diff options
-rw-r--r-- | extensions/Makefile.am | 3 | ||||
-rw-r--r-- | extensions/libct_proto_tcp.c | 25 | ||||
-rw-r--r-- | extensions/libct_proto_udp.c | 24 | ||||
-rw-r--r-- | include/libct_proto.h | 2 | ||||
-rw-r--r-- | src/conntrack.c | 20 | ||||
-rw-r--r-- | test.sh | 7 |
6 files changed, 77 insertions, 4 deletions
diff --git a/extensions/Makefile.am b/extensions/Makefile.am index ae78346..ab29a6d 100644 --- a/extensions/Makefile.am +++ b/extensions/Makefile.am @@ -8,7 +8,8 @@ INCLUDES=-I../include -I/lib/modules/$(shell (uname -r))/build/include CFLAGS=-fPIC -Wall LIBS= -lib_LTLIBRARIES = libct_proto_tcp.la libct_proto_udp.la +lib_LTLIBRARIES = libct_proto_tcp.la libct_proto_udp.la libct_proto_icmp.la libct_proto_tcp_la_SOURCES = libct_proto_tcp.c libct_proto_udp_la_SOURCES = libct_proto_udp.c +libct_proto_icmp_la_SOURCES = libct_proto_icmp.c diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 58005b0..a2243dc 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -54,6 +54,15 @@ static const char *states[] = { "LISTEN" }; +void help() +{ + fprintf(stdout, "--orig-port-src original source port\n"); + fprintf(stdout, "--orig-port-dst original destination port\n"); + fprintf(stdout, "--reply-port-src reply source port\n"); + fprintf(stdout, "--reply-port-dst reply destination port\n"); + fprintf(stdout, "--state TCP state, fe. ESTABLISHED\n"); +} + int parse(char c, char *argv[], struct ip_conntrack_tuple *orig, struct ip_conntrack_tuple *reply, @@ -104,6 +113,20 @@ int parse(char c, char *argv[], return 1; } +int final_check(unsigned int flags) +{ + if (!(flags & ORIG_SPORT)) + return 0; + else if (!(flags & ORIG_DPORT)) + return 0; + else if (!(flags & REPL_SPORT)) + return 0; + else if (!(flags & REPL_DPORT)) + return 0; + + return 1; +} + void print_tuple(struct ip_conntrack_tuple *t) { fprintf(stdout, "sport=%d dport=%d ", ntohs(t->src.u.tcp.port), @@ -121,6 +144,8 @@ static struct ctproto_handler tcp = { .parse = parse, .print_tuple = print_tuple, .print_proto = print_proto, + .final_check = final_check, + .help = help, .opts = opts }; diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 5675a05..8e20bd5 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -37,6 +37,14 @@ enum udp_param_flags { REPL_DPORT = (1 << REPL_DPORT_BIT), }; +void help() +{ + fprintf(stdout, "--orig-port-src original source port\n"); + fprintf(stdout, "--orig-port-dst original destination port\n"); + fprintf(stdout, "--reply-port-src reply source port\n"); + fprintf(stdout, "--reply-port-dst reply destination port\n"); +} + int parse(char c, char *argv[], struct ip_conntrack_tuple *orig, struct ip_conntrack_tuple *reply, @@ -72,6 +80,20 @@ int parse(char c, char *argv[], return 1; } +int final_check(unsigned int flags) +{ + if (!(flags & ORIG_SPORT)) + return 0; + else if (!(flags & ORIG_DPORT)) + return 0; + else if (!(flags & REPL_SPORT)) + return 0; + else if (!(flags & REPL_DPORT)) + return 0; + + return 1; +} + void print_tuple(struct ip_conntrack_tuple *t) { fprintf(stdout, "sport=%d dport=%d ", ntohs(t->src.u.udp.port), @@ -83,6 +105,8 @@ static struct ctproto_handler udp = { .protonum = 17, .parse = parse, .print_tuple = print_tuple, + .final_check = final_check, + .help = help, .opts = opts }; diff --git a/include/libct_proto.h b/include/libct_proto.h index de632b2..6df03e7 100644 --- a/include/libct_proto.h +++ b/include/libct_proto.h @@ -24,6 +24,8 @@ struct ctproto_handler { int (*final_check)(unsigned int flags); + void (*help)(); + struct option *opts; unsigned int option_offset; diff --git a/src/conntrack.c b/src/conntrack.c index ed97a86..676049e 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -46,7 +46,7 @@ #include "libct_proto.h" #define PROGNAME "conntrack" -#define VERSION "0.50" +#define VERSION "0.60" #if 0 #define DEBUGP printf @@ -182,7 +182,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = /*EVENT*/ {'x','x','x','x','x','x','x','x','x',' ','x'}, /*ACTION*/ {'x','x','x','x','x','x','x','x',' ','x',' '}, /*VERSION*/ {'x','x','x','x','x','x','x','x','x','x','x'}, -/*HELP*/ {'x','x','x','x','x','x','x','x','x','x','x'}, +/*HELP*/ {'x','x','x','x',' ','x','x','x','x','x','x'}, }; /* FIXME: hardcoded!, this must be defined during compilation time */ @@ -203,6 +203,13 @@ enum exittype { VERSION_PROBLEM }; +void extension_help(struct ctproto_handler *h) +{ + fprintf(stdout, "\n"); + fprintf(stdout, "Proto `%s' help:\n", h->name); + h->help(); +} + void exit_tryhelp(int status) { @@ -624,6 +631,13 @@ int main(int argc, char *argv[]) generic_opt_check(command, options); + if (!(command & CT_HELP) + && h && h->final_check && !h->final_check(extra_flags)) { + usage(argv[0]); + extension_help(h); + exit_error(PARAMETER_PROBLEM, "Missing protocol arguments!\n"); + } + while (retry > 0) { retry--; switch(command) { @@ -697,6 +711,8 @@ int main(int argc, char *argv[]) break; case CT_HELP: usage(argv[0]); + if (options & CT_OPT_PROTO) + extension_help(h); break; default: usage(argv[0]); @@ -32,7 +32,12 @@ case $1 in --reply-port-src $DPORT --reply-port-dst $SPORT \ --state LISTEN -u SEEN_REPLY -t 50 ;; - + get) + echo "getting a conntrack" + $CONNTRACK -G --orig-src $SRC --orig-dst $DST \ + -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ + --reply-port-src $DPORT --reply-port-dst $SPORT + ;; change) echo "change a conntrack" $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ |