summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--configure.in8
-rw-r--r--conntrack.815
-rw-r--r--extensions/libct_proto_icmp.c3
-rw-r--r--extensions/libct_proto_sctp.c3
-rw-r--r--extensions/libct_proto_tcp.c6
-rw-r--r--extensions/libct_proto_udp.c3
-rw-r--r--include/libct_proto.h3
-rw-r--r--src/conntrack.c7
-rw-r--r--src/libct.c30
10 files changed, 46 insertions, 41 deletions
diff --git a/ChangeLog b/ChangeLog
index e4573e9..87daa18 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2005-09-24
+<laforge@netfilter.org>
+ o Get rid of C++ style comments
+ o Remove remaining bits of "-A --action", group-mask and dump-mask
+ o Clean up #include's
+ o Fix double-free when exiting via signal handler (Ctrl+C)
+ o Add "version" member to plugins
+ o Fix some Endianness issues when printing CTA_STATUS
+
2005-08-31
<pablo@netfilter.org>
o Fix packet and bytes counters (use __be64_to_cpu)
diff --git a/configure.in b/configure.in
index cd8f37f..8956e34 100644
--- a/configure.in
+++ b/configure.in
@@ -74,10 +74,10 @@ AC_ARG_WITH(kernel,
[ Show location of kernel source. Default is to use uname -r and look in /lib/modules/KERNEL/build/include. ]),
NF_KERNEL_SOURCE($with_kernel),NF_KERNEL_SOURCE())
-#if test ! -z "$libdir"; then
-# MODULE_DIR="\\\"$libdir/\\\""
-# CFLAGS="$CFLAGS -DCONNTRACK_LIB_DIR=$MODULE_DIR"
-#fi
+if test ! -z "$libdir"; then
+ MODULE_DIR="\\\"$libdir/\\\""
+ CFLAGS="$CFLAGS -DCONNTRACK_LIB_DIR=$MODULE_DIR"
+fi
dnl--------------------------------
diff --git a/conntrack.8 b/conntrack.8
index 5ba8494..c8d07d1 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -16,8 +16,6 @@ conntrack \- administration tool for netfilter connection tracking
.BR "conntrack -E [table] parameters"
.br
.BR "conntrack -F [table]"
-.br
-.BR "conntrack -A [table] [options]"
.SH DESCRIPTION
.B conntrack
is used to search, list, inspect and maintain the netfilter connection tracking
@@ -70,9 +68,6 @@ Display a real-time event log.
.TP
.BI "-F, --flush "
Flush the whole given table
-.TP
-.BI "-A, --action "
-Set an action.
.SS PARAMETERS
.TP
.BI "-z, --zero "
@@ -85,15 +80,7 @@ event code. Using this parameter, you can reduce the event messages generated
by the kernel to those types to those that you are actually interested in.
.
Please note that this is a system-wide setting, so make sure to not disable some events that other ctnetlink-using processes might need!
-This option can only be used in conjunction with "-A, --action".
-.TP
-.BI "-m, --dump-mask " "[ALL|TUPLE|STATUS|TIMEOUT|PROTOINFO|HELPINFO|COUNTERS|MARK][,...]"
-Set the bitmask of data fields that are to be sent with each message generated
-by the in-kernel ctnetlink code. Using this parameter, you can reduce the
-amount of information sent by the kernel to those bits and pieces that you are
-actually interested in.
-Please note that this is a system-wide setting, so make sure to not disable some data fields that other ctnetlink-using processes might need!
-This option can only be used in conjunction with "-A, --action".
+This option can only be used in conjunction with "-E, --event".
.TP
.BI "-g, --group-mask " "[ALL|TCP|UDP|ICMP][,...]"
Set the group bitmask to those netlink groups (resembling layer 4 protocols)
diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c
index e0de27e..817fc77 100644
--- a/extensions/libct_proto_icmp.c
+++ b/extensions/libct_proto_icmp.c
@@ -111,7 +111,8 @@ static struct ctproto_handler icmp = {
.print_proto = print_proto,
.final_check = final_check,
.help = help,
- .opts = opts
+ .opts = opts,
+ .version = LIBCT_VERSION,
};
void __attribute__ ((constructor)) init(void);
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index 4dbdf27..9afb661 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -176,7 +176,8 @@ static struct ctproto_handler sctp = {
.print_protoinfo = print_protoinfo,
.final_check = final_check,
.help = help,
- .opts = opts
+ .opts = opts,
+ .version = LIBCT_VERSION,
};
void __attribute__ ((constructor)) init(void);
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 323e4ec..4f3094f 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -13,9 +13,10 @@
#include <string.h>
#include <netinet/in.h> /* For htons */
#include <linux/netfilter/nfnetlink_conntrack.h>
-#include "libct_proto.h"
#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
+#include "libct_proto.h"
+
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
{"orig-port-dst", 1, 0, '2'},
@@ -197,7 +198,8 @@ static struct ctproto_handler tcp = {
.print_protoinfo = print_protoinfo,
.final_check = final_check,
.help = help,
- .opts = opts
+ .opts = opts,
+ .version = LIBCT_VERSION,
};
void __attribute__ ((constructor)) init(void);
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index 8a9f0cf..ecde5f2 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -149,7 +149,8 @@ static struct ctproto_handler udp = {
.print_proto = print_proto,
.final_check = final_check,
.help = help,
- .opts = opts
+ .opts = opts,
+ .version = LIBCT_VERSION,
};
void __attribute__ ((constructor)) init(void);
diff --git a/include/libct_proto.h b/include/libct_proto.h
index dcf7009..8849a3e 100644
--- a/include/libct_proto.h
+++ b/include/libct_proto.h
@@ -7,6 +7,8 @@
#include <getopt.h>
#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
+#define LIBCT_VERSION "0.1.0"
+
struct cta_proto;
struct ctproto_handler {
@@ -14,6 +16,7 @@ struct ctproto_handler {
char *name;
u_int16_t protonum;
+ char *version;
enum ctattr_protoinfo protoinfo_attr;
diff --git a/src/conntrack.c b/src/conntrack.c
index 07d15f6..3731d0e 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -43,13 +43,12 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
#include "linux_list.h"
#include "libct_proto.h"
#define PROGNAME "conntrack"
-#define VERSION "0.80"
+#define VERSION "0.81"
#if 0
#define DEBUGP printf
@@ -651,8 +650,6 @@ fprintf(stdout, "--mask-dst ip Destination mask address for expectations\n");
fprintf(stdout, "-p proto Layer 4 Protocol\n");
fprintf(stdout, "-t timeout Set timeout\n");
fprintf(stdout, "-u status Set status\n");
-fprintf(stdout, "-m dumpmask Set dump mask\n");
-fprintf(stdout, "-g groupmask Set group mask\n");
fprintf(stdout, "-e eventmask Set event mask\n");
fprintf(stdout, "-a min_ip[-max_ip] NAT ip range\n");
fprintf(stdout, "-z Zero Counters\n");
@@ -670,7 +667,7 @@ int main(int argc, char *argv[])
unsigned long timeout = 0;
unsigned int status = IPS_CONFIRMED;
unsigned long id = 0;
- unsigned int type = 0, dump_mask = 0, extra_flags = 0, event_mask = 0;
+ unsigned int type = 0, extra_flags = 0, event_mask = 0;
int manip = -1;
int res = 0, retry = 2;
diff --git a/src/libct.c b/src/libct.c
index 7c1160a..01307f2 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -17,9 +17,6 @@
/* From kernel.h */
#define INT_MAX ((int)(~0U>>1))
#define INT_MIN (-INT_MAX - 1)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
-#include <linux/netfilter/nfnetlink_conntrack.h>
-#include <libnfnetlink/libnfnetlink.h>
#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
#include "linux_list.h"
#include "libct_proto.h"
@@ -187,7 +184,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);
break;
case CTA_STATUS:
- ct.status = *(unsigned int *)NFA_DATA(attr);
+ ct.status = ntohl(*(u_int32_t *)NFA_DATA(attr));
flags |= STATUS;
break;
case CTA_PROTOINFO:
@@ -195,11 +192,11 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
flags |= PROTOINFO;
break;
case CTA_TIMEOUT:
- ct.timeout = ntohl(*(unsigned long *)NFA_DATA(attr));
+ ct.timeout = ntohl(*(u_int32_t *)NFA_DATA(attr));
flags |= TIMEOUT;
break;
case CTA_MARK:
- ct.mark = ntohl(*(unsigned long *)NFA_DATA(attr));
+ ct.mark = ntohl(*(u_int32_t *)NFA_DATA(attr));
flags |= MARK;
break;
case CTA_COUNTERS_ORIG:
@@ -208,7 +205,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
flags |= COUNTERS;
break;
case CTA_USE:
- ct.use = ntohl(*(unsigned int *)NFA_DATA(attr));
+ ct.use = ntohl(*(u_int32_t *)NFA_DATA(attr));
flags |= USE;
break;
case CTA_ID:
@@ -256,7 +253,8 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
ct.counters[CTNL_DIR_REPLY].packets,
ct.counters[CTNL_DIR_REPLY].bytes);
- print_status(ct.status);
+ if (flags & STATUS)
+ print_status(ct.status);
if (flags & MARK)
fprintf(stdout, "mark=%lu ", ct.mark);
@@ -272,15 +270,15 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
static char *typemsg2str(type, flags)
{
- char *ret = "UNKNOWN";
+ char *ret = "[UNKNOWN]";
if (type == IPCTNL_MSG_CT_NEW) {
if (flags & NLM_F_CREATE)
- ret = "NEW";
+ ret = "[NEW]";
else
- ret = "UPDATE";
+ ret = "[UPDATE]";
} else if (type == IPCTNL_MSG_CT_DELETE)
- ret = "DESTROY";
+ ret = "[DESTROY]";
return ret;
}
@@ -289,7 +287,7 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,
void *arg)
{
int type = NFNL_MSG_TYPE(nlh->nlmsg_type);
- fprintf(stdout, "[%s] ", typemsg2str(type, nlh->nlmsg_flags));
+ fprintf(stdout, "%9s ", typemsg2str(type, nlh->nlmsg_flags));
return handler(sock, nlh, arg);
}
@@ -465,6 +463,7 @@ static void event_sighandler(int s)
{
fprintf(stdout, "Now closing conntrack event dumping...\n");
ctnl_close(&cth);
+ exit(0);
}
int event_conntrack(unsigned int event_mask)
@@ -527,6 +526,11 @@ struct ctproto_handler *findproto(char *name)
void register_proto(struct ctproto_handler *h)
{
+ if (strcmp(h->version, LIBCT_VERSION) != 0) {
+ fprintf(stderr, "plugin `%s': version %s (I'm %s)\n",
+ h->name, h->version, LIBCT_VERSION);
+ exit(1);
+ }
list_add(&h->head, &proto_list);
}