diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | extensions/libct_proto_sctp.c | 20 | ||||
-rw-r--r-- | extensions/libct_proto_tcp.c | 17 | ||||
-rw-r--r-- | extensions/libct_proto_udp.c | 17 | ||||
-rw-r--r-- | include/conntrack.h | 1 | ||||
-rw-r--r-- | src/conntrack.c | 2 | ||||
-rw-r--r-- | test.sh | 3 |
8 files changed, 63 insertions, 4 deletions
@@ -1,3 +1,8 @@ +2006-01-15 +<pablo@netfilter.org> + o Added missing parameters to set the ports of an expectation tuple + o Bumped version to 1.00beta2 + 2005-12-26 <pablo@netfilter.org> o add IPv6 support: main change diff --git a/configure.in b/configure.in index 5336a4d..2692b67 100644 --- a/configure.in +++ b/configure.in @@ -2,7 +2,7 @@ AC_INIT AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE(conntrack, 1.00beta1) +AM_INIT_AUTOMAKE(conntrack, 1.00beta2) #AM_CONFIG_HEADER(config.h) AC_PROG_CC diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 825cbd9..1c8f0d1 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -1,5 +1,6 @@ /* * (C) 2005 by Harald Welte <laforge@netfilter.org> + * 2006 by Pablo Neira Ayuso <pablo@netfilter.org> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,7 +22,9 @@ static struct option opts[] = { {"orig-port-dst", 1, 0, '2'}, {"reply-port-src", 1, 0, '3'}, {"reply-port-dst", 1, 0, '4'}, - {"state", 1, 0, '7'}, + {"state", 1, 0, '5'}, + {"tuple-port-src", 1, 0, '6'}, + {"tuple-port-dst", 1, 0, '7'}, {0, 0, 0, 0} }; @@ -43,11 +46,14 @@ static void help() fprintf(stdout, "--reply-port-src reply source port\n"); fprintf(stdout, "--reply-port-dst reply destination port\n"); fprintf(stdout, "--state SCTP state, fe. ESTABLISHED\n"); + fprintf(stdout, "--tuple-port-src expectation tuple src port\n"); + fprintf(stdout, "--tuple-port-src expectation tuple dst port\n"); } static int parse_options(char c, char *argv[], struct nfct_tuple *orig, struct nfct_tuple *reply, + struct nfct_tuple *exptuple, struct nfct_tuple *mask, union nfct_protoinfo *proto, unsigned int *flags) @@ -95,6 +101,18 @@ static int parse_options(char c, char *argv[], *flags |= SCTP_STATE; } break; + case '6': + if (optarg) { + exptuple->l4src.sctp.port = htons(atoi(optarg)); + *flags |= SCTP_EXPTUPLE_SPORT; + } + break; + case '7': + if (optarg) { + exptuple->l4dst.sctp.port = htons(atoi(optarg)); + *flags |= SCTP_EXPTUPLE_DPORT; + } + } return 1; } diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 35fa292..ee24206 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -25,6 +25,8 @@ static struct option opts[] = { {"mask-port-src", 1, 0, '5'}, {"mask-port-dst", 1, 0, '6'}, {"state", 1, 0, '7'}, + {"tuple-port-src", 1, 0, '8'}, + {"tuple-port-dst", 1, 0, '9'}, {0, 0, 0, 0} }; @@ -49,12 +51,15 @@ static void help() fprintf(stdout, "--reply-port-dst reply destination port\n"); fprintf(stdout, "--mask-port-src mask source port\n"); fprintf(stdout, "--mask-port-dst mask destination port\n"); + fprintf(stdout, "--tuple-port-src expectation tuple src port\n"); + fprintf(stdout, "--tuple-port-src expectation tuple dst port\n"); fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n"); } static int parse_options(char c, char *argv[], struct nfct_tuple *orig, struct nfct_tuple *reply, + struct nfct_tuple *exptuple, struct nfct_tuple *mask, union nfct_protoinfo *proto, unsigned int *flags) @@ -112,6 +117,18 @@ static int parse_options(char c, char *argv[], *flags |= TCP_STATE; } break; + case '8': + if (optarg) { + exptuple->l4src.tcp.port = htons(atoi(optarg)); + *flags |= TCP_EXPTUPLE_SPORT; + } + break; + case '9': + if (optarg) { + exptuple->l4dst.tcp.port = htons(atoi(optarg)); + *flags |= TCP_EXPTUPLE_DPORT; + } + break; } return 1; } diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 974e455..48079e0 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -22,6 +22,8 @@ static struct option opts[] = { {"reply-port-dst", 1, 0, '4'}, {"mask-port-src", 1, 0, '5'}, {"mask-port-dst", 1, 0, '6'}, + {"tuple-port-src", 1, 0, '7'}, + {"tuple-port-dst", 1, 0, '8'}, {0, 0, 0, 0} }; @@ -33,11 +35,14 @@ static void help() fprintf(stdout, "--reply-port-dst reply destination port\n"); fprintf(stdout, "--mask-port-src mask source port\n"); fprintf(stdout, "--mask-port-dst mask destination port\n"); + fprintf(stdout, "--tuple-port-src expectation tuple src port\n"); + fprintf(stdout, "--tuple-port-src expectation tuple dst port\n"); } static int parse_options(char c, char *argv[], struct nfct_tuple *orig, struct nfct_tuple *reply, + struct nfct_tuple *exptuple, struct nfct_tuple *mask, union nfct_protoinfo *proto, unsigned int *flags) @@ -79,6 +84,18 @@ static int parse_options(char c, char *argv[], *flags |= UDP_MASK_DPORT; } break; + case '7': + if (optarg) { + exptuple->l4src.udp.port = htons(atoi(optarg)); + *flags |= UDP_EXPTUPLE_SPORT; + } + break; + case '8': + if (optarg) { + exptuple->l4dst.udp.port = htons(atoi(optarg)); + *flags |= UDP_EXPTUPLE_DPORT; + } + } return 1; } diff --git a/include/conntrack.h b/include/conntrack.h index e9f1946..9f5768d 100644 --- a/include/conntrack.h +++ b/include/conntrack.h @@ -134,6 +134,7 @@ struct ctproto_handler { int (*parse_opts)(char c, char *argv[], struct nfct_tuple *orig, struct nfct_tuple *reply, + struct nfct_tuple *exptuple, struct nfct_tuple *mask, union nfct_protoinfo *proto, unsigned int *flags); diff --git a/src/conntrack.c b/src/conntrack.c index b27cf47..f904344 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -812,7 +812,7 @@ int main(int argc, char *argv[]) default: if (h && h->parse_opts &&!h->parse_opts(c - h->option_offset, argv, &orig, - &reply, &mask, &proto, + &reply, &exptuple, &mask, &proto, &l4flags)) exit_error(PARAMETER_PROBLEM, "parse error\n"); @@ -78,7 +78,8 @@ case $1 in --tuple-src 4.4.4.4 --tuple-dst 5.5.5.5 \ --mask-src 255.255.255.0 --mask-dst 255.255.255.255 \ -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ - -t 200 --mask-port-src 10 --mask-port-dst 300 + -t 200 --tuple-port-src 10 --tuple-port-dst 300 \ + --mask-port-src 10 --mask-port-dst 300 ;; get-expect) $CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \ |