diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-10-07 13:09:22 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org> | 2005-10-07 13:09:22 +0000 |
commit | cce8dd1bd45465dd9b18e4f02b5d007cb39079b0 (patch) | |
tree | 633f143402a6ecabe094c79e0e31ab81e28bab3a | |
parent | f179e8af468c573d4a643fcd38980e0beeeecdbc (diff) | |
download | conntrack-tools-cce8dd1bd45465dd9b18e4f02b5d007cb39079b0.tar.gz conntrack-tools-cce8dd1bd45465dd9b18e4f02b5d007cb39079b0.zip |
See Changelog
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | extensions/libct_proto_icmp.c | 32 | ||||
-rw-r--r-- | src/libct.c | 2 |
3 files changed, 33 insertions, 8 deletions
@@ -1,3 +1,10 @@ +2005-10-07 +<chentschel@iplan.com.ar> + o Fixed ICMP options +<pablo@netfilter.org> + o Multiple fixes for the ICMP protocol handler + o Fix ICMP output: wrong output. type and code were set to zero. + 2005-10-05 <pablo@netfilter.org> o Fix up counters diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index 817fc77..be81507 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -12,12 +12,13 @@ #include <getopt.h> #include <stdlib.h> #include <netinet/in.h> /* For htons */ +#include <netinet/ip_icmp.h> #include "libct_proto.h" static struct option opts[] = { - {"--icmp-type", 1, 0, '1'}, - {"--icmp-code", 1, 0, '2'}, - {"--icmp-id", 1, 0, '3'}, + {"icmp-type", 1, 0, '1'}, + {"icmp-code", 1, 0, '2'}, + {"icmp-id", 1, 0, '3'}, {0, 0, 0, 0} }; @@ -39,6 +40,17 @@ void help() fprintf(stdout, "--icmp-id icmp id\n"); } +/* Add 1; spaces filled with 0. */ +static u_int8_t invmap[] + = { [ICMP_ECHO] = ICMP_ECHOREPLY + 1, + [ICMP_ECHOREPLY] = ICMP_ECHO + 1, + [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, + [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, + [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, + [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, + [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, + [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1}; + int parse(char c, char *argv[], struct ctnl_tuple *orig, struct ctnl_tuple *reply, @@ -50,18 +62,22 @@ int parse(char c, char *argv[], case '1': if (optarg) { orig->l4dst.icmp.type = atoi(optarg); + reply->l4dst.icmp.type = + invmap[orig->l4dst.icmp.type] - 1; *flags |= ICMP_TYPE; } break; case '2': if (optarg) { orig->l4dst.icmp.code = atoi(optarg); + reply->l4dst.icmp.code = 0; *flags |= ICMP_CODE; } break; case '3': if (optarg) { orig->l4src.icmp.id = atoi(optarg); + reply->l4dst.icmp.id = 0; *flags |= ICMP_ID; } break; @@ -81,7 +97,7 @@ void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) if (cda[CTA_PROTO_ICMP_ID-1]) tuple->l4src.icmp.id = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); + *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); } int final_check(unsigned int flags, @@ -98,9 +114,11 @@ int final_check(unsigned int flags, void print_proto(struct ctnl_tuple *t) { - fprintf(stdout, "type=%d code=%d id=%d ", t->l4dst.icmp.type, - t->l4dst.icmp.code, - t->l4src.icmp.id); + fprintf(stdout, "type=%d code=%d ", t->l4dst.icmp.type, + t->l4dst.icmp.code); + /* ID only makes sense with ECHO */ + if (t->l4dst.icmp.type == 8) + fprintf(stdout, "id=%d ", t->l4src.icmp.id); } static struct ctproto_handler icmp = { diff --git a/src/libct.c b/src/libct.c index 16ec4db..36aacbd 100644 --- a/src/libct.c +++ b/src/libct.c @@ -70,7 +70,7 @@ static void parse_proto(struct nfattr *attr, struct ctnl_tuple *tuple) memset(tb, 0, CTA_PROTO_MAX * sizeof(struct nfattr *)); - nfnl_parse_nested(tb, CTA_IP_MAX, attr); + nfnl_parse_nested(tb, CTA_PROTO_MAX, attr); if (tb[CTA_PROTO_NUM-1]) tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]); |