summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-04-24 12:22:49 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-04-24 12:22:49 +0200
commit7866b938a909439fa09ea7f16f8676cdac5ea532 (patch)
tree27ec12336702e465b9b1699e5ef941b66e15ae96
parent400ae54438c4b85126f9fab0ae1dc067823b70f7 (diff)
downloadconntrack-tools-7866b938a909439fa09ea7f16f8676cdac5ea532.tar.gz
conntrack-tools-7866b938a909439fa09ea7f16f8676cdac5ea532.zip
conntrack: add DCCP role parameter for conntrack creation
This patch adds `--role' parameter for DCCP which is required to create entries. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--conntrack.84
-rw-r--r--extensions/libct_proto_dccp.c92
2 files changed, 57 insertions, 39 deletions
diff --git a/conntrack.8 b/conntrack.8
index 6aa5c3b..983fc31 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -237,7 +237,7 @@ Verification tag (32-bits value) in the original direction
.BI "--reply-vtag " "value"
Verification tag (32-bits value) in the reply direction
.TP
-DCCP-specific fields:
+DCCP-specific fields (needs Linux >= 2.6.30):
.TP
.BI "--sport, --orig-port-src " "PORT"
Source port in original direction
@@ -253,6 +253,8 @@ Destination port in reply direction
.TP
.BI "--state " "[NONE | REQUEST | RESPOND | PARTOPEN | OPEN | CLOSEREQ | CLOSING | TIMEWAIT]"
DCCP state
+.BI "--role " "[client | server]"
+Role that the original conntrack tuple is tracking
.TP
GRE-specific fields:
.TP
diff --git a/extensions/libct_proto_dccp.c b/extensions/libct_proto_dccp.c
index deb3e28..586c4cc 100644
--- a/extensions/libct_proto_dccp.c
+++ b/extensions/libct_proto_dccp.c
@@ -30,22 +30,24 @@ enum {
CT_DCCP_MASK_DPORT = (1 << 5),
CT_DCCP_STATE = (1 << 6),
CT_DCCP_EXPTUPLE_SPORT = (1 << 7),
- CT_DCCP_EXPTUPLE_DPORT = (1 << 8)
+ CT_DCCP_EXPTUPLE_DPORT = (1 << 8),
+ CT_DCCP_ROLE = (1 << 9),
};
#define DCCP_OPT_MAX 13
static struct option opts[DCCP_OPT_MAX] = {
- { .name = "orig-port-src", .has_arg = 1, .val = '1' },
- { .name = "orig-port-dst", .has_arg = 1, .val = '2' },
- { .name = "reply-port-src", .has_arg = 1, .val = '3' },
- { .name = "reply-port-dst", .has_arg = 1, .val = '4' },
- { .name = "mask-port-src", .has_arg = 1, .val = '5' },
- { .name = "mask-port-dst", .has_arg = 1, .val = '6' },
- { .name = "state", .has_arg = 1, .val = '7' },
- { .name = "tuple-port-src", .has_arg = 1, .val = '8' },
- { .name = "tuple-port-dst", .has_arg = 1, .val = '9' },
- { .name = "sport", .has_arg = 1, .val = '1' }, /* alias */
- { .name = "dport", .has_arg = 1, .val = '2' }, /* alias */
+ { .name = "orig-port-src", .has_arg = 1, .val = 1 },
+ { .name = "orig-port-dst", .has_arg = 1, .val = 2 },
+ { .name = "reply-port-src", .has_arg = 1, .val = 3 },
+ { .name = "reply-port-dst", .has_arg = 1, .val = 4 },
+ { .name = "mask-port-src", .has_arg = 1, .val = 5 },
+ { .name = "mask-port-dst", .has_arg = 1, .val = 6 },
+ { .name = "state", .has_arg = 1, .val = 7 },
+ { .name = "tuple-port-src", .has_arg = 1, .val = 8 },
+ { .name = "tuple-port-dst", .has_arg = 1, .val = 9 },
+ { .name = "sport", .has_arg = 1, .val = 1 }, /* alias */
+ { .name = "dport", .has_arg = 1, .val = 2 }, /* alias */
+ { .name = "role", .has_arg = 1, .val = 10 },
{ 0, 0, 0, 0},
};
@@ -58,28 +60,29 @@ static const char *dccp_optflags[DCCP_OPT_MAX] = {
[5] = "mask-port-dst",
[6] = "state",
[7] = "tuple-port-src",
- [8] = "tuple-port-dst"
+ [8] = "tuple-port-dst",
+ [9] = "role"
};
static char dccp_commands_v_options[NUMBER_OF_CMD][DCCP_OPT_MAX] =
/* Well, it's better than "Re: Sevilla vs Betis" */
{
- /* 1 2 3 4 5 6 7 8 9 */
-/*CT_LIST*/ {2,2,2,2,0,0,2,0,0},
-/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0},
-/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0},
-/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0},
-/*CT_GET*/ {3,3,3,3,0,0,2,0,0},
-/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0},
-/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0},
-/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0},
-/*CT_HELP*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_CREATE*/ {1,1,1,1,1,1,0,1,1},
-/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0},
-/*EXP_GET*/ {1,1,1,1,0,0,0,0,0},
-/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0},
-/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0},
+ /* 1 2 3 4 5 6 7 8 9 10*/
+/*CT_LIST*/ {2,2,2,2,0,0,2,0,0,0},
+/*CT_CREATE*/ {3,3,3,3,0,0,1,0,0,1},
+/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0,0},
+/*CT_DELETE*/ {2,2,2,2,0,0,2,0,0,0},
+/*CT_GET*/ {3,3,3,3,0,0,2,0,0,0},
+/*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0},
+/*CT_EVENT*/ {2,2,2,2,0,0,2,0,0,0},
+/*CT_VERSION*/ {0,0,0,0,0,0,0,0,0,0},
+/*CT_HELP*/ {0,0,0,0,0,0,0,0,0,0},
+/*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0},
+/*EXP_CREATE*/ {1,1,1,1,1,1,0,1,1,1},
+/*EXP_DELETE*/ {1,1,1,1,0,0,0,0,0,0},
+/*EXP_GET*/ {1,1,1,1,0,0,0,0,0,0},
+/*EXP_FLUSH*/ {0,0,0,0,0,0,0,0,0,0},
+/*EXP_EVENT*/ {0,0,0,0,0,0,0,0,0,0},
};
static const char *dccp_states[DCCP_CONNTRACK_MAX] = {
@@ -118,43 +121,43 @@ static int parse_options(char c,
u_int16_t port;
switch(c) {
- case '1':
+ case 1:
port = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, port);
nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_ORIG_SPORT;
break;
- case '2':
+ case 2:
port = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, port);
nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_ORIG_DPORT;
break;
- case '3':
+ case 3:
port = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, port);
nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_REPL_SPORT;
break;
- case '4':
+ case 4:
port = htons(atoi(optarg));
nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, port);
nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_REPL_DPORT;
break;
- case '5':
+ case 5:
port = htons(atoi(optarg));
nfct_set_attr_u16(mask, ATTR_ORIG_PORT_SRC, port);
nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_MASK_SPORT;
break;
- case '6':
+ case 6:
port = htons(atoi(optarg));
nfct_set_attr_u16(mask, ATTR_ORIG_PORT_DST, port);
nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_DCCP);
*flags |= CT_DCCP_MASK_DPORT;
break;
- case '7':
+ case 7:
for (i=0; i<DCCP_CONNTRACK_MAX; i++) {
if (strcmp(optarg, dccp_states[i]) == 0) {
nfct_set_attr_u8(ct, ATTR_DCCP_STATE, i);
@@ -166,18 +169,31 @@ static int parse_options(char c,
"Unknown DCCP state `%s'", optarg);
*flags |= CT_DCCP_STATE;
break;
- case '8':
+ case 8:
port = htons(atoi(optarg));
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_SRC, port);
nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
*flags |= CT_DCCP_EXPTUPLE_SPORT;
break;
- case '9':
+ case 9:
port = htons(atoi(optarg));
nfct_set_attr_u16(exptuple, ATTR_ORIG_PORT_DST, port);
nfct_set_attr_u8(exptuple, ATTR_ORIG_L4PROTO, port);
*flags |= CT_DCCP_EXPTUPLE_DPORT;
break;
+ case 10:
+ if (strncasecmp(optarg, "client", strlen(optarg)) == 0) {
+ nfct_set_attr_u8(ct, ATTR_DCCP_ROLE,
+ DCCP_CONNTRACK_ROLE_CLIENT);
+ } else if (strncasecmp(optarg, "server", strlen(optarg)) == 0) {
+ nfct_set_attr_u8(ct, ATTR_DCCP_ROLE,
+ DCCP_CONNTRACK_ROLE_SERVER);
+ } else {
+ exit_error(PARAMETER_PROBLEM,
+ "Unknown DCCP role `%s'", optarg);
+ }
+ *flags |= CT_DCCP_ROLE;
+ break;
}
return 1;
}