From 8aa719eb1afb6c6e0a5bf74cbdab79dc82da6c80 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Mon, 26 Dec 2005 02:29:02 +0000 Subject: o add IPv6 support o clean up layer-4 compare functions o finish the comparison infrastructure: support for tuple/mark matching o fix bug in the default event display when used in conjunction with the comparison infrastructure. o Bumped version to 0.0.30 Thanks to Yasuyuki Kozakai for: [LIBNETFILTER_CONNTRACK] fix dumping IPv6 connections that in included in this commit. --- extensions/libnetfilter_conntrack_icmp.c | 10 ++++------ extensions/libnetfilter_conntrack_sctp.c | 12 +++++------- extensions/libnetfilter_conntrack_tcp.c | 14 ++++++-------- extensions/libnetfilter_conntrack_udp.c | 12 +++++------- 4 files changed, 20 insertions(+), 28 deletions(-) (limited to 'extensions') diff --git a/extensions/libnetfilter_conntrack_icmp.c b/extensions/libnetfilter_conntrack_icmp.c index a69f43d..72a7eb0 100644 --- a/extensions/libnetfilter_conntrack_icmp.c +++ b/extensions/libnetfilter_conntrack_icmp.c @@ -56,22 +56,20 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & ICMP_TYPE) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type) - ret = 0; + return 0; if (flags & ICMP_CODE) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code) - ret = 0; + return 0; if (flags & ICMP_ID) if (ct1->tuple[NFCT_DIR_REPLY].l4src.icmp.id != ct2->tuple[NFCT_DIR_REPLY].l4src.icmp.id) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto icmp = { diff --git a/extensions/libnetfilter_conntrack_sctp.c b/extensions/libnetfilter_conntrack_sctp.c index aa06f6d..3785c2e 100644 --- a/extensions/libnetfilter_conntrack_sctp.c +++ b/extensions/libnetfilter_conntrack_sctp.c @@ -60,26 +60,24 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & SCTP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port) - ret = 0; + return 0; if (flags & SCTP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port) - ret = 0; + return 0; if (flags & SCTP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.sctp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.sctp.port) - ret = 0; + return 0; if (flags & SCTP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.sctp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.sctp.port) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto sctp = { diff --git a/extensions/libnetfilter_conntrack_tcp.c b/extensions/libnetfilter_conntrack_tcp.c index dc50315..9efdbb7 100644 --- a/extensions/libnetfilter_conntrack_tcp.c +++ b/extensions/libnetfilter_conntrack_tcp.c @@ -98,29 +98,27 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & TCP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.tcp.port) - ret = 0; + return 0; if (flags & TCP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.tcp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.tcp.port) - ret = 0; + return 0; if (flags & TCP_STATE) if (ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto tcp = { diff --git a/extensions/libnetfilter_conntrack_udp.c b/extensions/libnetfilter_conntrack_udp.c index bd33280..c1d20c3 100644 --- a/extensions/libnetfilter_conntrack_udp.c +++ b/extensions/libnetfilter_conntrack_udp.c @@ -46,26 +46,24 @@ static int compare(struct nfct_conntrack *ct1, struct nfct_conntrack *ct2, unsigned int flags) { - int ret = 1; - if (flags & UDP_ORIG_SPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port) - ret = 0; + return 0; if (flags & UDP_ORIG_DPORT) if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port != ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port) - ret = 0; + return 0; if (flags & UDP_REPL_SPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4src.udp.port != ct2->tuple[NFCT_DIR_REPLY].l4src.udp.port) - ret = 0; + return 0; if (flags & UDP_REPL_DPORT) if (ct1->tuple[NFCT_DIR_REPLY].l4dst.udp.port != ct2->tuple[NFCT_DIR_REPLY].l4dst.udp.port) - ret = 0; + return 0; - return ret; + return 1; } static struct nfct_proto udp = { -- cgit v1.2.3