summaryrefslogtreecommitdiffstats
path: root/utils
Commit message (Collapse)AuthorAgeFilesLines
* expect: add example that creates an expectation with NATPablo Neira Ayuso2012-09-112-0/+156
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Update .gitignoreJan Engelhardt2012-05-191-0/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: remove unused LDFLAGSJan Engelhardt2012-05-191-20/+0
| | | | | | | "-ldl" is not needed since the programs themselves never use functions from libdl. Also, -dynamic is not required at all. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* conntrack: add support for CTA_MARK_MASK and filtered dumpingPablo Neira Ayuso2012-02-092-0/+63
| | | | | | | | This patch adds the infrastructure to allow filtered dumping. See utils/conntrack_dump_filter.c for instance. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* expect: add XML support for nfexp_snprintf()Pablo Neira Ayuso2012-01-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example of the XML output: <flow type="new"> <layer3 protonum="2" protoname="IPv4"> <expected> <src>192.168.0.2</src> <dst>192.168.1.2</dst> </expected> <mask> <src>255.255.255.255</src> <dst>255.255.255.255</dst> </mask> <master> <src>192.168.0.2</src> <dst>192.168.1.2</dst> </master> </layer3> <layer4 protonum="6" protoname="tcp"> <expected> <sport>0</sport> <dport>41739</dport> </expected> <mask> <sport>0</sport> <dport>65535</dport> </mask> <master> <sport>36390</sport> <dport>21</dport> </master> </layer4> <meta> <helper-name>ftp</helper-name> <timeout>300</timeout> <zone>0</zone> </meta> </flow> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: fix expect_get to work with expect_createPablo Neira Ayuso2011-12-241-2/+2
| | | | | | | expect_get now allows you get the expectation that has been created with expect_create. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: add nfct_destroy() to all examples in utilsAndrew Beverley2011-05-1411-0/+46
| | | | | | | | | | This patch adds nfct_destroy() to all the examples in the utils folder. Although this may be obvious to some, when I wrote my first code using libnetfilter_conntract, I used the examples but subsequently missed out all the calls to nfct_destroy(). Signed-off-by: Andrew Beverley <andy@andybev.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: add timestamp supportPablo Neira Ayuso2011-02-172-2/+2
| | | | | | | | | | | | This patch adds the connection tracking extension that allows conntrack timestamping. This requires a Linux kernel >= 2.6.38. We have now 65 attributes, we need 96 bits to store what attributes are set in the objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: resolve compiler warningsJan Engelhardt2010-12-3019-26/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The addition of -Wall flagged some legitimate warnings: make expect_dump expect_create expect_get expect_delete expect_flush expect_events expect_create_userspace conntrack_create conntrack_dump conntrack_update conntrack_delete conntrack_flush conntrack_create_nat conntrack_get conntrack_events conntrack_master conntrack_filter conntrack_grp_create ctexp_events make[1]: Entering directory `/home/jengelh/code/libnetfilter_conntrack/utils' CC expect_dump.o expect_dump.c: In function "main": expect_dump.c:36:3: warning: implicit declaration of function "strerror" expect_dump.c:36:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_dump CC expect_create.o expect_create.c: In function "main": expect_create.c:31:2: warning: implicit declaration of function "inet_addr" expect_create.c:54:3: warning: implicit declaration of function "strerror" expect_create.c:54:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ expect_create.c:117:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_create CC expect_get.o expect_get.c: In function "main": expect_get.c:33:2: warning: implicit declaration of function "inet_addr" expect_get.c:59:3: warning: implicit declaration of function "strerror" expect_get.c:59:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_get CC expect_delete.o expect_delete.c: In function "main": expect_delete.c:21:2: warning: implicit declaration of function "inet_addr" expect_delete.c:46:3: warning: implicit declaration of function "strerror" expect_delete.c:46:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_delete CC expect_flush.o expect_flush.c: In function "main": expect_flush.c:23:3: warning: implicit declaration of function "strerror" expect_flush.c:23:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_flush CC expect_events.o expect_events.c: In function "main": expect_events.c:44:3: warning: implicit declaration of function "strerror" expect_events.c:44:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_events CC expect_create_userspace.o expect_create_userspace.c: In function "main": expect_create_userspace.c:31:2: warning: implicit declaration of function "inet_addr" expect_create_userspace.c:58:3: warning: implicit declaration of function "strerror" expect_create_userspace.c:58:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ expect_create_userspace.c:121:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD expect_create_userspace CC conntrack_create.o conntrack_create.c: In function "main": conntrack_create.c:21:2: warning: implicit declaration of function "inet_addr" conntrack_create.c:43:3: warning: implicit declaration of function "strerror" conntrack_create.c:43:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_create CC conntrack_dump.o conntrack_dump.c: In function "main": conntrack_dump.c:37:3: warning: implicit declaration of function "strerror" conntrack_dump.c:37:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ conntrack_dump.c:24:7: warning: unused variable "buf" CCLD conntrack_dump CC conntrack_update.o conntrack_update.c: In function "main": conntrack_update.c:21:2: warning: implicit declaration of function "inet_addr" conntrack_update.c:43:3: warning: implicit declaration of function "strerror" conntrack_update.c:43:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_update CC conntrack_delete.o conntrack_delete.c: In function "main": conntrack_delete.c:21:2: warning: implicit declaration of function "inet_addr" conntrack_delete.c:38:3: warning: implicit declaration of function "strerror" conntrack_delete.c:38:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_delete CC conntrack_flush.o conntrack_flush.c: In function "main": conntrack_flush.c:24:3: warning: implicit declaration of function "strerror" conntrack_flush.c:24:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ conntrack_flush.c:12:7: warning: unused variable "buf" CCLD conntrack_flush CC conntrack_create_nat.o conntrack_create_nat.c: In function "main": conntrack_create_nat.c:21:2: warning: implicit declaration of function "inet_addr" conntrack_create_nat.c:45:3: warning: implicit declaration of function "strerror" conntrack_create_nat.c:45:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_create_nat CC conntrack_get.o conntrack_get.c: In function "main": conntrack_get.c:33:2: warning: implicit declaration of function "inet_addr" conntrack_get.c:52:3: warning: implicit declaration of function "strerror" conntrack_get.c:52:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_get CC conntrack_events.o conntrack_events.c: In function "main": conntrack_events.c:45:3: warning: implicit declaration of function "strerror" conntrack_events.c:45:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ conntrack_events.c:29:7: warning: unused variable "buf" conntrack_events.c:28:23: warning: unused variable "ct" conntrack_events.c:26:11: warning: unused variable "family" CCLD conntrack_events CC conntrack_master.o conntrack_master.c: In function "main": conntrack_master.c:22:2: warning: implicit declaration of function "inet_addr" conntrack_master.c:44:3: warning: implicit declaration of function "strerror" conntrack_master.c:44:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ conntrack_master.c:86:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_master CC conntrack_filter.o conntrack_filter.c: In function "main": conntrack_filter.c:58:3: warning: implicit declaration of function "inet_addr" conntrack_filter.c:98:3: warning: implicit declaration of function "strerror" conntrack_filter.c:98:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ conntrack_filter.c:31:7: warning: unused variable "buf" conntrack_filter.c:30:23: warning: unused variable "ct" conntrack_filter.c:27:11: warning: unused variable "family" CCLD conntrack_filter CC conntrack_grp_create.o conntrack_grp_create.c: In function "main": conntrack_grp_create.c:21:3: warning: implicit declaration of function "inet_addr" conntrack_grp_create.c:49:3: warning: implicit declaration of function "strerror" conntrack_grp_create.c:49:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD conntrack_grp_create CC ctexp_events.o ctexp_events.c: In function "main": ctexp_events.c:63:3: warning: implicit declaration of function "strerror" ctexp_events.c:63:3: warning: format "%s" expects type ‘char *’, but argument 3 has type ‘int’ CCLD ctexp_events make[1]: Leaving directory `/home/jengelh/code/libnetfilter_conntrack/utils' Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* utils: use sizeof(buf) over hardcoded numberJan Engelhardt2010-11-095-5/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* utils: expect_events now listens to all sort of expectation eventsPablo Neira Ayuso2010-11-091-1/+3
| | | | | | | With this patch, the expect_events example also listens to other sort of expectation events that were added in Linux kernel 2.6.37-rc. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: allow to use nfct handler for conntrack and expectations at the same timePablo Neira Ayuso2010-11-083-1/+77
| | | | | | | | | | This patch re-works the callback handling to allow the use the same socket to send/receive commands and listen to events of both conntrack and expectation subsystems. Now you can register one callback for conntrack and one for expectation with the same handler with no problems (before this patch, this was not possible, you required two different handlers). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Update .gitignoreJan Engelhardt2010-10-301-0/+18
|
* utils: add user-space expectation examplePablo Neira Ayuso2010-10-072-1/+133
| | | | | | This patch adds an example on how to set up a user-space expectation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: more realistic expectation creation for FTP helperPablo Neira Ayuso2010-10-073-9/+9
| | | | | | | | This patch changes the existing example to make it more realistic. It also removes the timeout setup since this field is ignored by ctnetlink if we specify a kernel-space conntrack helper to be used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: add support for IPv6 address filteringPablo Neira Ayuso2009-07-141-0/+13
| | | | | | | | | | | | This patch adds support to auto-generate BSF code for IPv6. It requires a Linux kernel >= 2.6.29. The maximum number of addresses is limited to 20 (12 BSF lines per IPv6 address comparison). I am not sure that to remove this limit is useful given that oprofile does not show very good numbers for very large (in terms of lines) filters. This completes one feature that is available in IPv4 but that was missing in IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* tcp: add support for SYN_SENT2 statePablo Neira Ayuso2009-06-105-6/+6
| | | | | | | | | This patch adds support for the new SYN_SENT2 state that Jozsef has introduced to support TCP simultaneous open in 2.6.31. We can safely include support for this feature now since the LISTEN state was not ever really used. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* utils: fix wrong use of errno in example filesPablo Neira Ayuso2008-12-1017-62/+116
| | | | | | | | | | | | This patch removes the use of strerr(errno) when the returned valued is != -1. This fixes random segfaults in my x86_64 machines. According to the documentation, errno should not be used unless the returned value is -1. This patch also includes some missing nfct_close() calls in the examples. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* groups: add attribute group APIPablo Neira Ayuso2008-10-302-1/+59
| | | | | | | | | | | | This new API allows you to set and get some logical set of attributes. This is not intended to replace the existing per-attribute get/set API but to provide more efficient way to get/set certain attributes. This change includes an example file (conntrack_grp_create.c) of the use of the attribute group API. See ATTR_GRP_* for more information on the existing groups. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* helper: explicit helper assignation supportlibnetfilter_conntrack-0.0.97Pablo Neira Ayuso2008-10-131-0/+1
| | | | | | | | This patch adds support for explicit helper assignation. This support will not be of any help without the appropriate kernel support that will go into the Linux kernel 2.6.29 -sic-. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* API: fix endianess issueAlbert Veli2008-07-291-1/+1
| | | | | | | | In nfct_build_query() the *data argument is converted into a u_int8_t*. This works for little-endian but not for big-endian. Signed-off-by: Albert Veli <albert.veli@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* bsf: use ntohl instead of htonl in the examplePablo Neira Ayuso2008-07-231-1/+2
| | | | | | Fix wrong use of htonl in the example filter. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Extend high-level API for netlink BSF to add negative logicPablo Neira Ayuso2008-07-181-0/+5
| | | | | | | This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add berkeley socket filtering high-level APIPablo Neira Ayuso2008-07-172-1/+88
| | | | | | | | This patch adds an abstraction level to berkeley sockets filter (BSF) for Netlink sockets available since Linux kernel 2.6.26. This provides an easy way to attach filters without knowing about BSF at all. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* add comment in expect_create test filePablo Neira Ayuso2008-07-151-0/+5
| | | | | | | | The test file requires nf_conntrack_ftp to work properly, otherwise it returns EINVAL. This patch adds a small comment to remember users to load the module before going ahead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conditional compilation of testsuite utilsPablo Neira Ayuso2008-07-021-1/+1
| | | | | | Use `make check' to compile the examples in utils/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* remove slip through change in conntrack_event.cPablo Neira Ayuso2008-07-021-249/+1
|
* bump version to 0.0.95libnetfilter_conntrack-0.0.95Pablo Neira Ayuso2008-06-271-1/+249
|
* add NFCT_OF_TIME output flag to nfct_snprintf/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-131-1/+1
|
* remove read-only variable from example file/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-171-7/+1
|
* add examples on how to add a new related conntrack/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-091-0/+93
|
* Add support for conntrack master setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-081-1/+6
|
* introduce NFCT_SOPT_SETUP_* options to simplify object setup/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-044-52/+28
|
* - do not install example files, just compile them/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-211-1/+1
| | | | - bump version to 0.0.75
* - delete ctnl_test.c since it contains examples of the old *deprecated* API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-202-165/+1
| | | | | - fix wrong port display in the XML output (Morten Isaksen) - use ntohs instead htons in snprintf_default.c
* - split new_api_test.c into several conntrack_*.c files to learn much easier ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-1310-130/+414
| | | | how the new API works
* - add warning note to ctnl_test.c: old API is deprecated/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-069-165/+376
| | | | | | | | - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c
* introduce the new expectation API/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-05-012-1/+165
|
* - replace ntohs by htons in the example file (reported by Victor Stinner)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-231-4/+4
| | | | | - introduce NFCT_O_PLAIN flag: NFCT_O_DEFAULT points to NFCT_O_PLAIN - remove commented line in nfct_new()
* Introduce the new libnetfilter_conntrack API, features:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2006-12-192-1/+129
| | | | | | | | | - object oriented infrastructure - extensible and configurable output (XML) - low level functions to interact with netlink details - fairly documented Still backward compatible.
* Fix endianess of tcp ports in the tuple./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2006-03-261-4/+4
|
* Make sure we set l3protonum in the tuples./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2006-03-261-0/+2
|
* Slightly API changes required for the upcoming ipv6 support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-191-2/+2
|
* o Fixed bugs in UDP and SCTP protocol handlers (parse_proto)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-12-031-0/+5
| | | | | | | | | o Added the comparison infrastructure for layer-4 protocols o Added libnetfilter_conntrack_[tcp|udp|icmp|sctp].h that contains the protocol flags used by the comparison infrastructure o Added nfct_conntrack_compare to compare two conntracks based on flags o Killed nfct_event_netlink_handler o nfct_event_[conntrack|expect] requires ROOT privileges (reason: netlink multicast) o Bumped version to 0.29
* - get rid of KERNELDIR include/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-141-1/+1
| | | | - have only one place where we specify the includes (Make_global.am)
* add extra 'data' argument to callback functions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-041-3/+3
|
* o ctnl_test now uses NFCT_ALL_CT_GROUPS/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-11-011-1/+1
|
* Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-311-1/+13
| | | | | | | | | | | | | Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;) List of changes: o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS o Update test file to use NFCT_ALL_GROUPS o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in conjuction with events. o Fix ICMP conntracks output o Add missing prototype definition of nfct_default_expect_display_id in libnetfilter_conntrack.h
* o Renamed nfct_[set|unset]_callback to nfct_[register|unregister]_callback/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-281-2/+2
| | | | | | | | | | | | | | | o Added some very brief comments to libnetfilter_conntrack.h o Implemented the conntrack printers API nfct_sprintf_* o Now nfct_default_conntrack_display display the classical /proc output, and nfct_default_conntrack_display the classical + conntrack ids o Use nfnl_talk if there's no data expected from kernel space to be processed, that is the case of nfct_[get|delete]_conntrack o Added some missing memset's zeroing o Code simplification: killed some char *buf where struct nfnlhdr is enough o Killed protocol handler destructors (fini) and nfct_unregister_proto: The library is unloaded if something goes wrong (different library versions), the modules never gets inserted in the proto_list. Fixes a segfault. o Bumped version to 0.2.0
* o new nfct_handler prototype/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org2005-10-271-7/+39
| | | | | | | | | | | o NFCT_COUNTERS splitted in NFCT_COUNTERS_[ORIG|RPLY] o all global vars are now static o kill nfct_set_handler, it was too much o fixed very stupid bug in counters printing o fixed conntrack getting: invalid netlink flags NLM_F_[ROOT|MATCH] o nfnl_send returns the proper error to the client, instead of returning -1 o some cleanup's: killed the ret, it was useless o test for the conntrack API completed, still missing the expectation test