summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libnetfilter_conntrack_icmp.c2
-rw-r--r--extensions/libnetfilter_conntrack_tcp.c12
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h11
-rw-r--r--utils/ctnl_test.c14
4 files changed, 33 insertions, 6 deletions
diff --git a/extensions/libnetfilter_conntrack_icmp.c b/extensions/libnetfilter_conntrack_icmp.c
index 07997d1..d1ae1b4 100644
--- a/extensions/libnetfilter_conntrack_icmp.c
+++ b/extensions/libnetfilter_conntrack_icmp.c
@@ -52,7 +52,7 @@ static int print_proto(char *buf, struct nfct_tuple *t)
t->l4dst.icmp.code);
/* ID only makes sense with ECHO */
if (t->l4dst.icmp.type == 8)
- size += sprintf(buf, "id=%d ", t->l4src.icmp.id);
+ size += sprintf(buf+size, "id=%d ", ntohs(t->l4src.icmp.id));
return size;
}
diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c
index 32a0971..bb96698 100644
--- a/extensions/libnetfilter_conntrack_tcp.c
+++ b/extensions/libnetfilter_conntrack_tcp.c
@@ -42,6 +42,18 @@ static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
{
struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+
+ /*
+ * Listen to me carefully: This is easy to trigger with events ;).
+ * The conntrack event messages don't always contain all the
+ * information about a conntrack, just those fields that have changed.
+ * So you can receive a message about a TCP connection with no bits
+ * talking about the private protocol information.
+ *
+ * --pablo 05/10/31
+ */
+ if (!cda[CTA_PROTOINFO_TCP-1])
+ return;
nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 71afa03..0c06fa6 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -13,7 +13,7 @@
#include <linux/netfilter/nfnetlink_conntrack.h>
#include <libnfnetlink/libnfnetlink.h>
-#define LIBNETFILTER_CONNTRACK_VERSION "0.2.2"
+#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3"
enum {
CONNTRACK = NFNL_SUBSYS_CTNETLINK,
@@ -27,10 +27,12 @@ enum {
#define NFCT_ANY_ID 0
/*
- * Default flag that is passed to nfct_open(), subscribe
- * to all possible groups
+ * Subscribe to all possible netlink groups. Use this
+ * flag in case that you want to catch up all the possible
+ * events. Do not use this flag for dumping or any other
+ * similar operation.
*/
-#define NFCT_ANY_GROUP ~0U
+#define NFCT_ALL_GROUPS ~0U
union nfct_l4 {
/* Add other protocols here. */
@@ -237,6 +239,7 @@ extern void nfct_unregister_callback(struct nfct_handle *cth);
extern int nfct_default_conntrack_display(void *arg, unsigned int, int);
extern int nfct_default_conntrack_display_id(void *arg, unsigned int, int);
extern int nfct_default_expect_display(void *arg, unsigned int, int);
+extern int nfct_default_expect_display_id(void *arg, unsigned int, int);
/*
* [Create|update|get|destroy] conntracks
diff --git a/utils/ctnl_test.c b/utils/ctnl_test.c
index 360e118..a1462af 100644
--- a/utils/ctnl_test.c
+++ b/utils/ctnl_test.c
@@ -73,7 +73,7 @@ int main(int argc, char **argv)
goto end;
}
- cth = nfct_open(CONNTRACK, NFCT_ANY_GROUP);
+ cth = nfct_open(CONNTRACK, 0);
if (!cth) {
fprintf(stderr, "Can't open handler\n");
errors++;
@@ -118,6 +118,18 @@ int main(int argc, char **argv)
if (ret < 0)
errors++;
+ nfct_close(cth);
+
+ /* Now open a handler that is subscribed to all possible events */
+ cth = nfct_open(CONNTRACK, NFCT_ALL_GROUPS);
+ if (!cth) {
+ fprintf(stderr, "Can't open handler\n");
+ errors++;
+ ret = -ENOENT;
+ nfct_conntrack_free(ct);
+ goto end;
+ }
+
fprintf(stdout, "TEST 7: Waiting for 10 conntrack events\n");
signal(SIGINT, event_sighandler);
nfct_register_callback(cth, event_counter);