diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-07 21:25:48 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-07 21:30:40 +0100 |
| commit | 167eb3e2028561ab2cc0f2b7b6ff9d24c56514f6 (patch) | |
| tree | cdebc4d6cdf46ef05962766313e0695cce0466c9 | |
| parent | a07ef78b7f3d6628f889f2f2167fb5e748eb567e (diff) | |
| download | conntrack-tools-167eb3e2028561ab2cc0f2b7b6ff9d24c56514f6.tar.gz conntrack-tools-167eb3e2028561ab2cc0f2b7b6ff9d24c56514f6.zip | |
conntrackd: fix parsing of expectation class, helper name and NAT
I forgot to modify the body of msg2exp to include the recently
committed support for the expectation class, helper name and NAT.
This patch fixes the problem.
Now in node-1 (primary), it shows:
proto=17 src=192.168.11.4 dst=192.168.10.5 sport=0 dport=5060 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.10.5 master-dst=192.168.11.4 sport=5060 dport=5060 PERMANENT class=0 helper=sip [active since 31s]
And it node-2 (secondary), it shows:
proto=17 src=192.168.11.4 dst=192.168.10.5 sport=0 dport=5060 mask-src=255.255.255.255 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=192.168.10.5 master-dst=192.168.11.4 sport=5060 dport=5060 PERMANENT class=0 helper=sip [active since 180s]
This has been tested with the SIP conntrack helper.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/parse.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/parse.c b/src/parse.c index 6695cc8..732bc44 100644 --- a/src/parse.c +++ b/src/parse.c @@ -426,7 +426,7 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) { int len; struct netattr *attr; - struct nf_conntrack *master, *expected, *mask; + struct nf_conntrack *master, *expected, *mask, *nat; if (remain < net->len) return -1; @@ -446,6 +446,10 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) if (mask == NULL) goto err_mask; + nat = nfct_new(); + if (nat == NULL) + goto err_nat; + while (len > ssizeof(struct netattr)) { ATTR_NETWORK2HOST(attr); if (attr->nta_len > len) @@ -473,8 +477,17 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) exp_h[attr->nta_attr].parse(mask, attr->nta_attr, NTA_DATA(attr)); break; + case ATTR_EXP_NAT_TUPLE: + exp_h[attr->nta_attr].parse(nat, attr->nta_attr, + NTA_DATA(attr)); + nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat); + break; case ATTR_EXP_TIMEOUT: case ATTR_EXP_FLAGS: + case ATTR_EXP_CLASS: + case ATTR_EXP_HELPER_NAME: + case ATTR_EXP_NAT_DIR: + case ATTR_EXP_FN: exp_h[attr->nta_attr].parse(exp, attr->nta_attr, NTA_DATA(attr)); break; @@ -495,9 +508,12 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain) nfct_destroy(mask); nfct_destroy(expected); nfct_destroy(master); + nfct_destroy(nat); return 0; err: + nfct_destroy(nat); +err_nat: nfct_destroy(mask); err_mask: nfct_destroy(expected); |