summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-08-02 13:21:25 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-08-02 13:21:25 +0000
commitcf96e5c1a423cce66d21cbf43e6a1f5e496bab30 (patch)
tree27aaa1de635bd423a251eebe84c1ab2440778347
parent74fa2604aded64cd87c59b9bf787fa4ebdc179d2 (diff)
More re-sync to work fine with current ip_conntrack_netlink implementation
available in Harald's 2.6.14 tree.
-rw-r--r--extensions/libct_proto_sctp.c2
-rw-r--r--extensions/libct_proto_tcp.c4
-rw-r--r--extensions/libct_proto_udp.c4
-rw-r--r--src/conntrack.c11
-rw-r--r--src/libct.c47
-rw-r--r--test.sh2
6 files changed, 38 insertions, 32 deletions
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index d5ff298..b519ff1 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -12,7 +12,7 @@
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
#include "libctnetlink.h"
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 973c5ab..65f0fb6 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -12,7 +12,7 @@
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
#include "libctnetlink.h"
@@ -114,7 +114,7 @@ int parse_options(char c, char *argv[],
break;
case '6':
if (optarg) {
- mask->l4src.tcp.port = htons(atoi(optarg));
+ mask->l4dst.tcp.port = htons(atoi(optarg));
*flags |= MASK_DPORT;
}
break;
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index 7821d5b..706f113 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -11,7 +11,7 @@
#include <getopt.h>
#include <stdlib.h>
#include <netinet/in.h> /* For htons */
-#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
#include "libctnetlink.h"
@@ -95,7 +95,7 @@ int parse_options(char c, char *argv[],
break;
case '6':
if (optarg) {
- mask->l4src.udp.port = htons(atoi(optarg));
+ mask->l4dst.udp.port = htons(atoi(optarg));
*flags |= MASK_DPORT;
}
break;
diff --git a/src/conntrack.c b/src/conntrack.c
index 2a8fa87..611f0d5 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -679,6 +679,7 @@ int main(int argc, char *argv[])
memset(&orig, 0, sizeof(struct ctnl_tuple));
memset(&reply, 0, sizeof(struct ctnl_tuple));
memset(&mask, 0, sizeof(struct ctnl_tuple));
+ memset(&exptuple, 0, sizeof(struct ctnl_tuple));
memset(&range, 0, sizeof(struct ctnl_nat));
while ((c = getopt_long(argc, argv,
@@ -768,6 +769,8 @@ int main(int argc, char *argv[])
exit_error(PARAMETER_PROBLEM, "proto needed\n");
orig.protonum = h->protonum;
reply.protonum = h->protonum;
+ exptuple.protonum = h->protonum;
+ mask.protonum = h->protonum;
opts = merge_options(opts, h->opts,
&h->option_offset);
break;
@@ -791,22 +794,22 @@ int main(int argc, char *argv[])
case 'z':
options |= CT_OPT_ZERO;
break;
- case 'k':
+ case '{':
options |= CT_OPT_MASK_SRC;
if (optarg)
mask.src.v4 = inet_addr(optarg);
break;
- case 'l':
+ case '}':
options |= CT_OPT_MASK_DST;
if (optarg)
mask.dst.v4 = inet_addr(optarg);
break;
- case 'x':
+ case '[':
options |= CT_OPT_EXP_SRC;
if (optarg)
exptuple.src.v4 = inet_addr(optarg);
break;
- case 'y':
+ case ']':
options |= CT_OPT_EXP_DST;
if (optarg)
exptuple.dst.v4 = inet_addr(optarg);
diff --git a/src/libct.c b/src/libct.c
index 966758d..cf46b99 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -35,6 +35,14 @@ extern char *lib_dir;
extern struct list_head proto_list;
extern char *proto2str[];
+static void dump_tuple(struct ctnl_tuple *tp)
+{
+ fprintf(stdout, "tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",
+ tp, tp->protonum,
+ NIPQUAD(tp->src.v4), ntohs(tp->l4src.all),
+ NIPQUAD(tp->dst.v4), ntohs(tp->l4dst.all));
+}
+
static void print_status(unsigned int status)
{
if (status & IPS_ASSURED)
@@ -100,7 +108,7 @@ static void parse_protoinfo(struct nfattr *attr, struct ctnl_conntrack *ct)
if (h && h->parse_protoinfo)
h->parse_protoinfo(tb, ct);
}
-
+
static void parse_counters(struct nfattr *attr, struct ctnl_conntrack *ct,
enum ctattr_type parent)
{
@@ -111,10 +119,10 @@ static void parse_counters(struct nfattr *attr, struct ctnl_conntrack *ct,
nfnl_parse_nested(tb, CTA_COUNTERS_MAX, attr);
if (tb[CTA_COUNTERS_PACKETS-1])
ct->counters[CTNL_DIR_ORIGINAL].packets
- = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]);
+ = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]);
if (tb[CTA_COUNTERS_BYTES-1])
ct->counters[CTNL_DIR_ORIGINAL].bytes
- = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES-1]);
+ = *(u_int64_t *)NFA_DATA(tb[CTA_COUNTERS_BYTES-1]);
}
/* Some people seem to like counting in decimal... */
@@ -154,7 +162,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);
break;
case CTA_STATUS:
- ct.status = *(unsigned int *)NFA_DATA(attr);
+ ct.status = ntohl(*(unsigned int *)NFA_DATA(attr));
flags |= STATUS;
break;
case CTA_PROTOINFO:
@@ -162,11 +170,11 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
flags |= PROTOINFO;
break;
case CTA_TIMEOUT:
- ct.timeout = *(unsigned long *)NFA_DATA(attr);
+ ct.timeout = ntohl(*(unsigned long *)NFA_DATA(attr));
flags |= TIMEOUT;
break;
case CTA_MARK:
- ct.mark = *(unsigned long *)NFA_DATA(attr);
+ ct.mark = ntohl(*(unsigned long *)NFA_DATA(attr));
flags |= MARK;
break;
case CTA_COUNTERS_ORIG:
@@ -175,11 +183,11 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
flags |= COUNTERS;
break;
case CTA_USE:
- ct.use = *(unsigned int *)NFA_DATA(attr);
+ ct.use = ntohl(*(unsigned int *)NFA_DATA(attr));
flags |= USE;
break;
case CTA_ID:
- ct.id = *(u_int32_t *)NFA_DATA(attr);
+ ct.id = ntohl(*(u_int32_t *)NFA_DATA(attr));
flags |= ID;
break;
}
@@ -274,9 +282,9 @@ void parse_expect(struct nfattr *attr, struct ctnl_tuple *tuple,
if (tb[CTA_EXPECT_MASK-1])
parse_tuple(tb[CTA_EXPECT_MASK-1], mask);
if (tb[CTA_EXPECT_TIMEOUT-1])
- *timeout = *(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]);
+ *timeout = htonl(*(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]));
if (tb[CTA_EXPECT_ID-1])
- *id = *(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]);
+ *id = htonl(*(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]));
}
static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
@@ -319,7 +327,7 @@ static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *
NIPQUAD(mask.src.v4),
NIPQUAD(mask.dst.v4));
- fprintf(stdout, "id=0x%x ", id);
+ fprintf(stdout, "id=%u ", id);
fputc('\n', stdout);
@@ -339,8 +347,8 @@ int create_conntrack(struct ctnl_tuple *orig,
memset(&ct, 0, sizeof(struct ctnl_conntrack));
ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
ct.tuple[CTNL_DIR_REPLY] = *reply;
- ct.timeout = timeout;
- ct.status = status;
+ ct.timeout = htonl(timeout);
+ ct.status = htonl(status);
ct.protoinfo = *proto;
if (range)
ct.nat = *range;
@@ -367,8 +375,8 @@ int update_conntrack(struct ctnl_tuple *orig,
memset(&ct, 0, sizeof(struct ctnl_conntrack));
ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
ct.tuple[CTNL_DIR_REPLY] = *reply;
- ct.timeout = timeout;
- ct.status = status;
+ ct.timeout = htonl(timeout);
+ ct.status = htonl(status);
ct.protoinfo = *proto;
if ((ret = ctnl_open(&cth, 0)) < 0)
@@ -518,7 +526,7 @@ int dump_expect_list()
.handler = expect_handler
};
int ret;
-
+
if ((ret = ctnl_open(&cth, 0)) < 0)
return ret;
@@ -546,7 +554,6 @@ int flush_conntrack()
int get_expect(struct ctnl_tuple *tuple,
enum ctattr_type t)
{
- /*
struct ctnl_msg_handler h = {
.type = IPCTNL_MSG_EXP_NEW,
.handler = expect_handler
@@ -562,7 +569,6 @@ int get_expect(struct ctnl_tuple *tuple,
ctnl_close(&cth);
return ret;
- */
}
int create_expectation(struct ctnl_tuple *tuple,
@@ -571,22 +577,20 @@ int create_expectation(struct ctnl_tuple *tuple,
struct ctnl_tuple *mask,
unsigned long timeout)
{
- /*
int ret;
if ((ret = ctnl_open(&cth, 0)) < 0)
return ret;
+
ret = ctnl_new_expect(&cth, tuple, t, exptuple, mask, timeout);
ctnl_close(&cth);
return ret;
- */
}
int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t)
{
- /*
int ret;
if ((ret = ctnl_open(&cth, 0)) < 0)
@@ -596,7 +600,6 @@ int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t)
ctnl_close(&cth);
return ret;
- */
}
int event_expectation(unsigned int event_mask)
diff --git a/test.sh b/test.sh
index 08c840f..b84fb13 100644
--- a/test.sh
+++ b/test.sh
@@ -75,7 +75,7 @@ case $1 in
create-expect)
# requires modprobe ip_conntrack_ftp
$CONNTRACK -I expect --orig-src $SRC --orig-dst $DST \
- --exp-src 4.4.4.4 --exp-dst 5.5.5.5 \
+ --tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \
--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
-t 200 --mask-port-src 10 --mask-port-dst 300