From a75bb977ff16c9f3b3bdccdcd4173e9ef033463f Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Sun, 15 May 2005 14:23:16 +0000 Subject: Completed some stuff related to protocol helpers: o final_check o help o ICMP support --- extensions/Makefile.am | 3 ++- extensions/libct_proto_tcp.c | 25 +++++++++++++++++++++++++ extensions/libct_proto_udp.c | 24 ++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/Makefile.am b/extensions/Makefile.am index ae78346..ab29a6d 100644 --- a/extensions/Makefile.am +++ b/extensions/Makefile.am @@ -8,7 +8,8 @@ INCLUDES=-I../include -I/lib/modules/$(shell (uname -r))/build/include CFLAGS=-fPIC -Wall LIBS= -lib_LTLIBRARIES = libct_proto_tcp.la libct_proto_udp.la +lib_LTLIBRARIES = libct_proto_tcp.la libct_proto_udp.la libct_proto_icmp.la libct_proto_tcp_la_SOURCES = libct_proto_tcp.c libct_proto_udp_la_SOURCES = libct_proto_udp.c +libct_proto_icmp_la_SOURCES = libct_proto_icmp.c diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 58005b0..a2243dc 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -54,6 +54,15 @@ static const char *states[] = { "LISTEN" }; +void help() +{ + fprintf(stdout, "--orig-port-src original source port\n"); + fprintf(stdout, "--orig-port-dst original destination port\n"); + fprintf(stdout, "--reply-port-src reply source port\n"); + fprintf(stdout, "--reply-port-dst reply destination port\n"); + fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n"); +} + int parse(char c, char *argv[], struct ip_conntrack_tuple *orig, struct ip_conntrack_tuple *reply, @@ -104,6 +113,20 @@ int parse(char c, char *argv[], return 1; } +int final_check(unsigned int flags) +{ + if (!(flags & ORIG_SPORT)) + return 0; + else if (!(flags & ORIG_DPORT)) + return 0; + else if (!(flags & REPL_SPORT)) + return 0; + else if (!(flags & REPL_DPORT)) + return 0; + + return 1; +} + void print_tuple(struct ip_conntrack_tuple *t) { fprintf(stdout, "sport=%d dport=%d ", ntohs(t->src.u.tcp.port), @@ -121,6 +144,8 @@ static struct ctproto_handler tcp = { .parse = parse, .print_tuple = print_tuple, .print_proto = print_proto, + .final_check = final_check, + .help = help, .opts = opts }; diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 5675a05..8e20bd5 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -37,6 +37,14 @@ enum udp_param_flags { REPL_DPORT = (1 << REPL_DPORT_BIT), }; +void help() +{ + fprintf(stdout, "--orig-port-src original source port\n"); + fprintf(stdout, "--orig-port-dst original destination port\n"); + fprintf(stdout, "--reply-port-src reply source port\n"); + fprintf(stdout, "--reply-port-dst reply destination port\n"); +} + int parse(char c, char *argv[], struct ip_conntrack_tuple *orig, struct ip_conntrack_tuple *reply, @@ -72,6 +80,20 @@ int parse(char c, char *argv[], return 1; } +int final_check(unsigned int flags) +{ + if (!(flags & ORIG_SPORT)) + return 0; + else if (!(flags & ORIG_DPORT)) + return 0; + else if (!(flags & REPL_SPORT)) + return 0; + else if (!(flags & REPL_DPORT)) + return 0; + + return 1; +} + void print_tuple(struct ip_conntrack_tuple *t) { fprintf(stdout, "sport=%d dport=%d ", ntohs(t->src.u.udp.port), @@ -83,6 +105,8 @@ static struct ctproto_handler udp = { .protonum = 17, .parse = parse, .print_tuple = print_tuple, + .final_check = final_check, + .help = help, .opts = opts }; -- cgit v1.2.3