summaryrefslogtreecommitdiff
path: root/src/read_config_yy.y
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-03-13 14:00:59 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-03-13 14:00:59 +0100
commit41e8560ea7c09533d03f523380c1cb5c62d87261 (patch)
tree684fdff336751ef76b1527c8f9de6af968701b4c /src/read_config_yy.y
parent338d8fc2da19f5d6a75c339d9e6ecac43b68a1e4 (diff)
downloadconntrack-tools-41e8560ea7c09533d03f523380c1cb5c62d87261.tar.gz
conntrack-tools-41e8560ea7c09533d03f523380c1cb5c62d87261.zip
sync-mode: add unicast UDP support to propagate state-changes
This patch adds support for unicast UDP to the channel infrastructure. With this patch, you can select UDP unicast to propagate state-changes instead of multicast. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r--src/read_config_yy.y170
1 files changed, 155 insertions, 15 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index b3a2640..cfcd574 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -38,7 +38,7 @@ struct ct_conf conf;
static void __kernel_filter_start(void);
static void __kernel_filter_add_state(int value);
-static void __max_mcast_dedicated_links_reached(void);
+static void __max_dedicated_links_reached(void);
%}
%union {
@@ -58,10 +58,10 @@ static void __max_mcast_dedicated_links_reached(void);
%token T_ESTABLISHED T_SYN_SENT T_SYN_RECV T_FIN_WAIT
%token T_CLOSE_WAIT T_LAST_ACK T_TIME_WAIT T_CLOSE T_LISTEN
%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT
-%token T_MCAST_RCVBUFF T_MCAST_SNDBUFF T_NOTRACK T_POLL_SECS
+%token T_RCVBUFF T_SNDBUFF T_NOTRACK T_POLL_SECS
%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
-%token T_NETLINK_OVERRUN_RESYNC T_NICE
+%token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
%token <string> T_IP T_PATH_VAL
%token <val> T_NUMBER
@@ -256,6 +256,13 @@ ignore_traffic_option : T_IPV6_ADDR T_IP
multicast_line : T_MULTICAST '{' multicast_options '}'
{
+ if (conf.channel_type_global != CHANNEL_NONE &&
+ conf.channel_type_global != CHANNEL_MCAST) {
+ fprintf(stderr, "ERROR: Cannot use `Multicast' with other "
+ "dedicated link protocols!\n");
+ exit(EXIT_FAILURE);
+ }
+ conf.channel_type_global = CHANNEL_MCAST;
conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST;
conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED;
conf.channel_num++;
@@ -263,6 +270,13 @@ multicast_line : T_MULTICAST '{' multicast_options '}'
multicast_line : T_MULTICAST T_DEFAULT '{' multicast_options '}'
{
+ if (conf.channel_type_global != CHANNEL_NONE &&
+ conf.channel_type_global != CHANNEL_MCAST) {
+ fprintf(stderr, "ERROR: Cannot use `Multicast' with other "
+ "dedicated link protocols!\n");
+ exit(EXIT_FAILURE);
+ }
+ conf.channel_type_global = CHANNEL_MCAST;
conf.channel[conf.channel_num].channel_type = CHANNEL_MCAST;
conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT |
CHANNEL_F_BUFFERED;
@@ -275,7 +289,7 @@ multicast_options :
multicast_option : T_IPV4_ADDR T_IP
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.in)) {
fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
@@ -294,7 +308,7 @@ multicast_option : T_IPV4_ADDR T_IP
multicast_option : T_IPV6_ADDR T_IP
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
@@ -333,7 +347,7 @@ multicast_option : T_IPV6_ADDR T_IP
multicast_option : T_IPV4_IFACE T_IP
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
if (!inet_aton($2, &conf.channel[conf.channel_num].u.mcast.ifa)) {
fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
@@ -359,7 +373,7 @@ multicast_option : T_IFACE T_STRING
{
unsigned int idx;
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
strncpy(conf.channel[conf.channel_num].u.mcast.iface, $2, IFNAMSIZ);
@@ -385,34 +399,159 @@ multicast_option : T_BACKLOG T_NUMBER
multicast_option : T_GROUP T_NUMBER
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
conf.channel[conf.channel_num].u.mcast.port = $2;
};
-multicast_option: T_MCAST_SNDBUFF T_NUMBER
+multicast_option: T_SNDBUFF T_NUMBER
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
conf.channel[conf.channel_num].u.mcast.sndbuf = $2;
};
-multicast_option: T_MCAST_RCVBUFF T_NUMBER
+multicast_option: T_RCVBUFF T_NUMBER
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
conf.channel[conf.channel_num].u.mcast.rcvbuf = $2;
};
multicast_option: T_CHECKSUM T_ON
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
conf.channel[conf.channel_num].u.mcast.checksum = 0;
};
multicast_option: T_CHECKSUM T_OFF
{
- __max_mcast_dedicated_links_reached();
+ __max_dedicated_links_reached();
conf.channel[conf.channel_num].u.mcast.checksum = 1;
};
+udp_line : T_UDP '{' udp_options '}'
+{
+ if (conf.channel_type_global != CHANNEL_NONE &&
+ conf.channel_type_global != CHANNEL_UDP) {
+ fprintf(stderr, "ERROR: Cannot use `UDP' with other "
+ "dedicated link protocols!\n");
+ exit(EXIT_FAILURE);
+ }
+ conf.channel_type_global = CHANNEL_UDP;
+ conf.channel[conf.channel_num].channel_type = CHANNEL_UDP;
+ conf.channel[conf.channel_num].channel_flags = CHANNEL_F_BUFFERED;
+ conf.channel_num++;
+};
+
+udp_line : T_UDP T_DEFAULT '{' udp_options '}'
+{
+ if (conf.channel_type_global != CHANNEL_NONE &&
+ conf.channel_type_global != CHANNEL_UDP) {
+ fprintf(stderr, "ERROR: Cannot use `UDP' with other "
+ "dedicated link protocols!\n");
+ exit(EXIT_FAILURE);
+ }
+ conf.channel_type_global = CHANNEL_UDP;
+ conf.channel[conf.channel_num].channel_type = CHANNEL_UDP;
+ conf.channel[conf.channel_num].channel_flags = CHANNEL_F_DEFAULT |
+ CHANNEL_F_BUFFERED;
+ conf.channel_default = conf.channel_num;
+ conf.channel_num++;
+};
+
+udp_options :
+ | udp_options udp_option;
+
+udp_option : T_IPV4_ADDR T_IP
+{
+ __max_dedicated_links_reached();
+
+ if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server)) {
+ fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
+ break;
+ }
+ conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
+};
+
+udp_option : T_IPV6_ADDR T_IP
+{
+ __max_dedicated_links_reached();
+
+#ifdef HAVE_INET_PTON_IPV6
+ if (inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.udp.server) <= 0) {
+ fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
+ break;
+ }
+#else
+ fprintf(stderr, "Cannot find inet_pton(), IPv6 unsupported!");
+ break;
+#endif
+ conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
+};
+
+udp_option : T_IPV4_DEST_ADDR T_IP
+{
+ __max_dedicated_links_reached();
+
+ if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.client)) {
+ fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
+ break;
+ }
+ conf.channel[conf.channel_num].u.udp.ipproto = AF_INET;
+};
+
+udp_option : T_IPV6_DEST_ADDR T_IP
+{
+ __max_dedicated_links_reached();
+
+#ifdef HAVE_INET_PTON_IPV6
+ if (inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.udp.client) <= 0) {
+ fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
+ break;
+ }
+#else
+ fprintf(stderr, "Cannot find inet_pton(), IPv6 unsupported!");
+ break;
+#endif
+ conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
+};
+
+udp_option : T_IFACE T_STRING
+{
+ __max_dedicated_links_reached();
+ strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+};
+
+udp_option : T_PORT T_NUMBER
+{
+ __max_dedicated_links_reached();
+ conf.channel[conf.channel_num].u.udp.port = $2;
+};
+
+udp_option: T_SNDBUFF T_NUMBER
+{
+ __max_dedicated_links_reached();
+ conf.channel[conf.channel_num].u.udp.sndbuf = $2;
+};
+
+udp_option: T_RCVBUFF T_NUMBER
+{
+ __max_dedicated_links_reached();
+ conf.channel[conf.channel_num].u.udp.rcvbuf = $2;
+};
+
+udp_option: T_CHECKSUM T_ON
+{
+ __max_dedicated_links_reached();
+ conf.channel[conf.channel_num].u.udp.checksum = 0;
+};
+
+udp_option: T_CHECKSUM T_OFF
+{
+ __max_dedicated_links_reached();
+ conf.channel[conf.channel_num].u.udp.checksum = 1;
+};
+
hashsize : T_HASHSIZE T_NUMBER
{
conf.hashsize = $2;
@@ -493,6 +632,7 @@ sync_line: refreshtime
| purge
| checksum
| multicast_line
+ | udp_line
| relax_transitions
| delay_destroy_msgs
| sync_mode_alarm
@@ -1133,7 +1273,7 @@ static void __kernel_filter_add_state(int value)
&filter_proto);
}
-static void __max_mcast_dedicated_links_reached(void)
+static void __max_dedicated_links_reached(void)
{
if (conf.channel_num >= MULTICHANNEL_MAX) {
fprintf(stderr, "ERROR: too many dedicated links in "