diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-04-24 12:22:49 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-04-24 12:22:49 +0200 |
commit | 7866b938a909439fa09ea7f16f8676cdac5ea532 (patch) | |
tree | 27ec12336702e465b9b1699e5ef941b66e15ae96 | |
parent | 400ae54438c4b85126f9fab0ae1dc067823b70f7 (diff) | |
download | conntrack-tools-7866b938a909439fa09ea7f16f8676cdac5ea532.tar.gz conntrack-tools-7866b938a909439fa09ea7f16f8676cdac5ea532.zip |
conntrack: add DCCP role parameter for conntrack creation
This patch adds `--role' parameter for DCCP which is required to
create entries.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | conntrack.8 | 4 | ||||
-rw-r--r-- | extensions/libct_proto_dccp.c | 92 |
2 files changed, 57 insertions, 39 deletions
diff --git a/conntrack.8 b/conntrack.8 index 6aa5c3b..983fc31 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -237,7 +237,7 @@ Verification tag (32-bits value) in the original direction .BI "--reply-vtag " "value" Verification tag (32-bits value) in the reply direction .TP -DCCP-specific fields: +DCCP-specific fields (needs Linux >= 2.6.30): .TP .BI "--sport, --orig-port-src " "PORT" Source port in original direction @@ -253,6 +253,8 @@ Destination port in reply direction .TP .BI "--state " "[NONE | REQUEST | RESPOND | PARTOPEN | OPEN | CLOSEREQ | CLOSING | TIMEWAIT]" DCCP state +.BI "--role " "[client | server]" +Role that the original conntrack tuple is tracking .TP GRE-specific fields: .TP diff --git a/extensions/libct_proto_dccp.c b/extensions/libct_proto_dccp.c index deb3e28..586c4cc 100644 --- a/extensions/libct_proto_dccp.c +++ b/extensions/libct_proto_dccp.c @@ -30,22 +30,24 @@ enum { CT_DCCP_MASK_DPORT = (1 << 5), CT_DCCP_STATE = (1 << 6), CT_DCCP_EXPTUPLE_SPORT = (1 << 7), - CT_DCCP_EXPTUPLE_DPORT = (1 << 8) + CT_DCCP_EXPTUPLE_DPORT = (1 << 8), + CT_DCCP_ROLE = (1 << 9), }; #define DCCP_OPT_MAX 13 static struct option opts[DCCP_OPT_MAX] = { - { .name = "orig-port-src", .has_arg = 1, .val = '1' }, - { .name = "orig-port-dst", .has_arg = 1, .val = '2' }, - { .name = "reply-port-src", .has_arg = 1, .val = '3' }, - { .name = "reply-port-dst", .has_arg = 1, .val = '4' }, - { .name = "mask-port-src", .has_arg = 1, .val = '5' }, - { .name = "mask-port-dst", .has_arg = 1, .val = '6' }, - { .name = "state", .has_arg = 1, .val = '7' }, - { .name = "tuple-port-src", .has_arg = 1, .val = '8' }, - { .name = "tuple-port-dst", .has_arg = 1, .val = '9' }, - { .name = "sport", .has_arg = 1, .val = '1' }, /* alias */ - { .name = "dport", .has_arg = 1, .val = '2' }, /* alias */ + { .name = "orig-port-src", .has_arg = 1, .val = 1 }, + { .name = "orig-port-dst", .has_arg = 1, .val = 2 }, + { .name = "reply-port-src", .has_arg = 1, .val = 3 }, + { .name = "reply-port-dst", .has_arg = 1, .val = 4 }, + { .name = "mask-port-src", .has_arg = 1, .val = 5 }, + { .name = "mask-port-dst", .has_arg = 1, .val = 6 }, + { .name = "state", .has_arg = 1, .val = 7 }, + { .name = "tuple-port-src", .has_arg = 1, .val = 8 }, + { .name = "tuple-port-dst", .has_arg = 1, .val = 9 }, + { .name = "sport", .has_arg = 1, .val = 1 }, /* alias */ + { .name = "dport", .has_arg = 1, .val = 2 }, /* alias */ + { .name = "role", .has_arg = 1, .val = 10 }, { 0, 0, 0, 0}, }; @@ -58,28 +60,29 @@ static const char *dccp_optflags[DCCP_OPT_MAX] = { [5] = "mask-port-dst", [6] = "state", [7] = "tuple-port-src", - [8] = "tuple-port-dst" + [8] = "tuple-port-dst", + [9] = "role" }; static char dccp_commands_v_options[NUMBER_OF_CMD][DCCP_OPT_MAX] = /* Well, it's better than "Re: Sevilla vs Betis" */ { - /* 1 2 3 4 5 6 7 8 9 */ -/*CT_LIST*/ {2,2,2,2,0,0,2,0,0}, -/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0}, -/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0}, -/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0}, -/*CT_GET*/ {3,3,3,3,0,0,2,0,0}, -/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0}, -/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0}, -/*CT_HELP*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_CREATE*/ {1,1,1,1,1,1,0,1,1}, -/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0}, -/*EXP_GET*/ {1,1,1,1,0,0,0,0,0}, -/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0}, -/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0}, + /* 1 2 3 4 5 6 7 8 9 10*/ +/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0}, +/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1}, +/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,0}, +/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0}, +/*CT_GET*/ {3,3,3,3,0,0,2,0,0,0}, +/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0}, +/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0}, +/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0}, +/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0}, +/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0}, +/*EXP_CREATE*/ {1,1,1,1,1,1,0,1,1,1}, +/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0}, +/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0}, +/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0}, +/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0}, }; static const char *dccp_states[DCCP_CONNTRACK_MAX] = { @@ -118,43 +121,43 @@ static int parse_options(char c, u_int16_t port; switch(c) { - case '1': + case 1: port = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, port); nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_ORIG_SPORT; break; - case '2': + case 2: port = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, port); nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_ORIG_DPORT; break; - case '3': + case 3: port = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, port); nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_REPL_SPORT; break; - case '4': + case 4: port = htons(atoi(optarg)); nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, port); nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_REPL_DPORT; break; - case '5': + case 5: port = htons(atoi(optarg)); nfct_set_attr_u16(mask, ATTR_ORIG_PORT_SRC, port); nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_MASK_SPORT; break; - case '6': + case 6: port = htons(atoi(optarg)); nfct_set_attr_u16(mask, ATTR_ORIG_PORT_DST, port); nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP); *flags |= CT_DCCP_MASK_DPORT; break; - case '7': + case 7: for (i=0; i<DCCP_CONNTRACK_MAX; i++) { if (strcmp(optarg, dccp_states[i]) == 0) { nfct_set_attr_u8(ct, ATTR_DCCP_STATE, i); @@ -166,18 +169,31 @@ static int parse_options(char c, "Unknown DCCP state `%s'", optarg); *flags |= CT_DCCP_STATE; break; - case '8': + case 8: port = htons(atoi(optarg)); nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_SRC, port); nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port); *flags |= CT_DCCP_EXPTUPLE_SPORT; break; - case '9': + case 9: port = htons(atoi(optarg)); nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_DST, port); nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port); *flags |= CT_DCCP_EXPTUPLE_DPORT; break; + case 10: + if (strncasecmp(optarg, "client", strlen(optarg)) == 0) { + nfct_set_attr_u8(ct, ATTR_DCCP_ROLE, + DCCP_CONNTRACK_ROLE_CLIENT); + } else if (strncasecmp(optarg, "server", strlen(optarg)) == 0) { + nfct_set_attr_u8(ct, ATTR_DCCP_ROLE, + DCCP_CONNTRACK_ROLE_SERVER); + } else { + exit_error(PARAMETER_PROBLEM, + "Unknown DCCP role `%s'", optarg); + } + *flags |= CT_DCCP_ROLE; + break; } return 1; } |