From b3c288427f1906e2b7c7f6e8c5747db8ccc5f62a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 6 Dec 2011 18:29:53 +0100
Subject: expect: nfexp_snprintf displays mask and master tuple information

This patch adds mask and master tuple information regarding one
expectation. This information has been not shown so far. I consider
that it is interesting because you can use this information to
troubleshoot expectation issues. Moreover, you can know which is
the master conntrack that this expectation is attached to.

This extends the text-based output for `conntrack -L exp'. This
can be considered a backward compatibily issue since existing
tools that are parsing this interface may break. But this is not
our fault, we provide an API to the conntrack table via
libnetfilter_conntrack. People should use those.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/internal/prototypes.h    |  2 +-
 src/conntrack/snprintf_default.c | 32 +++++++++++++++++++++-----------
 src/expect/parse.c               |  5 ++++-
 src/expect/snprintf_default.c    | 22 +++++++++++++++++++++-
 4 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index 928ddbd..5f1418f 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -10,7 +10,7 @@ int __parse_message_type(const struct nlmsghdr *nlh);
 void __parse_conntrack(const struct nlmsghdr *nlh, struct nfattr *cda[], struct nf_conntrack *ct);
 void __parse_tuple(const struct nfattr *attr, struct __nfct_tuple *tuple, int dir, u_int32_t *set);
 int __snprintf_conntrack(char *buf, unsigned int len, const struct nf_conntrack *ct, unsigned int type, unsigned int msg_output, unsigned int flags);
-int __snprintf_address(char *buf, unsigned int len, const struct __nfct_tuple *tuple);
+int __snprintf_address(char *buf, unsigned int len, const struct __nfct_tuple *tuple, const char *src_tag, const char *dst_tag);
 int __snprintf_protocol(char *buf, unsigned int len, const struct nf_conntrack *ct);
 int __snprintf_proto(char *buf, unsigned int len, const struct __nfct_tuple *tuple);
 int __snprintf_conntrack_default(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags);
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 8523bd1..beb1991 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -66,16 +66,18 @@ static int __snprintf_protoinfo_dccp(char *buf,
 
 static int __snprintf_address_ipv4(char *buf,
 				   unsigned int len,
-				   const struct __nfct_tuple *tuple)
+				   const struct __nfct_tuple *tuple,
+				   const char *src_tag,
+				   const char *dst_tag)
 {
 	int ret, size = 0, offset = 0;
 	struct in_addr src = { .s_addr = tuple->src.v4 };
 	struct in_addr dst = { .s_addr = tuple->dst.v4 };
 
-	ret = snprintf(buf, len, "src=%s ", inet_ntoa(src));
+	ret = snprintf(buf, len, "%s=%s ", src_tag, inet_ntoa(src));
 	BUFFER_SIZE(ret, size, len, offset);
 
-	ret = snprintf(buf+offset, len, "dst=%s ", inet_ntoa(dst));
+	ret = snprintf(buf+offset, len, "%s=%s ", dst_tag, inet_ntoa(dst));
 	BUFFER_SIZE(ret, size, len, offset);
 
 	return size;
@@ -83,7 +85,9 @@ static int __snprintf_address_ipv4(char *buf,
 
 static int __snprintf_address_ipv6(char *buf,
 				   unsigned int len,
-				   const struct __nfct_tuple *tuple)
+				   const struct __nfct_tuple *tuple,
+				   const char *src_tag,
+				   const char *dst_tag)
 {
 	int ret, size = 0, offset = 0;
 	struct in6_addr src;
@@ -96,13 +100,13 @@ static int __snprintf_address_ipv6(char *buf,
 	if (!inet_ntop(AF_INET6, &src, tmp, sizeof(tmp)))
 		return -1;
 
-	ret = snprintf(buf, len, "src=%s ", tmp);
+	ret = snprintf(buf, len, "%s=%s ", src_tag, tmp);
 	BUFFER_SIZE(ret, size, len, offset);
 
 	if (!inet_ntop(AF_INET6, &dst, tmp, sizeof(tmp)))
 		return -1;
 
-	ret = snprintf(buf+offset, len-size, "dst=%s ", tmp);
+	ret = snprintf(buf+offset, len-size, "%s=%s ", dst_tag, tmp);
 	BUFFER_SIZE(ret, size, len, offset);
 
 	return size;
@@ -110,16 +114,20 @@ static int __snprintf_address_ipv6(char *buf,
 
 int __snprintf_address(char *buf,
 		       unsigned int len,
-		       const struct __nfct_tuple *tuple)
+		       const struct __nfct_tuple *tuple,
+		       const char *src_tag,
+		       const char *dst_tag)
 {
 	int size = 0;
 
 	switch (tuple->l3protonum) {
 	case AF_INET:
-		size = __snprintf_address_ipv4(buf, len, tuple);
+		size = __snprintf_address_ipv4(buf, len, tuple,
+						src_tag, dst_tag);
 		break;
 	case AF_INET6:
-		size = __snprintf_address_ipv6(buf, len, tuple);
+		size = __snprintf_address_ipv6(buf, len, tuple,
+						src_tag, dst_tag);
 		break;
 	}
 
@@ -324,7 +332,8 @@ int __snprintf_conntrack_default(char *buf,
 		BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_ORIG]);
+	ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_ORIG],
+				 "src", "dst");
 	BUFFER_SIZE(ret, size, len, offset);
 
 	ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_ORIG]);
@@ -341,7 +350,8 @@ int __snprintf_conntrack_default(char *buf,
 		BUFFER_SIZE(ret, size, len, offset);
 	}
 
-	ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_REPL]);
+	ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_REPL],
+				 "src", "dst");
 	BUFFER_SIZE(ret, size, len, offset);
 
 	ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_REPL]);
diff --git a/src/expect/parse.c b/src/expect/parse.c
index be9be78..0581aca 100644
--- a/src/expect/parse.c
+++ b/src/expect/parse.c
@@ -34,9 +34,12 @@ void __parse_expect(const struct nlmsghdr *nlh,
 	exp->expected.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
 	set_bit(ATTR_ORIG_L3PROTO, exp->expected.set);
 
-	exp->mask.tuple[__DIR_REPL].l3protonum = nfhdr->nfgen_family;
+	exp->mask.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
 	set_bit(ATTR_ORIG_L3PROTO, exp->mask.set);
 
+	exp->master.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
+	set_bit(ATTR_ORIG_L3PROTO, exp->master.set);
+
 	if (cda[CTA_EXPECT_MASTER-1]) {
 		__parse_tuple(cda[CTA_EXPECT_MASTER-1], 
 			      &exp->master.tuple[__DIR_ORIG],
diff --git a/src/expect/snprintf_default.c b/src/expect/snprintf_default.c
index 51ffb30..c4a19fa 100644
--- a/src/expect/snprintf_default.c
+++ b/src/expect/snprintf_default.c
@@ -56,7 +56,9 @@ int __snprintf_expect_default(char *buf,
 	ret = __snprintf_expect_proto(buf+offset, len, exp);
 	BUFFER_SIZE(ret, size, len, offset);
 
-	ret = __snprintf_address(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]);
+	ret = __snprintf_address(buf+offset, len,
+				 &exp->expected.tuple[__DIR_ORIG],
+				 "src", "dst");
 	BUFFER_SIZE(ret, size, len, offset);
 
 	ret = __snprintf_proto(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]);
@@ -82,6 +84,24 @@ int __snprintf_expect_default(char *buf,
 		BUFFER_SIZE(ret, size, len, offset);
 	}
 
+	ret = __snprintf_address(buf+offset, len,
+				 &exp->mask.tuple[__DIR_ORIG],
+				 "mask-src", "mask-dst");
+	BUFFER_SIZE(ret, size, len, offset);
+
+	ret = __snprintf_proto(buf+offset, len,
+				&exp->mask.tuple[__DIR_ORIG]);
+	BUFFER_SIZE(ret, size, len, offset);
+
+	ret = __snprintf_address(buf+offset, len,
+				 &exp->master.tuple[__DIR_ORIG],
+				 "master-src", "master-dst");
+	BUFFER_SIZE(ret, size, len, offset);
+
+	ret = __snprintf_proto(buf+offset, len,
+				&exp->master.tuple[__DIR_ORIG]);
+	BUFFER_SIZE(ret, size, len, offset);
+
 	/* Delete the last blank space if needed */
 	if (len > 0 && buf[size-1] == ' ')
 		size--;
-- 
cgit v1.2.3