summaryrefslogtreecommitdiff
path: root/extensions/libct_proto_tcp.c
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-03 22:33:53 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-03 22:33:53 +0000
commit5891b45e0eee0307a29ed5103fe6d596f6a37ebd (patch)
tree4da61210c620c3dc173257bf556f83627e52f7d6 /extensions/libct_proto_tcp.c
parent2082ea8a70a1c3b7c8b47115f00fcbe70fac9ffa (diff)
downloadconntrack-tools-5891b45e0eee0307a29ed5103fe6d596f6a37ebd.tar.gz
conntrack-tools-5891b45e0eee0307a29ed5103fe6d596f6a37ebd.zip
o Add support to filter events. ie: -p tcp --orig-port-dst 80 in
conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
Diffstat (limited to 'extensions/libct_proto_tcp.c')
-rw-r--r--extensions/libct_proto_tcp.c78
1 files changed, 28 insertions, 50 deletions
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 3a01c0a..35fa292 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -13,6 +13,7 @@
#include <string.h>
#include <netinet/in.h> /* For htons */
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
#include "conntrack.h"
@@ -27,29 +28,6 @@ static struct option opts[] = {
{0, 0, 0, 0}
};
-enum tcp_param_flags {
- ORIG_SPORT_BIT = 0,
- ORIG_SPORT = (1 << ORIG_SPORT_BIT),
-
- ORIG_DPORT_BIT = 1,
- ORIG_DPORT = (1 << ORIG_DPORT_BIT),
-
- REPL_SPORT_BIT = 2,
- REPL_SPORT = (1 << REPL_SPORT_BIT),
-
- REPL_DPORT_BIT = 3,
- REPL_DPORT = (1 << REPL_DPORT_BIT),
-
- MASK_SPORT_BIT = 4,
- MASK_SPORT = (1 << MASK_SPORT_BIT),
-
- MASK_DPORT_BIT = 5,
- MASK_DPORT = (1 << MASK_DPORT_BIT),
-
- STATE_BIT = 6,
- STATE = (1 << STATE_BIT)
-};
-
static const char *states[] = {
"NONE",
"SYN_SENT",
@@ -63,7 +41,7 @@ static const char *states[] = {
"LISTEN"
};
-void help()
+static void help()
{
fprintf(stdout, "--orig-port-src original source port\n");
fprintf(stdout, "--orig-port-dst original destination port\n");
@@ -74,48 +52,48 @@ void help()
fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n");
}
-int parse_options(char c, char *argv[],
- struct nfct_tuple *orig,
- struct nfct_tuple *reply,
- struct nfct_tuple *mask,
- union nfct_protoinfo *proto,
- unsigned int *flags)
+static int parse_options(char c, char *argv[],
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply,
+ struct nfct_tuple *mask,
+ union nfct_protoinfo *proto,
+ unsigned int *flags)
{
switch(c) {
case '1':
if (optarg) {
orig->l4src.tcp.port = htons(atoi(optarg));
- *flags |= ORIG_SPORT;
+ *flags |= TCP_ORIG_SPORT;
}
break;
case '2':
if (optarg) {
orig->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= ORIG_DPORT;
+ *flags |= TCP_ORIG_DPORT;
}
break;
case '3':
if (optarg) {
reply->l4src.tcp.port = htons(atoi(optarg));
- *flags |= REPL_SPORT;
+ *flags |= TCP_REPL_SPORT;
}
break;
case '4':
if (optarg) {
reply->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= REPL_DPORT;
+ *flags |= TCP_REPL_DPORT;
}
break;
case '5':
if (optarg) {
mask->l4src.tcp.port = htons(atoi(optarg));
- *flags |= MASK_SPORT;
+ *flags |= TCP_MASK_SPORT;
}
break;
case '6':
if (optarg) {
mask->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= MASK_DPORT;
+ *flags |= TCP_MASK_DPORT;
}
break;
case '7':
@@ -131,37 +109,37 @@ int parse_options(char c, char *argv[],
printf("doh?\n");
return 0;
}
- *flags |= STATE;
+ *flags |= TCP_STATE;
}
break;
}
return 1;
}
-int final_check(unsigned int flags,
- unsigned int command,
- struct nfct_tuple *orig,
- struct nfct_tuple *reply)
+static int final_check(unsigned int flags,
+ unsigned int command,
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply)
{
int ret = 0;
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && !(flags & (REPL_SPORT|REPL_DPORT))) {
+ if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && !(flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
reply->l4src.tcp.port = orig->l4dst.tcp.port;
reply->l4dst.tcp.port = orig->l4src.tcp.port;
ret = 1;
- } else if (!(flags & (ORIG_SPORT|ORIG_DPORT))
- && (flags & (REPL_SPORT|REPL_DPORT))) {
+ } else if (!(flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && (flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
orig->l4src.tcp.port = reply->l4dst.tcp.port;
orig->l4dst.tcp.port = reply->l4src.tcp.port;
ret = 1;
}
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && ((flags & (REPL_SPORT|REPL_DPORT))))
+ if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && ((flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))))
ret = 1;
/* --state is missing and we are trying to create a conntrack */
- if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ if (ret && (command & CT_CREATE) && (!(flags & TCP_STATE)))
ret = 0;
return ret;
@@ -177,9 +155,9 @@ static struct ctproto_handler tcp = {
.version = VERSION,
};
-void __attribute__ ((constructor)) init(void);
+static void __attribute__ ((constructor)) init(void);
-void init(void)
+static void init(void)
{
register_proto(&tcp);
}