summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-10-07 13:09:22 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-10-07 13:09:22 +0000
commitcce8dd1bd45465dd9b18e4f02b5d007cb39079b0 (patch)
tree633f143402a6ecabe094c79e0e31ab81e28bab3a
parentf179e8af468c573d4a643fcd38980e0beeeecdbc (diff)
downloadconntrack-tools-cce8dd1bd45465dd9b18e4f02b5d007cb39079b0.tar.gz
conntrack-tools-cce8dd1bd45465dd9b18e4f02b5d007cb39079b0.zip
See Changelog
-rw-r--r--ChangeLog7
-rw-r--r--extensions/libct_proto_icmp.c32
-rw-r--r--src/libct.c2
3 files changed, 33 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index f9b93a2..1a44a43 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-10-07
+<chentschel@iplan.com.ar>
+ o Fixed ICMP options
+<pablo@netfilter.org>
+ o Multiple fixes for the ICMP protocol handler
+ o Fix ICMP output: wrong output. type and code were set to zero.
+
2005-10-05
<pablo@netfilter.org>
o Fix up counters
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index 817fc77..be81507 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -12,12 +12,13 @@
#include <getopt.h>
#include <stdlib.h>
#include <netinet/in.h> /* For htons */
+#include <netinet/ip_icmp.h>
#include "libct_proto.h"
static struct option opts[] = {
- {"--icmp-type", 1, 0, '1'},
- {"--icmp-code", 1, 0, '2'},
- {"--icmp-id", 1, 0, '3'},
+ {"icmp-type", 1, 0, '1'},
+ {"icmp-code", 1, 0, '2'},
+ {"icmp-id", 1, 0, '3'},
{0, 0, 0, 0}
};
@@ -39,6 +40,17 @@ void help()
fprintf(stdout, "--icmp-id icmp id\n");
}
+/* Add 1; spaces filled with 0. */
+static u_int8_t invmap[]
+ = { [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
+ [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
+ [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
+ [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
+ [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
+ [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
+ [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
+ [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};
+
int parse(char c, char *argv[],
struct ctnl_tuple *orig,
struct ctnl_tuple *reply,
@@ -50,18 +62,22 @@ int parse(char c, char *argv[],
case '1':
if (optarg) {
orig->l4dst.icmp.type = atoi(optarg);
+ reply->l4dst.icmp.type =
+ invmap[orig->l4dst.icmp.type] - 1;
*flags |= ICMP_TYPE;
}
break;
case '2':
if (optarg) {
orig->l4dst.icmp.code = atoi(optarg);
+ reply->l4dst.icmp.code = 0;
*flags |= ICMP_CODE;
}
break;
case '3':
if (optarg) {
orig->l4src.icmp.id = atoi(optarg);
+ reply->l4dst.icmp.id = 0;
*flags |= ICMP_ID;
}
break;
@@ -81,7 +97,7 @@ void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple)
if (cda[CTA_PROTO_ICMP_ID-1])
tuple->l4src.icmp.id =
- *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
+ *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
}
int final_check(unsigned int flags,
@@ -98,9 +114,11 @@ int final_check(unsigned int flags,
void print_proto(struct ctnl_tuple *t)
{
- fprintf(stdout, "type=%d code=%d id=%d ", t->l4dst.icmp.type,
- t->l4dst.icmp.code,
- t->l4src.icmp.id);
+ fprintf(stdout, "type=%d code=%d ", t->l4dst.icmp.type,
+ t->l4dst.icmp.code);
+ /* ID only makes sense with ECHO */
+ if (t->l4dst.icmp.type == 8)
+ fprintf(stdout, "id=%d ", t->l4src.icmp.id);
}
static struct ctproto_handler icmp = {
diff --git a/src/libct.c b/src/libct.c
index 16ec4db..36aacbd 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -70,7 +70,7 @@ static void parse_proto(struct nfattr *attr, struct ctnl_tuple *tuple)
memset(tb, 0, CTA_PROTO_MAX * sizeof(struct nfattr *));
- nfnl_parse_nested(tb, CTA_IP_MAX, attr);
+ nfnl_parse_nested(tb, CTA_PROTO_MAX, attr);
if (tb[CTA_PROTO_NUM-1])
tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);