diff options
| author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-06-09 17:52:50 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-06-09 17:52:50 +0000 |
| commit | 3e093dbcb66b3bca23f603836510b1b3032d92a5 (patch) | |
| tree | cf832836d620fde87ebfe27497f9374a4901e0a6 /src | |
| parent | 8004cfdaa8c8467980d4390e9c9048937831595c (diff) | |
| download | conntrack-tools-3e093dbcb66b3bca23f603836510b1b3032d92a5.tar.gz conntrack-tools-3e093dbcb66b3bca23f603836510b1b3032d92a5.zip | |
- add support for `-L --src-nat' and `-L --dst-nat' to show natted connections
- update conntrack(8) manpage
Diffstat (limited to 'src')
| -rw-r--r-- | src/conntrack.c | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 2555f2e..a14ee4b 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -94,8 +94,8 @@ static struct option original_opts[] = { {"mark", 1, 0, 'm'}, {"id", 2, 0, 'i'}, /* deprecated */ {"family", 1, 0, 'f'}, - {"src-nat", 1, 0, 'n'}, - {"dst-nat", 1, 0, 'g'}, + {"src-nat", 2, 0, 'n'}, + {"dst-nat", 2, 0, 'g'}, {"output", 1, 0, 'o'}, {0, 0, 0, 0} }; @@ -119,13 +119,13 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /* Well, it's better than "Re: Linux vs FreeBSD" */ { /* s d r q p t u z e [ ] { } a m i f n g o */ -/*CT_LIST*/ {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2,0,0,2}, +/*CT_LIST*/ {2,2,2,2,2,0,0,2,0,0,0,0,0,0,2,2,2,2,2,2}, /*CT_CREATE*/ {2,2,2,2,1,1,1,0,0,0,0,0,0,2,2,0,0,2,2,0}, /*CT_UPDATE*/ {2,2,2,2,1,2,2,0,0,0,0,0,0,0,2,2,0,0,0,0}, /*CT_DELETE*/ {2,2,2,2,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0}, /*CT_GET*/ {2,2,2,2,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,2}, /*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, -/*CT_EVENT*/ {2,2,2,2,2,0,0,0,2,0,0,0,0,0,2,0,0,0,0,2}, +/*CT_EVENT*/ {2,2,2,2,2,0,0,0,2,0,0,0,0,0,2,0,0,2,2,2}, /*VERSION*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, /*HELP*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}, /*EXP_LIST*/ {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0}, @@ -597,6 +597,18 @@ static int event_cb(enum nf_conntrack_msg_type type, unsigned int output_type = NFCT_O_DEFAULT; unsigned int output_flags = 0; + if (options & CT_OPT_SRC_NAT && options & CT_OPT_DST_NAT) { + if (!nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) && + !nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) + return NFCT_CB_CONTINUE; + } else if (options & CT_OPT_SRC_NAT && + !nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { + return NFCT_CB_CONTINUE; + } else if (options & CT_OPT_DST_NAT && + !nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { + return NFCT_CB_CONTINUE; + } + if (options & CT_COMPARISON && !nfct_compare(obj, ct)) return NFCT_CB_CONTINUE; @@ -626,6 +638,18 @@ static int dump_cb(enum nf_conntrack_msg_type type, unsigned int output_type = NFCT_O_DEFAULT; unsigned int output_flags = 0; + if (options & CT_OPT_SRC_NAT && options & CT_OPT_DST_NAT) { + if (!nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT) && + !nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) + return NFCT_CB_CONTINUE; + } else if (options & CT_OPT_SRC_NAT && + !nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { + return NFCT_CB_CONTINUE; + } else if (options & CT_OPT_DST_NAT && + !nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { + return NFCT_CB_CONTINUE; + } + if (options & CT_COMPARISON && !nfct_compare(obj, ct)) return NFCT_CB_CONTINUE; @@ -930,11 +954,15 @@ int main(int argc, char *argv[]) break; case 'n': options |= CT_OPT_SRC_NAT; + if (!optarg) + break; set_family(&family, AF_INET); nat_parse(optarg, 1, obj, CT_OPT_SRC_NAT); break; case 'g': options |= CT_OPT_DST_NAT; + if (!optarg) + break; set_family(&family, AF_INET); nat_parse(optarg, 1, obj, CT_OPT_DST_NAT); case 'm': |