule.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -1172,6 +1173,16 @@ struct obj *obj_lookup(const struct table *table, const char *name, return NULL; } +static void print_proto_name_proto(uint8_t l4) +{ + const struct protoent *p = getprotobynumber(l4); + + if (p) + printf("%s\n", p->p_name); + else + printf("%d\n", l4); +} + static void obj_print_data(const struct obj *obj, struct print_fmt_options *opts) { @@ -1202,6 +1213,13 @@ static void obj_print_data(const struct obj *obj, } } break; + case NFT_OBJECT_CT_HELPER: { + printf("ct helper %s {\n", obj->handle.obj); + printf("\t\ttype \"%s\" protocol ", obj->ct.helper_name); + print_proto_name_proto(obj->ct.l4proto); + printf("\t\tl3proto %s", family2str(obj->ct.l3proto)); + break; + } default: printf("unknown {%s", opts->nl); break; @@ -1211,11 +1229,12 @@ static void obj_print_data(const struct obj *obj, static const char *obj_type_name_array[] = { [NFT_OBJECT_COUNTER] = "counter", [NFT_OBJECT_QUOTA] = "quota", + [NFT_OBJECT_CT_HELPER] = "", }; const char *obj_type_name(enum stmt_types type) { - assert(type <= NFT_OBJECT_QUOTA && obj_type_name_array[type]); + assert(type <= NFT_OBJECT_CT_HELPER && obj_type_name_array[type]); return obj_type_name_array[type]; } -- cgit v1.2.3