diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | examples/cli/test.sh | 3 | ||||
-rw-r--r-- | src/conntrack.c | 110 |
3 files changed, 11 insertions, 104 deletions
@@ -14,6 +14,8 @@ o lots of cleanups = conntrack = o fix segfault with conntrack --output (Krzysztof Oledzky) +o use NFCT_SOPT_SETUP_* facilities: nfct_setobjopt +o remove bogus option to get a conntrack in test.sh example file version 0.9.3 (2006/05/22) ------------------------------ diff --git a/examples/cli/test.sh b/examples/cli/test.sh index 36c4826..cb449bf 100644 --- a/examples/cli/test.sh +++ b/examples/cli/test.sh @@ -37,8 +37,7 @@ case $1 in get) echo "getting a conntrack" $CONNTRACK -G --orig-src $SRC --orig-dst $DST \ - -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ - --reply-port-src $DPORT --reply-port-dst $SPORT + -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT ;; change) echo "change a conntrack" diff --git a/src/conntrack.c b/src/conntrack.c index 18baf96..2555f2e 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1024,57 +1024,10 @@ int main(int argc, char *argv[]) break; case CT_CREATE: - if ((options & CT_OPT_ORIG) - && !(options & CT_OPT_REPL)) { - nfct_set_attr_u8(obj, - ATTR_REPL_L3PROTO, - nfct_get_attr_u8(obj, - ATTR_ORIG_L3PROTO)); - if (family == AF_INET) { - nfct_set_attr_u32(obj, - ATTR_REPL_IPV4_SRC, - nfct_get_attr_u32(obj, - ATTR_ORIG_IPV4_DST)); - nfct_set_attr_u32(obj, - ATTR_REPL_IPV4_DST, - nfct_get_attr_u32(obj, - ATTR_ORIG_IPV4_SRC)); - } else if (family == AF_INET6) { - nfct_set_attr(obj, - ATTR_REPL_IPV6_SRC, - nfct_get_attr(obj, - ATTR_ORIG_IPV6_DST)); - nfct_set_attr(obj, - ATTR_REPL_IPV6_DST, - nfct_get_attr(obj, - ATTR_ORIG_IPV6_SRC)); - } - } else if (!(options & CT_OPT_ORIG) - && (options & CT_OPT_REPL)) { - nfct_set_attr_u8(obj, - ATTR_ORIG_L3PROTO, - nfct_get_attr_u8(obj, - ATTR_REPL_L3PROTO)); - if (family == AF_INET) { - nfct_set_attr_u32(obj, - ATTR_ORIG_IPV4_SRC, - nfct_get_attr_u32(obj, - ATTR_REPL_IPV4_DST)); - nfct_set_attr_u32(obj, - ATTR_ORIG_IPV4_DST, - nfct_get_attr_u32(obj, - ATTR_REPL_IPV4_SRC)); - } else if (family == AF_INET6) { - nfct_set_attr(obj, - ATTR_ORIG_IPV6_SRC, - nfct_get_attr(obj, - ATTR_REPL_IPV6_DST)); - nfct_set_attr(obj, - ATTR_ORIG_IPV6_DST, - nfct_get_attr(obj, - ATTR_REPL_IPV6_SRC)); - } - } + if ((options & CT_OPT_ORIG) && !(options & CT_OPT_REPL)) + nfct_setobjopt(obj, NFCT_SOPT_SETUP_REPLY); + else if (!(options & CT_OPT_ORIG) && (options & CT_OPT_REPL)) + nfct_setobjopt(obj, NFCT_SOPT_SETUP_ORIGINAL); cth = nfct_open(CONNTRACK, 0); if (!cth) @@ -1098,57 +1051,10 @@ int main(int argc, char *argv[]) break; case CT_UPDATE: - if ((options & CT_OPT_ORIG) - && !(options & CT_OPT_REPL)) { - nfct_set_attr_u8(obj, - ATTR_REPL_L3PROTO, - nfct_get_attr_u8(obj, - ATTR_ORIG_L3PROTO)); - if (family == AF_INET) { - nfct_set_attr_u32(obj, - ATTR_REPL_IPV4_SRC, - nfct_get_attr_u32(obj, - ATTR_ORIG_IPV4_DST)); - nfct_set_attr_u32(obj, - ATTR_REPL_IPV4_DST, - nfct_get_attr_u32(obj, - ATTR_ORIG_IPV4_SRC)); - } else if (family == AF_INET6) { - nfct_set_attr(obj, - ATTR_REPL_IPV6_SRC, - nfct_get_attr(obj, - ATTR_ORIG_IPV6_DST)); - nfct_set_attr(obj, - ATTR_REPL_IPV6_DST, - nfct_get_attr(obj, - ATTR_ORIG_IPV6_SRC)); - } - } else if (!(options & CT_OPT_ORIG) - && (options & CT_OPT_REPL)) { - nfct_set_attr_u8(obj, - ATTR_ORIG_L3PROTO, - nfct_get_attr_u8(obj, - ATTR_REPL_L3PROTO)); - if (family == AF_INET) { - nfct_set_attr_u32(obj, - ATTR_ORIG_IPV4_SRC, - nfct_get_attr_u32(obj, - ATTR_REPL_IPV4_DST)); - nfct_set_attr_u32(obj, - ATTR_ORIG_IPV4_DST, - nfct_get_attr_u32(obj, - ATTR_REPL_IPV4_SRC)); - } else if (family == AF_INET6) { - nfct_set_attr(obj, - ATTR_ORIG_IPV6_SRC, - nfct_get_attr(obj, - ATTR_REPL_IPV6_DST)); - nfct_set_attr(obj, - ATTR_ORIG_IPV6_DST, - nfct_get_attr(obj, - ATTR_REPL_IPV6_SRC)); - } - } + if ((options & CT_OPT_ORIG) && !(options & CT_OPT_REPL)) + nfct_setobjopt(obj, NFCT_SOPT_SETUP_REPLY); + else if (!(options & CT_OPT_ORIG) && (options & CT_OPT_REPL)) + nfct_setobjopt(obj, NFCT_SOPT_SETUP_ORIGINAL); cth = nfct_open(CONNTRACK, 0); if (!cth) |