summaryrefslogtreecommitdiff
path: root/extensions
diff options
context:
space:
mode:
author/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-03 22:33:53 +0000
committer/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>2005-12-03 22:33:53 +0000
commit5891b45e0eee0307a29ed5103fe6d596f6a37ebd (patch)
tree4da61210c620c3dc173257bf556f83627e52f7d6 /extensions
parent2082ea8a70a1c3b7c8b47115f00fcbe70fac9ffa (diff)
downloadconntrack-tools-5891b45e0eee0307a29ed5103fe6d596f6a37ebd.tar.gz
conntrack-tools-5891b45e0eee0307a29ed5103fe6d596f6a37ebd.zip
o Add support to filter events. ie: -p tcp --orig-port-dst 80 in
conjuction with -E to get all the requests to HTTP servers o Update manpage o Missing static function declaration in the protocol handlers o Use protocol flags defined in libnetfilter_conntrack o Kill leftover #include "conntrack.h" in the ICMP helper o Bumped version to 0.991
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libct_proto_icmp.c39
-rw-r--r--extensions/libct_proto_sctp.c44
-rw-r--r--extensions/libct_proto_tcp.c78
-rw-r--r--extensions/libct_proto_udp.c71
4 files changed, 82 insertions, 150 deletions
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index dc7374e..afae25e 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -14,7 +14,7 @@
#include <netinet/in.h> /* For htons */
#include <netinet/ip_icmp.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include "conntrack.h"
+#include <libnetfilter_conntrack/libnetfilter_conntrack_icmp.h>
static struct option opts[] = {
{"icmp-type", 1, 0, '1'},
@@ -23,18 +23,7 @@ static struct option opts[] = {
{0, 0, 0, 0}
};
-enum icmp_param_flags {
- ICMP_TYPE_BIT = 0,
- ICMP_TYPE = (1 << ICMP_TYPE_BIT),
-
- ICMP_CODE_BIT = 1,
- ICMP_CODE = (1 << ICMP_CODE_BIT),
-
- ICMP_ID_BIT = 2,
- ICMP_ID = (1 << ICMP_ID_BIT)
-};
-
-void help()
+static void help()
{
fprintf(stdout, "--icmp-type icmp type\n");
fprintf(stdout, "--icmp-code icmp code\n");
@@ -52,12 +41,12 @@ static u_int8_t invmap[]
[ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
[ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1};
-int parse(char c, char *argv[],
- struct nfct_tuple *orig,
- struct nfct_tuple *reply,
- struct nfct_tuple *mask,
- union nfct_protoinfo *proto,
- unsigned int *flags)
+static int parse(char c, char *argv[],
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply,
+ struct nfct_tuple *mask,
+ union nfct_protoinfo *proto,
+ unsigned int *flags)
{
switch(c) {
case '1':
@@ -86,10 +75,10 @@ int parse(char c, char *argv[],
return 1;
}
-int final_check(unsigned int flags,
- unsigned int command,
- struct nfct_tuple *orig,
- struct nfct_tuple *reply)
+static int final_check(unsigned int flags,
+ unsigned int command,
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply)
{
if (!(flags & ICMP_TYPE))
return 0;
@@ -109,9 +98,9 @@ static struct ctproto_handler icmp = {
.version = VERSION,
};
-void __attribute__ ((constructor)) init(void);
+static void __attribute__ ((constructor)) init(void);
-void init(void)
+static void init(void)
{
register_proto(&icmp);
}
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 64cfd23..7ff1dcf 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -14,6 +14,7 @@
#include <netinet/in.h> /* For htons */
#include "conntrack.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_sctp.h>
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
@@ -24,23 +25,6 @@ static struct option opts[] = {
{0, 0, 0, 0}
};
-enum sctp_param_flags {
- ORIG_SPORT_BIT = 0,
- ORIG_SPORT = (1 << ORIG_SPORT_BIT),
-
- ORIG_DPORT_BIT = 1,
- ORIG_DPORT = (1 << ORIG_DPORT_BIT),
-
- REPL_SPORT_BIT = 2,
- REPL_SPORT = (1 << REPL_SPORT_BIT),
-
- REPL_DPORT_BIT = 3,
- REPL_DPORT = (1 << REPL_DPORT_BIT),
-
- STATE_BIT = 4,
- STATE = (1 << STATE_BIT)
-};
-
static const char *states[] = {
"NONE",
"CLOSED",
@@ -52,7 +36,7 @@ static const char *states[] = {
"SHUTDOWN_ACK_SENT",
};
-void help()
+static void help()
{
fprintf(stdout, "--orig-port-src original source port\n");
fprintf(stdout, "--orig-port-dst original destination port\n");
@@ -61,12 +45,12 @@ void help()
fprintf(stdout, "--state SCTP state, fe. ESTABLISHED\n");
}
-int parse_options(char c, char *argv[],
- struct nfct_tuple *orig,
- struct nfct_tuple *reply,
- struct nfct_tuple *mask,
- union nfct_protoinfo *proto,
- unsigned int *flags)
+static int parse_options(char c, char *argv[],
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply,
+ struct nfct_tuple *mask,
+ union nfct_protoinfo *proto,
+ unsigned int *flags)
{
switch(c) {
case '1':
@@ -115,10 +99,10 @@ int parse_options(char c, char *argv[],
return 1;
}
-int final_check(unsigned int flags,
- unsigned int command,
- struct nfct_tuple *orig,
- struct nfct_tuple *reply)
+static int final_check(unsigned int flags,
+ unsigned int command,
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply)
{
int ret = 0;
@@ -154,9 +138,9 @@ static struct ctproto_handler sctp = {
.version = VERSION,
};
-void __attribute__ ((constructor)) init(void);
+static void __attribute__ ((constructor)) init(void);
-void init(void)
+static void init(void)
{
register_proto(&sctp);
}
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 3a01c0a..35fa292 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -13,6 +13,7 @@
#include <string.h>
#include <netinet/in.h> /* For htons */
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
#include "conntrack.h"
@@ -27,29 +28,6 @@ static struct option opts[] = {
{0, 0, 0, 0}
};
-enum tcp_param_flags {
- ORIG_SPORT_BIT = 0,
- ORIG_SPORT = (1 << ORIG_SPORT_BIT),
-
- ORIG_DPORT_BIT = 1,
- ORIG_DPORT = (1 << ORIG_DPORT_BIT),
-
- REPL_SPORT_BIT = 2,
- REPL_SPORT = (1 << REPL_SPORT_BIT),
-
- REPL_DPORT_BIT = 3,
- REPL_DPORT = (1 << REPL_DPORT_BIT),
-
- MASK_SPORT_BIT = 4,
- MASK_SPORT = (1 << MASK_SPORT_BIT),
-
- MASK_DPORT_BIT = 5,
- MASK_DPORT = (1 << MASK_DPORT_BIT),
-
- STATE_BIT = 6,
- STATE = (1 << STATE_BIT)
-};
-
static const char *states[] = {
"NONE",
"SYN_SENT",
@@ -63,7 +41,7 @@ static const char *states[] = {
"LISTEN"
};
-void help()
+static void help()
{
fprintf(stdout, "--orig-port-src original source port\n");
fprintf(stdout, "--orig-port-dst original destination port\n");
@@ -74,48 +52,48 @@ void help()
fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n");
}
-int parse_options(char c, char *argv[],
- struct nfct_tuple *orig,
- struct nfct_tuple *reply,
- struct nfct_tuple *mask,
- union nfct_protoinfo *proto,
- unsigned int *flags)
+static int parse_options(char c, char *argv[],
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply,
+ struct nfct_tuple *mask,
+ union nfct_protoinfo *proto,
+ unsigned int *flags)
{
switch(c) {
case '1':
if (optarg) {
orig->l4src.tcp.port = htons(atoi(optarg));
- *flags |= ORIG_SPORT;
+ *flags |= TCP_ORIG_SPORT;
}
break;
case '2':
if (optarg) {
orig->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= ORIG_DPORT;
+ *flags |= TCP_ORIG_DPORT;
}
break;
case '3':
if (optarg) {
reply->l4src.tcp.port = htons(atoi(optarg));
- *flags |= REPL_SPORT;
+ *flags |= TCP_REPL_SPORT;
}
break;
case '4':
if (optarg) {
reply->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= REPL_DPORT;
+ *flags |= TCP_REPL_DPORT;
}
break;
case '5':
if (optarg) {
mask->l4src.tcp.port = htons(atoi(optarg));
- *flags |= MASK_SPORT;
+ *flags |= TCP_MASK_SPORT;
}
break;
case '6':
if (optarg) {
mask->l4dst.tcp.port = htons(atoi(optarg));
- *flags |= MASK_DPORT;
+ *flags |= TCP_MASK_DPORT;
}
break;
case '7':
@@ -131,37 +109,37 @@ int parse_options(char c, char *argv[],
printf("doh?\n");
return 0;
}
- *flags |= STATE;
+ *flags |= TCP_STATE;
}
break;
}
return 1;
}
-int final_check(unsigned int flags,
- unsigned int command,
- struct nfct_tuple *orig,
- struct nfct_tuple *reply)
+static int final_check(unsigned int flags,
+ unsigned int command,
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply)
{
int ret = 0;
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && !(flags & (REPL_SPORT|REPL_DPORT))) {
+ if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && !(flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
reply->l4src.tcp.port = orig->l4dst.tcp.port;
reply->l4dst.tcp.port = orig->l4src.tcp.port;
ret = 1;
- } else if (!(flags & (ORIG_SPORT|ORIG_DPORT))
- && (flags & (REPL_SPORT|REPL_DPORT))) {
+ } else if (!(flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && (flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) {
orig->l4src.tcp.port = reply->l4dst.tcp.port;
orig->l4dst.tcp.port = reply->l4src.tcp.port;
ret = 1;
}
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && ((flags & (REPL_SPORT|REPL_DPORT))))
+ if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT))
+ && ((flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))))
ret = 1;
/* --state is missing and we are trying to create a conntrack */
- if (ret && (command & CT_CREATE) && (!(flags & STATE)))
+ if (ret && (command & CT_CREATE) && (!(flags & TCP_STATE)))
ret = 0;
return ret;
@@ -177,9 +155,9 @@ static struct ctproto_handler tcp = {
.version = VERSION,
};
-void __attribute__ ((constructor)) init(void);
+static void __attribute__ ((constructor)) init(void);
-void init(void)
+static void init(void)
{
register_proto(&tcp);
}
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index 958d464..974e455 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -13,6 +13,7 @@
#include <netinet/in.h> /* For htons */
#include "conntrack.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_udp.h>
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
@@ -24,27 +25,7 @@ static struct option opts[] = {
{0, 0, 0, 0}
};
-enum udp_param_flags {
- ORIG_SPORT_BIT = 0,
- ORIG_SPORT = (1 << ORIG_SPORT_BIT),
-
- ORIG_DPORT_BIT = 1,
- ORIG_DPORT = (1 << ORIG_DPORT_BIT),
-
- REPL_SPORT_BIT = 2,
- REPL_SPORT = (1 << REPL_SPORT_BIT),
-
- REPL_DPORT_BIT = 3,
- REPL_DPORT = (1 << REPL_DPORT_BIT),
-
- MASK_SPORT_BIT = 4,
- MASK_SPORT = (1 << MASK_SPORT_BIT),
-
- MASK_DPORT_BIT = 5,
- MASK_DPORT = (1 << MASK_DPORT_BIT),
-};
-
-void help()
+static void help()
{
fprintf(stdout, "--orig-port-src original source port\n");
fprintf(stdout, "--orig-port-dst original destination port\n");
@@ -54,72 +35,72 @@ void help()
fprintf(stdout, "--mask-port-dst mask destination port\n");
}
-int parse_options(char c, char *argv[],
- struct nfct_tuple *orig,
- struct nfct_tuple *reply,
- struct nfct_tuple *mask,
- union nfct_protoinfo *proto,
- unsigned int *flags)
+static int parse_options(char c, char *argv[],
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply,
+ struct nfct_tuple *mask,
+ union nfct_protoinfo *proto,
+ unsigned int *flags)
{
switch(c) {
case '1':
if (optarg) {
orig->l4src.udp.port = htons(atoi(optarg));
- *flags |= ORIG_SPORT;
+ *flags |= UDP_ORIG_SPORT;
}
break;
case '2':
if (optarg) {
orig->l4dst.udp.port = htons(atoi(optarg));
- *flags |= ORIG_DPORT;
+ *flags |= UDP_ORIG_DPORT;
}
break;
case '3':
if (optarg) {
reply->l4src.udp.port = htons(atoi(optarg));
- *flags |= REPL_SPORT;
+ *flags |= UDP_REPL_SPORT;
}
break;
case '4':
if (optarg) {
reply->l4dst.udp.port = htons(atoi(optarg));
- *flags |= REPL_DPORT;
+ *flags |= UDP_REPL_DPORT;
}
break;
case '5':
if (optarg) {
mask->l4src.udp.port = htons(atoi(optarg));
- *flags |= MASK_SPORT;
+ *flags |= UDP_MASK_SPORT;
}
break;
case '6':
if (optarg) {
mask->l4dst.udp.port = htons(atoi(optarg));
- *flags |= MASK_DPORT;
+ *flags |= UDP_MASK_DPORT;
}
break;
}
return 1;
}
-int final_check(unsigned int flags,
- unsigned int command,
- struct nfct_tuple *orig,
- struct nfct_tuple *reply)
+static int final_check(unsigned int flags,
+ unsigned int command,
+ struct nfct_tuple *orig,
+ struct nfct_tuple *reply)
{
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && !(flags & (REPL_SPORT|REPL_DPORT))) {
+ if ((flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT))
+ && !(flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) {
reply->l4src.udp.port = orig->l4dst.udp.port;
reply->l4dst.udp.port = orig->l4src.udp.port;
return 1;
- } else if (!(flags & (ORIG_SPORT|ORIG_DPORT))
- && (flags & (REPL_SPORT|REPL_DPORT))) {
+ } else if (!(flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT))
+ && (flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) {
orig->l4src.udp.port = reply->l4dst.udp.port;
orig->l4dst.udp.port = reply->l4src.udp.port;
return 1;
}
- if ((flags & (ORIG_SPORT|ORIG_DPORT))
- && ((flags & (REPL_SPORT|REPL_DPORT))))
+ if ((flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT))
+ && ((flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))))
return 1;
return 0;
@@ -135,9 +116,9 @@ static struct ctproto_handler udp = {
.version = VERSION,
};
-void __attribute__ ((constructor)) init(void);
+static void __attribute__ ((constructor)) init(void);
-void init(void)
+static void init(void)
{
register_proto(&udp);
}