summaryrefslogtreecommitdiffstats
path: root/include/libnetfilter_conntrack
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-26 02:29:02 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-26 02:29:02 +0000
commit8aa719eb1afb6c6e0a5bf74cbdab79dc82da6c80 (patch)
treed297a64f5ff25395981334035d5deae8d13e69cc /include/libnetfilter_conntrack
parent5875e04f38e0e5c09e497dc735e287fc6cc626b3 (diff)
o add IPv6 support
o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit.
Diffstat (limited to 'include/libnetfilter_conntrack')
-rw-r--r--include/libnetfilter_conntrack/Makefile.am2
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h8
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h29
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h29
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack_l3extensions.h29
5 files changed, 92 insertions, 5 deletions
diff --git a/include/libnetfilter_conntrack/Makefile.am b/include/libnetfilter_conntrack/Makefile.am
index d6e11c5..1630695 100644
--- a/include/libnetfilter_conntrack/Makefile.am
+++ b/include/libnetfilter_conntrack/Makefile.am
@@ -1,4 +1,4 @@
-pkginclude_HEADERS = libnetfilter_conntrack.h linux_nfnetlink_conntrack.h libnetfilter_conntrack_tcp.h libnetfilter_conntrack_udp.h libnetfilter_conntrack_icmp.h libnetfilter_conntrack_sctp.h
+pkginclude_HEADERS = libnetfilter_conntrack.h linux_nfnetlink_conntrack.h libnetfilter_conntrack_tcp.h libnetfilter_conntrack_udp.h libnetfilter_conntrack_icmp.h libnetfilter_conntrack_sctp.h libnetfilter_conntrack_ipv4.h libnetfilter_conntrack_ipv6.h
noinst_HEADERS = libnetfilter_conntrack_extensions.h
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 4b751a2..46ba5da 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -109,8 +109,9 @@ struct nfct_expect {
struct nfct_conntrack_compare {
struct nfct_conntrack *ct;
- unsigned int flag;
- unsigned int protoflag;
+ unsigned int flags;
+ unsigned int l3flags;
+ unsigned int l4flags;
};
enum {
@@ -294,8 +295,7 @@ extern int nfct_sprintf_id(char *buf, u_int32_t id);
*/
extern int nfct_conntrack_compare(struct nfct_conntrack *ct1,
struct nfct_conntrack *ct2,
- unsigned int cmp_flag,
- unsigned int cmp_protoflag);
+ struct nfct_conntrack_compare *cmp);
/*
* Expectations
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h
new file mode 100644
index 0000000..d15a7e3
--- /dev/null
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h
@@ -0,0 +1,29 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#ifndef _LIBNETFILTER_CONNTRACK_IPV4_H_
+#define _LIBNETFILTER_CONNTRACK_IPV4_H_
+
+enum ipv4_flags {
+ IPV4_ORIG_SRC_BIT = 0,
+ IPV4_ORIG_SRC = (1 << IPV4_ORIG_SRC_BIT),
+
+ IPV4_ORIG_DST_BIT = 1,
+ IPV4_ORIG_DST = (1 << IPV4_ORIG_DST_BIT),
+
+ IPV4_ORIG = (IPV4_ORIG_SRC | IPV4_ORIG_DST),
+
+ IPV4_REPL_SRC_BIT = 2,
+ IPV4_REPL_SRC = (1 << IPV4_REPL_SRC_BIT),
+
+ IPV4_REPL_DST_BIT = 3,
+ IPV4_REPL_DST = (1 << IPV4_REPL_DST_BIT),
+
+ IPV4_REPL = (IPV4_REPL_SRC | IPV4_REPL_DST)
+};
+
+#endif
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h
new file mode 100644
index 0000000..280c5cd
--- /dev/null
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h
@@ -0,0 +1,29 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#ifndef _LIBNETFILTER_CONNTRACK_IPV6_H_
+#define _LIBNETFILTER_CONNTRACK_IPV6_H_
+
+enum ipv6_flags {
+ IPV6_ORIG_SRC_BIT = 0,
+ IPV6_ORIG_SRC = (1 << IPV6_ORIG_SRC_BIT),
+
+ IPV6_ORIG_DST_BIT = 1,
+ IPV6_ORIG_DST = (1 << IPV6_ORIG_DST_BIT),
+
+ IPV6_ORIG = (IPV6_ORIG_SRC | IPV6_ORIG_DST),
+
+ IPV6_REPL_SRC_BIT = 2,
+ IPV6_REPL_SRC = (1 << IPV6_REPL_SRC_BIT),
+
+ IPV6_REPL_DST_BIT = 3,
+ IPV6_REPL_DST = (1 << IPV6_REPL_DST_BIT),
+
+ IPV6_REPL = (IPV6_REPL_SRC | IPV6_REPL_DST)
+};
+
+#endif
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_l3extensions.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_l3extensions.h
new file mode 100644
index 0000000..86e002a
--- /dev/null
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_l3extensions.h
@@ -0,0 +1,29 @@
+/*
+ * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#ifndef _LIBNETFILTER_CONNTRACK_L3EXTENSIONS_H_
+#define _LIBNETFILTER_CONNTRACK_L3EXTENSIONS_H_
+
+#include "linux_list.h"
+
+struct nfct_l3proto {
+ struct list_head head;
+
+ char *name;
+ u_int16_t protonum;
+ char *version;
+
+ void (*parse_proto)(struct nfattr **, struct nfct_tuple *);
+ void (*build_tuple_proto)(struct nfnlhdr *, int, struct nfct_tuple *);
+ int (*print_proto)(char *, struct nfct_tuple *);
+ int (*compare)(struct nfct_conntrack *, struct nfct_conntrack *,
+ unsigned int);
+};
+
+extern void nfct_register_l3proto(struct nfct_l3proto *h);
+
+#endif