summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--configure.in2
-rw-r--r--extensions/libct_proto_sctp.c20
-rw-r--r--extensions/libct_proto_tcp.c17
-rw-r--r--extensions/libct_proto_udp.c17
-rw-r--r--include/conntrack.h1
-rw-r--r--src/conntrack.c2
-rw-r--r--test.sh3
8 files changed, 63 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 2685bf6..7a46999 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-01-15
+<pablo@netfilter.org>
+ o Added missing parameters to set the ports of an expectation tuple
+ o Bumped version to 1.00beta2
+
2005-12-26
<pablo@netfilter.org>
o add IPv6 support: main change
diff --git a/configure.in b/configure.in
index 5336a4d..2692b67 100644
--- a/configure.in
+++ b/configure.in
@@ -2,7 +2,7 @@ AC_INIT
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(conntrack, 1.00beta1)
+AM_INIT_AUTOMAKE(conntrack, 1.00beta2)
#AM_CONFIG_HEADER(config.h)
AC_PROG_CC
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 825cbd9..1c8f0d1 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -1,5 +1,6 @@
/*
* (C) 2005 by Harald Welte <laforge@netfilter.org>
+ * 2006 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -21,7 +22,9 @@ static struct option opts[] = {
{"orig-port-dst", 1, 0, '2'},
{"reply-port-src", 1, 0, '3'},
{"reply-port-dst", 1, 0, '4'},
- {"state", 1, 0, '7'},
+ {"state", 1, 0, '5'},
+ {"tuple-port-src", 1, 0, '6'},
+ {"tuple-port-dst", 1, 0, '7'},
{0, 0, 0, 0}
};
@@ -43,11 +46,14 @@ static void help()
fprintf(stdout, "--reply-port-src reply source port\n");
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--state SCTP state, fe. ESTABLISHED\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -95,6 +101,18 @@ static int parse_options(char c, char *argv[],
*flags |= SCTP_STATE;
}
break;
+ case '6':
+ if (optarg) {
+ exptuple->l4src.sctp.port = htons(atoi(optarg));
+ *flags |= SCTP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '7':
+ if (optarg) {
+ exptuple->l4dst.sctp.port = htons(atoi(optarg));
+ *flags |= SCTP_EXPTUPLE_DPORT;
+ }
+
}
return 1;
}
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 35fa292..ee24206 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -25,6 +25,8 @@ static struct option opts[] = {
{"mask-port-src", 1, 0, '5'},
{"mask-port-dst", 1, 0, '6'},
{"state", 1, 0, '7'},
+ {"tuple-port-src", 1, 0, '8'},
+ {"tuple-port-dst", 1, 0, '9'},
{0, 0, 0, 0}
};
@@ -49,12 +51,15 @@ static void help()
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--mask-port-src mask source port\n");
fprintf(stdout, "--mask-port-dst mask destination port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -112,6 +117,18 @@ static int parse_options(char c, char *argv[],
*flags |= TCP_STATE;
}
break;
+ case '8':
+ if (optarg) {
+ exptuple->l4src.tcp.port = htons(atoi(optarg));
+ *flags |= TCP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '9':
+ if (optarg) {
+ exptuple->l4dst.tcp.port = htons(atoi(optarg));
+ *flags |= TCP_EXPTUPLE_DPORT;
+ }
+ break;
}
return 1;
}
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index 974e455..48079e0 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -22,6 +22,8 @@ static struct option opts[] = {
{"reply-port-dst", 1, 0, '4'},
{"mask-port-src", 1, 0, '5'},
{"mask-port-dst", 1, 0, '6'},
+ {"tuple-port-src", 1, 0, '7'},
+ {"tuple-port-dst", 1, 0, '8'},
{0, 0, 0, 0}
};
@@ -33,11 +35,14 @@ static void help()
fprintf(stdout, "--reply-port-dst reply destination port\n");
fprintf(stdout, "--mask-port-src mask source port\n");
fprintf(stdout, "--mask-port-dst mask destination port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple src port\n");
+ fprintf(stdout, "--tuple-port-src expectation tuple dst port\n");
}
static int parse_options(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags)
@@ -79,6 +84,18 @@ static int parse_options(char c, char *argv[],
*flags |= UDP_MASK_DPORT;
}
break;
+ case '7':
+ if (optarg) {
+ exptuple->l4src.udp.port = htons(atoi(optarg));
+ *flags |= UDP_EXPTUPLE_SPORT;
+ }
+ break;
+ case '8':
+ if (optarg) {
+ exptuple->l4dst.udp.port = htons(atoi(optarg));
+ *flags |= UDP_EXPTUPLE_DPORT;
+ }
+
}
return 1;
}
diff --git a/include/conntrack.h b/include/conntrack.h
index e9f1946..9f5768d 100644
--- a/include/conntrack.h
+++ b/include/conntrack.h
@@ -134,6 +134,7 @@ struct ctproto_handler {
int (*parse_opts)(char c, char *argv[],
struct nfct_tuple *orig,
struct nfct_tuple *reply,
+ struct nfct_tuple *exptuple,
struct nfct_tuple *mask,
union nfct_protoinfo *proto,
unsigned int *flags);
diff --git a/src/conntrack.c b/src/conntrack.c
index b27cf47..f904344 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -812,7 +812,7 @@ int main(int argc, char *argv[])
default:
if (h && h->parse_opts
&&!h->parse_opts(c - h->option_offset, argv, &orig,
- &reply, &mask, &proto,
+ &reply, &exptuple, &mask, &proto,
&l4flags))
exit_error(PARAMETER_PROBLEM, "parse error\n");
diff --git a/test.sh b/test.sh
index b84fb13..4694236 100644
--- a/test.sh
+++ b/test.sh
@@ -78,7 +78,8 @@ case $1 in
--tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \
--mask-src 255.255.255.0 --mask-dst 255.255.255.255 \
-p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \
- -t 200 --mask-port-src 10 --mask-port-dst 300
+ -t 200 --tuple-port-src 10 --tuple-port-dst 300 \
+ --mask-port-src 10 --mask-port-dst 300
;;
get-expect)
$CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \