diff options
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libct_proto_icmp.c | 41 | ||||
| -rw-r--r-- | extensions/libct_proto_sctp.c | 31 | ||||
| -rw-r--r-- | extensions/libct_proto_tcp.c | 49 | ||||
| -rw-r--r-- | extensions/libct_proto_udp.c | 35 |
4 files changed, 37 insertions, 119 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index be81507..7142fa7 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -13,6 +13,7 @@ #include <stdlib.h> #include <netinet/in.h> /* For htons */ #include <netinet/ip_icmp.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> #include "libct_proto.h" static struct option opts[] = { @@ -52,10 +53,10 @@ static u_int8_t invmap[] [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1}; int parse(char c, char *argv[], - struct ctnl_tuple *orig, - struct ctnl_tuple *reply, - struct ctnl_tuple *mask, - union ctnl_protoinfo *proto, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + struct nfct_tuple *mask, + union nfct_protoinfo *proto, unsigned int *flags) { switch(c) { @@ -85,24 +86,9 @@ int parse(char c, char *argv[], return 1; } -void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) -{ - if (cda[CTA_PROTO_ICMP_TYPE-1]) - tuple->l4dst.icmp.type = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_TYPE-1]); - - if (cda[CTA_PROTO_ICMP_CODE-1]) - tuple->l4dst.icmp.code = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_CODE-1]); - - if (cda[CTA_PROTO_ICMP_ID-1]) - tuple->l4src.icmp.id = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); -} - int final_check(unsigned int flags, - struct ctnl_tuple *orig, - struct ctnl_tuple *reply) + struct nfct_tuple *orig, + struct nfct_tuple *reply) { if (!(flags & ICMP_TYPE)) return 0; @@ -112,21 +98,10 @@ int final_check(unsigned int flags, return 1; } -void print_proto(struct ctnl_tuple *t) -{ - fprintf(stdout, "type=%d code=%d ", t->l4dst.icmp.type, - t->l4dst.icmp.code); - /* ID only makes sense with ECHO */ - if (t->l4dst.icmp.type == 8) - fprintf(stdout, "id=%d ", t->l4src.icmp.id); -} - static struct ctproto_handler icmp = { .name = "icmp", - .protonum = 1, + .protonum = IPPROTO_ICMP, .parse_opts = parse, - .parse_proto = parse_proto, - .print_proto = print_proto, .final_check = final_check, .help = help, .opts = opts, diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 9afb661..bc91966 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -12,9 +12,8 @@ #include <stdlib.h> #include <string.h> #include <netinet/in.h> /* For htons */ -#include <linux/netfilter/nfnetlink_conntrack.h> #include "libct_proto.h" -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, @@ -63,10 +62,10 @@ void help() } int parse_options(char c, char *argv[], - struct ctnl_tuple *orig, - struct ctnl_tuple *reply, - struct ctnl_tuple *mask, - union ctnl_protoinfo *proto, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + struct nfct_tuple *mask, + union nfct_protoinfo *proto, unsigned int *flags) { switch(c) { @@ -100,7 +99,7 @@ int parse_options(char c, char *argv[], for (i=0; i<10; i++) { if (strcmp(optarg, states[i]) == 0) { /* FIXME: Add state to - * ctnl_protoinfo + * nfct_protoinfo proto->sctp.state = i; */ break; } @@ -116,8 +115,8 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, - struct ctnl_tuple *orig, - struct ctnl_tuple *reply) + struct nfct_tuple *orig, + struct nfct_tuple *reply) { if ((flags & (ORIG_SPORT|ORIG_DPORT)) && !(flags & (REPL_SPORT|REPL_DPORT))) { @@ -137,7 +136,7 @@ int final_check(unsigned int flags, return 0; } -void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) +void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple) { if (cda[CTA_PROTO_SRC_PORT-1]) tuple->l4src.sctp.port = @@ -147,7 +146,7 @@ void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); } -void parse_protoinfo(struct nfattr *cda[], struct ctnl_conntrack *ct) +void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct) { /* if (cda[CTA_PROTOINFO_SCTP_STATE-1]) ct->protoinfo.sctp.state = @@ -155,12 +154,12 @@ void parse_protoinfo(struct nfattr *cda[], struct ctnl_conntrack *ct) */ } -void print_protoinfo(union ctnl_protoinfo *protoinfo) +void print_protoinfo(union nfct_protoinfo *protoinfo) { /* fprintf(stdout, "%s ", states[protoinfo->sctp.state]); */ } -void print_proto(struct ctnl_tuple *tuple) +void print_proto(struct nfct_tuple *tuple) { fprintf(stdout, "sport=%u dport=%u ", htons(tuple->l4src.sctp.port), htons(tuple->l4dst.sctp.port)); @@ -168,12 +167,8 @@ void print_proto(struct ctnl_tuple *tuple) static struct ctproto_handler sctp = { .name = "sctp", - .protonum = 132, + .protonum = IPPROTO_SCTP, .parse_opts = parse_options, - .parse_protoinfo = parse_protoinfo, - .parse_proto = parse_proto, - .print_proto = print_proto, - .print_protoinfo = print_protoinfo, .final_check = final_check, .help = help, .opts = opts, diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 4f3094f..3b06aa2 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -12,8 +12,7 @@ #include <stdlib.h> #include <string.h> #include <netinet/in.h> /* For htons */ -#include <linux/netfilter/nfnetlink_conntrack.h> -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> #include "libct_proto.h" @@ -76,10 +75,10 @@ void help() } int parse_options(char c, char *argv[], - struct ctnl_tuple *orig, - struct ctnl_tuple *reply, - struct ctnl_tuple *mask, - union ctnl_protoinfo *proto, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + struct nfct_tuple *mask, + union nfct_protoinfo *proto, unsigned int *flags) { switch(c) { @@ -139,8 +138,8 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, - struct ctnl_tuple *orig, - struct ctnl_tuple *reply) + struct nfct_tuple *orig, + struct nfct_tuple *reply) { if ((flags & (ORIG_SPORT|ORIG_DPORT)) && !(flags & (REPL_SPORT|REPL_DPORT))) { @@ -160,42 +159,10 @@ int final_check(unsigned int flags, return 0; } -void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) -{ - if (cda[CTA_PROTO_SRC_PORT-1]) - tuple->l4src.tcp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]); - if (cda[CTA_PROTO_DST_PORT-1]) - tuple->l4dst.tcp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); -} - -void parse_protoinfo(struct nfattr *cda[], struct ctnl_conntrack *ct) -{ - if (cda[CTA_PROTOINFO_TCP_STATE-1]) - ct->protoinfo.tcp.state = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTOINFO_TCP_STATE-1]); -} - -void print_protoinfo(union ctnl_protoinfo *protoinfo) -{ - fprintf(stdout, "%s ", states[protoinfo->tcp.state]); -} - -void print_proto(struct ctnl_tuple *tuple) -{ - fprintf(stdout, "sport=%u dport=%u ", htons(tuple->l4src.tcp.port), - htons(tuple->l4dst.tcp.port)); -} - static struct ctproto_handler tcp = { .name = "tcp", - .protonum = 6, + .protonum = IPPROTO_TCP, .parse_opts = parse_options, - .parse_protoinfo = parse_protoinfo, - .parse_proto = parse_proto, - .print_proto = print_proto, - .print_protoinfo = print_protoinfo, .final_check = final_check, .help = help, .opts = opts, diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index ecde5f2..8e77f0c 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -11,9 +11,8 @@ #include <getopt.h> #include <stdlib.h> #include <netinet/in.h> /* For htons */ -#include <linux/netfilter/nfnetlink_conntrack.h> #include "libct_proto.h" -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, @@ -56,10 +55,10 @@ void help() } int parse_options(char c, char *argv[], - struct ctnl_tuple *orig, - struct ctnl_tuple *reply, - struct ctnl_tuple *mask, - union ctnl_protoinfo *proto, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + struct nfct_tuple *mask, + union nfct_protoinfo *proto, unsigned int *flags) { switch(c) { @@ -104,8 +103,8 @@ int parse_options(char c, char *argv[], } int final_check(unsigned int flags, - struct ctnl_tuple *orig, - struct ctnl_tuple *reply) + struct nfct_tuple *orig, + struct nfct_tuple *reply) { if ((flags & (ORIG_SPORT|ORIG_DPORT)) && !(flags & (REPL_SPORT|REPL_DPORT))) { @@ -125,28 +124,10 @@ int final_check(unsigned int flags, return 0; } -void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) -{ - if (cda[CTA_PROTO_SRC_PORT-1]) - tuple->l4src.udp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]); - if (cda[CTA_PROTO_DST_PORT-1]) - tuple->l4dst.udp.port = - *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]); -} - -void print_proto(struct ctnl_tuple *tuple) -{ - fprintf(stdout, "sport=%u dport=%u ", htons(tuple->l4src.udp.port), - htons(tuple->l4dst.udp.port)); -} - static struct ctproto_handler udp = { .name = "udp", - .protonum = 17, + .protonum = IPPROTO_UDP, .parse_opts = parse_options, - .parse_proto = parse_proto, - .print_proto = print_proto, .final_check = final_check, .help = help, .opts = opts, |