From 41796b0c80876094f3db8af0efae16d162788793 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org" Date: Sat, 24 Sep 2005 18:42:39 +0000 Subject: major update (See ChangeLog) --- ChangeLog | 9 +++++++++ configure.in | 8 ++++---- conntrack.8 | 15 +-------------- extensions/libct_proto_icmp.c | 3 ++- extensions/libct_proto_sctp.c | 3 ++- extensions/libct_proto_tcp.c | 6 ++++-- extensions/libct_proto_udp.c | 3 ++- include/libct_proto.h | 3 +++ src/conntrack.c | 7 ++----- src/libct.c | 30 +++++++++++++++++------------- 10 files changed, 46 insertions(+), 41 deletions(-) diff --git a/ChangeLog b/ChangeLog index e4573e9..87daa18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2005-09-24 + + o Get rid of C++ style comments + o Remove remaining bits of "-A --action", group-mask and dump-mask + o Clean up #include's + o Fix double-free when exiting via signal handler (Ctrl+C) + o Add "version" member to plugins + o Fix some Endianness issues when printing CTA_STATUS + 2005-08-31 o Fix packet and bytes counters (use __be64_to_cpu) diff --git a/configure.in b/configure.in index cd8f37f..8956e34 100644 --- a/configure.in +++ b/configure.in @@ -74,10 +74,10 @@ AC_ARG_WITH(kernel, [ Show location of kernel source. Default is to use uname -r and look in /lib/modules/KERNEL/build/include. ]), NF_KERNEL_SOURCE($with_kernel),NF_KERNEL_SOURCE()) -#if test ! -z "$libdir"; then -# MODULE_DIR="\\\"$libdir/\\\"" -# CFLAGS="$CFLAGS -DCONNTRACK_LIB_DIR=$MODULE_DIR" -#fi +if test ! -z "$libdir"; then + MODULE_DIR="\\\"$libdir/\\\"" + CFLAGS="$CFLAGS -DCONNTRACK_LIB_DIR=$MODULE_DIR" +fi dnl-------------------------------- diff --git a/conntrack.8 b/conntrack.8 index 5ba8494..c8d07d1 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -16,8 +16,6 @@ conntrack \- administration tool for netfilter connection tracking .BR "conntrack -E [table] parameters" .br .BR "conntrack -F [table]" -.br -.BR "conntrack -A [table] [options]" .SH DESCRIPTION .B conntrack is used to search, list, inspect and maintain the netfilter connection tracking @@ -70,9 +68,6 @@ Display a real-time event log. .TP .BI "-F, --flush " Flush the whole given table -.TP -.BI "-A, --action " -Set an action. .SS PARAMETERS .TP .BI "-z, --zero " @@ -85,15 +80,7 @@ event code. Using this parameter, you can reduce the event messages generated by the kernel to those types to those that you are actually interested in. . Please note that this is a system-wide setting, so make sure to not disable some events that other ctnetlink-using processes might need! -This option can only be used in conjunction with "-A, --action". -.TP -.BI "-m, --dump-mask " "[ALL|TUPLE|STATUS|TIMEOUT|PROTOINFO|HELPINFO|COUNTERS|MARK][,...]" -Set the bitmask of data fields that are to be sent with each message generated -by the in-kernel ctnetlink code. Using this parameter, you can reduce the -amount of information sent by the kernel to those bits and pieces that you are -actually interested in. -Please note that this is a system-wide setting, so make sure to not disable some data fields that other ctnetlink-using processes might need! -This option can only be used in conjunction with "-A, --action". +This option can only be used in conjunction with "-E, --event". .TP .BI "-g, --group-mask " "[ALL|TCP|UDP|ICMP][,...]" Set the group bitmask to those netlink groups (resembling layer 4 protocols) diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index e0de27e..817fc77 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -111,7 +111,8 @@ static struct ctproto_handler icmp = { .print_proto = print_proto, .final_check = final_check, .help = help, - .opts = opts + .opts = opts, + .version = LIBCT_VERSION, }; void __attribute__ ((constructor)) init(void); diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 4dbdf27..9afb661 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -176,7 +176,8 @@ static struct ctproto_handler sctp = { .print_protoinfo = print_protoinfo, .final_check = final_check, .help = help, - .opts = opts + .opts = opts, + .version = LIBCT_VERSION, }; void __attribute__ ((constructor)) init(void); diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 323e4ec..4f3094f 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -13,9 +13,10 @@ #include #include /* For htons */ #include -#include "libct_proto.h" #include +#include "libct_proto.h" + static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, {"orig-port-dst", 1, 0, '2'}, @@ -197,7 +198,8 @@ static struct ctproto_handler tcp = { .print_protoinfo = print_protoinfo, .final_check = final_check, .help = help, - .opts = opts + .opts = opts, + .version = LIBCT_VERSION, }; void __attribute__ ((constructor)) init(void); diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 8a9f0cf..ecde5f2 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -149,7 +149,8 @@ static struct ctproto_handler udp = { .print_proto = print_proto, .final_check = final_check, .help = help, - .opts = opts + .opts = opts, + .version = LIBCT_VERSION, }; void __attribute__ ((constructor)) init(void); diff --git a/include/libct_proto.h b/include/libct_proto.h index dcf7009..8849a3e 100644 --- a/include/libct_proto.h +++ b/include/libct_proto.h @@ -7,6 +7,8 @@ #include #include +#define LIBCT_VERSION "0.1.0" + struct cta_proto; struct ctproto_handler { @@ -14,6 +16,7 @@ struct ctproto_handler { char *name; u_int16_t protonum; + char *version; enum ctattr_protoinfo protoinfo_attr; diff --git a/src/conntrack.c b/src/conntrack.c index 07d15f6..3731d0e 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -43,13 +43,12 @@ #include #include #include -#include #include #include "linux_list.h" #include "libct_proto.h" #define PROGNAME "conntrack" -#define VERSION "0.80" +#define VERSION "0.81" #if 0 #define DEBUGP printf @@ -651,8 +650,6 @@ fprintf(stdout, "--mask-dst ip Destination mask address for expectations\n"); fprintf(stdout, "-p proto Layer 4 Protocol\n"); fprintf(stdout, "-t timeout Set timeout\n"); fprintf(stdout, "-u status Set status\n"); -fprintf(stdout, "-m dumpmask Set dump mask\n"); -fprintf(stdout, "-g groupmask Set group mask\n"); fprintf(stdout, "-e eventmask Set event mask\n"); fprintf(stdout, "-a min_ip[-max_ip] NAT ip range\n"); fprintf(stdout, "-z Zero Counters\n"); @@ -670,7 +667,7 @@ int main(int argc, char *argv[]) unsigned long timeout = 0; unsigned int status = IPS_CONFIRMED; unsigned long id = 0; - unsigned int type = 0, dump_mask = 0, extra_flags = 0, event_mask = 0; + unsigned int type = 0, extra_flags = 0, event_mask = 0; int manip = -1; int res = 0, retry = 2; diff --git a/src/libct.c b/src/libct.c index 7c1160a..01307f2 100644 --- a/src/libct.c +++ b/src/libct.c @@ -17,9 +17,6 @@ /* From kernel.h */ #define INT_MAX ((int)(~0U>>1)) #define INT_MIN (-INT_MAX - 1) -#include -#include -#include #include #include "linux_list.h" #include "libct_proto.h" @@ -187,7 +184,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]); break; case CTA_STATUS: - ct.status = *(unsigned int *)NFA_DATA(attr); + ct.status = ntohl(*(u_int32_t *)NFA_DATA(attr)); flags |= STATUS; break; case CTA_PROTOINFO: @@ -195,11 +192,11 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) flags |= PROTOINFO; break; case CTA_TIMEOUT: - ct.timeout = ntohl(*(unsigned long *)NFA_DATA(attr)); + ct.timeout = ntohl(*(u_int32_t *)NFA_DATA(attr)); flags |= TIMEOUT; break; case CTA_MARK: - ct.mark = ntohl(*(unsigned long *)NFA_DATA(attr)); + ct.mark = ntohl(*(u_int32_t *)NFA_DATA(attr)); flags |= MARK; break; case CTA_COUNTERS_ORIG: @@ -208,7 +205,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) flags |= COUNTERS; break; case CTA_USE: - ct.use = ntohl(*(unsigned int *)NFA_DATA(attr)); + ct.use = ntohl(*(u_int32_t *)NFA_DATA(attr)); flags |= USE; break; case CTA_ID: @@ -256,7 +253,8 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) ct.counters[CTNL_DIR_REPLY].packets, ct.counters[CTNL_DIR_REPLY].bytes); - print_status(ct.status); + if (flags & STATUS) + print_status(ct.status); if (flags & MARK) fprintf(stdout, "mark=%lu ", ct.mark); @@ -272,15 +270,15 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) static char *typemsg2str(type, flags) { - char *ret = "UNKNOWN"; + char *ret = "[UNKNOWN]"; if (type == IPCTNL_MSG_CT_NEW) { if (flags & NLM_F_CREATE) - ret = "NEW"; + ret = "[NEW]"; else - ret = "UPDATE"; + ret = "[UPDATE]"; } else if (type == IPCTNL_MSG_CT_DELETE) - ret = "DESTROY"; + ret = "[DESTROY]"; return ret; } @@ -289,7 +287,7 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) { int type = NFNL_MSG_TYPE(nlh->nlmsg_type); - fprintf(stdout, "[%s] ", typemsg2str(type, nlh->nlmsg_flags)); + fprintf(stdout, "%9s ", typemsg2str(type, nlh->nlmsg_flags)); return handler(sock, nlh, arg); } @@ -465,6 +463,7 @@ static void event_sighandler(int s) { fprintf(stdout, "Now closing conntrack event dumping...\n"); ctnl_close(&cth); + exit(0); } int event_conntrack(unsigned int event_mask) @@ -527,6 +526,11 @@ struct ctproto_handler *findproto(char *name) void register_proto(struct ctproto_handler *h) { + if (strcmp(h->version, LIBCT_VERSION) != 0) { + fprintf(stderr, "plugin `%s': version %s (I'm %s)\n", + h->name, h->version, LIBCT_VERSION); + exit(1); + } list_add(&h->head, &proto_list); } -- cgit v1.2.3