summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libct_proto_dccp.c50
-rw-r--r--extensions/libct_proto_gre.c42
-rw-r--r--extensions/libct_proto_icmp.c47
-rw-r--r--extensions/libct_proto_icmpv6.c47
-rw-r--r--extensions/libct_proto_sctp.c45
-rw-r--r--extensions/libct_proto_tcp.c43
-rw-r--r--extensions/libct_proto_udp.c42
-rw-r--r--extensions/libct_proto_udplite.c42
-rw-r--r--extensions/libct_proto_unknown.c11
9 files changed, 241 insertions, 128 deletions
diff --git a/extensions/libct_proto_dccp.c b/extensions/libct_proto_dccp.c
index f6258ad..0204929 100644
--- a/extensions/libct_proto_dccp.c
+++ b/extensions/libct_proto_dccp.c
@@ -67,22 +67,23 @@ static const char *dccp_optflags[DCCP_OPT_MAX] = {
static char dccp_commands_v_options[NUMBER_OF_CMD][DCCP_OPT_MAX] =
/* Well, it's better than "Re: Sevilla vs Betis" */
{
- /* 1 2 3 4 5 6 7 8 9 10*/
-/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1},
-/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,2,0,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 9 10 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0,1},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0,0},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0,0},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0,1},
};
static const char *dccp_states[DCCP_CONNTRACK_MAX] = {
@@ -198,6 +199,22 @@ static int parse_options(char c,
return 1;
}
+
+static const char *dccp_roles[__DCCP_CONNTRACK_ROLE_MAX] = {
+ [DCCP_CONNTRACK_ROLE_CLIENT] = "client",
+ [DCCP_CONNTRACK_ROLE_SERVER] = "server",
+};
+
+static const struct ct_print_opts dccp_print_opts[] = {
+ { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, NULL },
+ { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, NULL },
+ { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, NULL },
+ { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, NULL },
+ { "--state", ATTR_DCCP_STATE, CT_ATTR_TYPE_U8, DCCP_CONNTRACK_MAX, dccp_states },
+ { "--role", ATTR_DCCP_ROLE, CT_ATTR_TYPE_U8, __DCCP_CONNTRACK_ROLE_MAX, dccp_roles },
+ {},
+};
+
#define DCCP_VALID_FLAGS_MAX 2
static unsigned int dccp_valid_flags[DCCP_VALID_FLAGS_MAX] = {
CT_DCCP_ORIG_SPORT | CT_DCCP_ORIG_DPORT,
@@ -235,6 +252,7 @@ static struct ctproto_handler dccp = {
.protonum = IPPROTO_DCCP,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = dccp_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_gre.c b/extensions/libct_proto_gre.c
index 2dc63d1..2f216b9 100644
--- a/extensions/libct_proto_gre.c
+++ b/extensions/libct_proto_gre.c
@@ -66,22 +66,23 @@ static void help(void)
static char gre_commands_v_options[NUMBER_OF_CMD][GRE_OPT_MAX] =
{
- /* 1 2 3 4 5 6 7 8 */
-/*CT_LIST*/ {2,2,2,2,0,0,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,0,0},
-/*CT_UPDATE*/ {2,2,2,2,0,0,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,1,1,1,1,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,1,1,1,1,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,0,0},
};
static int parse_options(char c,
@@ -144,6 +145,14 @@ static int parse_options(char c,
return 1;
}
+static const struct ct_print_opts gre_print_opts[] = {
+ { "--srckey", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--dstkey", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-key-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-key-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ {},
+};
+
#define GRE_VALID_FLAGS_MAX 2
static unsigned int gre_valid_flags[GRE_VALID_FLAGS_MAX] = {
CT_GRE_ORIG_SKEY | CT_GRE_ORIG_DKEY,
@@ -181,6 +190,7 @@ static struct ctproto_handler gre = {
.protonum = IPPROTO_GRE,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = gre_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index 2ce1c65..9f67cf4 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -40,22 +40,23 @@ static const char *icmp_optflags[ICMP_NUMBER_OF_OPT] = {
static char icmp_commands_v_options[NUMBER_OF_CMD][ICMP_NUMBER_OF_OPT] =
/* Well, it's better than "Re: Maradona vs Pele" */
{
- /* 1 2 3 */
-/*CT_LIST*/ {2,2,2},
-/*CT_CREATE*/ {1,1,2},
-/*CT_UPDATE*/ {2,2,2},
-/*CT_DELETE*/ {2,2,2},
-/*CT_GET*/ {1,1,2},
-/*CT_FLUSH*/ {0,0,0},
-/*CT_EVENT*/ {2,2,2},
-/*CT_VERSION*/ {0,0,0},
-/*CT_HELP*/ {0,0,0},
-/*EXP_LIST*/ {0,0,0},
-/*EXP_CREATE*/ {0,0,0},
-/*EXP_DELETE*/ {0,0,0},
-/*EXP_GET*/ {0,0,0},
-/*EXP_FLUSH*/ {0,0,0},
-/*EXP_EVENT*/ {0,0,0},
+ /* 1 2 3 */
+ [CT_LIST_BIT] = {2,2,2},
+ [CT_CREATE_BIT] = {1,1,2},
+ [CT_UPDATE_BIT] = {2,2,2},
+ [CT_DELETE_BIT] = {2,2,2},
+ [CT_GET_BIT] = {1,1,2},
+ [CT_FLUSH_BIT] = {0,0,0},
+ [CT_EVENT_BIT] = {2,2,2},
+ [CT_VERSION_BIT] = {0,0,0},
+ [CT_HELP_BIT] = {0,0,0},
+ [EXP_LIST_BIT] = {0,0,0},
+ [EXP_CREATE_BIT] = {0,0,0},
+ [EXP_DELETE_BIT] = {0,0,0},
+ [EXP_GET_BIT] = {0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0},
+ [CT_ADD_BIT] = {1,1,2},
};
static void help(void)
@@ -78,24 +79,37 @@ static int parse(char c,
tmp = atoi(optarg);
nfct_set_attr_u8(ct, ATTR_ICMP_TYPE, tmp);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP);
*flags |= CT_ICMP_TYPE;
break;
case '2':
tmp = atoi(optarg);
nfct_set_attr_u8(ct, ATTR_ICMP_CODE, tmp);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP);
*flags |= CT_ICMP_CODE;
break;
case '3':
id = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_ICMP_ID, id);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMP);
*flags |= CT_ICMP_ID;
break;
}
return 1;
}
+static const struct ct_print_opts icmp_print_opts[] = {
+ { "--icmp-type", ATTR_ICMP_TYPE, CT_ATTR_TYPE_U8, 0, 0 },
+ { "--icmp-code", ATTR_ICMP_CODE, CT_ATTR_TYPE_U8, 0, 0 },
+ { "--icmp-id", ATTR_ICMP_ID, CT_ATTR_TYPE_BE16, 0, 0 },
+ {}
+};
+
static void final_check(unsigned int flags,
unsigned int cmd,
struct nf_conntrack *ct)
@@ -111,6 +125,7 @@ static struct ctproto_handler icmp = {
.protonum = IPPROTO_ICMP,
.parse_opts = parse,
.final_check = final_check,
+ .print_opts = icmp_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_icmpv6.c b/extensions/libct_proto_icmpv6.c
index 18dd3e5..216757e 100644
--- a/extensions/libct_proto_icmpv6.c
+++ b/extensions/libct_proto_icmpv6.c
@@ -43,22 +43,23 @@ static const char *icmpv6_optflags[ICMPV6_NUMBER_OF_OPT] = {
static char icmpv6_commands_v_options[NUMBER_OF_CMD][ICMPV6_NUMBER_OF_OPT] =
/* Well, it's better than "Re: Maradona vs Pele" */
{
- /* 1 2 3 */
-/*CT_LIST*/ {2,2,2},
-/*CT_CREATE*/ {1,1,2},
-/*CT_UPDATE*/ {2,2,2},
-/*CT_DELETE*/ {2,2,2},
-/*CT_GET*/ {1,1,2},
-/*CT_FLUSH*/ {0,0,0},
-/*CT_EVENT*/ {2,2,2},
-/*CT_VERSION*/ {0,0,0},
-/*CT_HELP*/ {0,0,0},
-/*EXP_LIST*/ {0,0,0},
-/*EXP_CREATE*/ {0,0,0},
-/*EXP_DELETE*/ {0,0,0},
-/*EXP_GET*/ {0,0,0},
-/*EXP_FLUSH*/ {0,0,0},
-/*EXP_EVENT*/ {0,0,0},
+ /* 1 2 3 */
+ [CT_LIST_BIT] = {2,2,2},
+ [CT_CREATE_BIT] = {1,1,2},
+ [CT_UPDATE_BIT] = {2,2,2},
+ [CT_DELETE_BIT] = {2,2,2},
+ [CT_GET_BIT] = {1,1,2},
+ [CT_FLUSH_BIT] = {0,0,0},
+ [CT_EVENT_BIT] = {2,2,2},
+ [CT_VERSION_BIT] = {0,0,0},
+ [CT_HELP_BIT] = {0,0,0},
+ [EXP_LIST_BIT] = {0,0,0},
+ [EXP_CREATE_BIT] = {0,0,0},
+ [EXP_DELETE_BIT] = {0,0,0},
+ [EXP_GET_BIT] = {0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0},
+ [CT_ADD_BIT] = {1,1,2},
};
static void help(void)
@@ -81,24 +82,37 @@ static int parse(char c,
tmp = atoi(optarg);
nfct_set_attr_u8(ct, ATTR_ICMP_TYPE, tmp);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6);
*flags |= CT_ICMP_TYPE;
break;
case '2':
tmp = atoi(optarg);
nfct_set_attr_u8(ct, ATTR_ICMP_CODE, tmp);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6);
*flags |= CT_ICMP_CODE;
break;
case '3':
id = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_ICMP_ID, id);
nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMPV6);
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_ICMPV6);
*flags |= CT_ICMP_ID;
break;
}
return 1;
}
+static const struct ct_print_opts icmpv6_print_opts[] = {
+ {"--icmpv6-type", ATTR_ICMP_TYPE, CT_ATTR_TYPE_U8, 0, 0},
+ {"--icmpv6-code", ATTR_ICMP_CODE, CT_ATTR_TYPE_U8, 0, 0},
+ {"--icmpv6-id", ATTR_ICMP_ID, CT_ATTR_TYPE_BE16, 0, 0},
+ {},
+};
+
static void final_check(unsigned int flags,
unsigned int cmd,
struct nf_conntrack *ct)
@@ -113,6 +127,7 @@ static struct ctproto_handler icmpv6 = {
.protonum = IPPROTO_ICMPV6,
.parse_opts = parse,
.final_check = final_check,
+ .print_opts = icmpv6_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 04828bf..8099b83 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -70,22 +70,23 @@ static const char *sctp_optflags[SCTP_OPT_MAX] = {
static char sctp_commands_v_options[NUMBER_OF_CMD][SCTP_OPT_MAX] =
/* Well, it's better than "Re: Sevilla vs Betis" */
{
- /* 1 2 3 4 5 6 7 8 9 10 11*/
-/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1,1},
-/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,2,2},
-/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,2,0,0,2,2},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 9 10 11 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0,1,1},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0,2,2},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0,2,2},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0,1,1},
};
static const char *sctp_states[SCTP_CONNTRACK_MAX] = {
@@ -198,6 +199,17 @@ parse_options(char c, struct nf_conntrack *ct,
return 1;
}
+static const struct ct_print_opts sctp_print_opts[] = {
+ { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--state", ATTR_SCTP_STATE, CT_ATTR_TYPE_U8, SCTP_CONNTRACK_MAX, sctp_states },
+ { "--orig-vtag", ATTR_SCTP_VTAG_ORIG, CT_ATTR_TYPE_BE32, 0, 0 },
+ { "--reply-vtag", ATTR_SCTP_VTAG_REPL, CT_ATTR_TYPE_BE32, 0, 0 },
+ {},
+};
+
#define SCTP_VALID_FLAGS_MAX 2
static unsigned int dccp_valid_flags[SCTP_VALID_FLAGS_MAX] = {
CT_SCTP_ORIG_SPORT | CT_SCTP_ORIG_DPORT,
@@ -235,6 +247,7 @@ static struct ctproto_handler sctp = {
.protonum = IPPROTO_SCTP,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = sctp_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 8a37a55..27f5833 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -54,22 +54,23 @@ static const char *tcp_optflags[TCP_NUMBER_OF_OPT] = {
static char tcp_commands_v_options[NUMBER_OF_CMD][TCP_NUMBER_OF_OPT] =
/* Well, it's better than "Re: Sevilla vs Betis" */
{
- /* 1 2 3 4 5 6 7 8 9 */
-/*CT_LIST*/ {2,2,2,2,0,0,2,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0},
-/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,2,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,0,0,1,1,0,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 9 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,2,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,1,0,0},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,2,0,0},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,2,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,2,0,0},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,2,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,0,0,1,1,0,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,1,0,0},
};
static const char *tcp_states[TCP_CONNTRACK_MAX] = {
@@ -177,6 +178,15 @@ static int parse_options(char c,
return 1;
}
+static const struct ct_print_opts tcp_print_opts[] = {
+ { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--state", ATTR_TCP_STATE, CT_ATTR_TYPE_U8, TCP_CONNTRACK_MAX, tcp_states },
+ {},
+};
+
#define TCP_VALID_FLAGS_MAX 2
static unsigned int tcp_valid_flags[TCP_VALID_FLAGS_MAX] = {
CT_TCP_ORIG_SPORT | CT_TCP_ORIG_DPORT,
@@ -228,6 +238,7 @@ static struct ctproto_handler tcp = {
.protonum = IPPROTO_TCP,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = tcp_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index e30637c..a78857f 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -62,22 +62,23 @@ static void help(void)
static char udp_commands_v_options[NUMBER_OF_CMD][UDP_NUMBER_OF_OPT] =
/* Well, it's better than "Re: Galeano vs Vargas Llosa" */
{
- /* 1 2 3 4 5 6 7 8 */
-/*CT_LIST*/ {2,2,2,2,0,0,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,0,0},
-/*CT_UPDATE*/ {2,2,2,2,0,0,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,0,0,1,1,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,0,0,1,1,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,0,0},
};
static int parse_options(char c,
@@ -144,6 +145,14 @@ static int parse_options(char c,
return 1;
}
+static const struct ct_print_opts udp_print_opts[] = {
+ {"--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0},
+ {"--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0},
+ {"--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0},
+ {"--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0},
+ {},
+};
+
#define UDP_VALID_FLAGS_MAX 2
static unsigned int udp_valid_flags[UDP_VALID_FLAGS_MAX] = {
CT_UDP_ORIG_SPORT | CT_UDP_ORIG_DPORT,
@@ -181,6 +190,7 @@ static struct ctproto_handler udp = {
.protonum = IPPROTO_UDP,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = udp_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_udplite.c b/extensions/libct_proto_udplite.c
index f46cef0..3df3142 100644
--- a/extensions/libct_proto_udplite.c
+++ b/extensions/libct_proto_udplite.c
@@ -70,22 +70,23 @@ static void help(void)
static char udplite_commands_v_options[NUMBER_OF_CMD][UDP_OPT_MAX] =
{
- /* 1 2 3 4 5 6 7 8 */
-/*CT_LIST*/ {2,2,2,2,0,0,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,0,0},
-/*CT_UPDATE*/ {2,2,2,2,0,0,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,0,0,1,1,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 */
+ [CT_LIST_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_CREATE_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_UPDATE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_DELETE_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_GET_BIT] = {3,3,3,3,0,0,0,0},
+ [CT_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_EVENT_BIT] = {2,2,2,2,0,0,0,0},
+ [CT_VERSION_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_HELP_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_LIST_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_CREATE_BIT] = {1,1,0,0,1,1,1,1},
+ [EXP_DELETE_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_GET_BIT] = {1,1,1,1,0,0,0,0},
+ [EXP_FLUSH_BIT] = {0,0,0,0,0,0,0,0},
+ [EXP_EVENT_BIT] = {0,0,0,0,0,0,0,0},
+ [CT_ADD_BIT] = {3,3,3,3,0,0,0,0},
};
static int parse_options(char c,
@@ -148,6 +149,14 @@ static int parse_options(char c,
return 1;
}
+static const struct ct_print_opts udplite_print_opts[] = {
+ { "--sport", ATTR_ORIG_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--dport", ATTR_ORIG_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-src", ATTR_REPL_PORT_SRC, CT_ATTR_TYPE_BE16, 0, 0 },
+ { "--reply-port-dst", ATTR_REPL_PORT_DST, CT_ATTR_TYPE_BE16, 0, 0 },
+ {},
+};
+
#define UDPLITE_VALID_FLAGS_MAX 2
static unsigned int udplite_valid_flags[UDPLITE_VALID_FLAGS_MAX] = {
CT_UDPLITE_ORIG_SPORT | CT_UDPLITE_ORIG_DPORT,
@@ -186,6 +195,7 @@ static struct ctproto_handler udplite = {
.protonum = IPPROTO_UDPLITE,
.parse_opts = parse_options,
.final_check = final_check,
+ .print_opts = udplite_print_opts,
.help = help,
.opts = opts,
.version = VERSION,
diff --git a/extensions/libct_proto_unknown.c b/extensions/libct_proto_unknown.c
index 2a47704..b877c56 100644
--- a/extensions/libct_proto_unknown.c
+++ b/extensions/libct_proto_unknown.c
@@ -21,10 +21,21 @@ static void help(void)
fprintf(stdout, " no options (unsupported)\n");
}
+static void final_check(unsigned int flags,
+ unsigned int cmd,
+ struct nf_conntrack *ct)
+{
+ if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO) &&
+ nfct_attr_is_set(ct, ATTR_L4PROTO) &&
+ !nfct_attr_is_set(ct, ATTR_REPL_L4PROTO))
+ nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, nfct_get_attr_u8(ct, ATTR_L4PROTO));
+}
+
struct ctproto_handler ct_proto_unknown = {
.name = "unknown",
.help = help,
.opts = opts,
+ .final_check = final_check,
.version = VERSION,
};