From cce8dd1bd45465dd9b18e4f02b5d007cb39079b0 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Fri, 7 Oct 2005 13:09:22 +0000 Subject: See Changelog --- ChangeLog | 7 +++++++ extensions/libct_proto_icmp.c | 32 +++++++++++++++++++++++++------- src/libct.c | 2 +- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f9b93a2..1a44a43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2005-10-07 + + o Fixed ICMP options + + o Multiple fixes for the ICMP protocol handler + o Fix ICMP output: wrong output. type and code were set to zero. + 2005-10-05 o Fix up counters diff --git a/extensions/libct_proto_icmp.c b/extensions/libct_proto_icmp.c index 817fc77..be81507 100644 --- a/extensions/libct_proto_icmp.c +++ b/extensions/libct_proto_icmp.c @@ -12,12 +12,13 @@ #include #include #include /* For htons */ +#include #include "libct_proto.h" static struct option opts[] = { - {"--icmp-type", 1, 0, '1'}, - {"--icmp-code", 1, 0, '2'}, - {"--icmp-id", 1, 0, '3'}, + {"icmp-type", 1, 0, '1'}, + {"icmp-code", 1, 0, '2'}, + {"icmp-id", 1, 0, '3'}, {0, 0, 0, 0} }; @@ -39,6 +40,17 @@ void help() fprintf(stdout, "--icmp-id icmp id\n"); } +/* Add 1; spaces filled with 0. */ +static u_int8_t invmap[] + = { [ICMP_ECHO] = ICMP_ECHOREPLY + 1, + [ICMP_ECHOREPLY] = ICMP_ECHO + 1, + [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, + [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, + [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, + [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, + [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, + [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1}; + int parse(char c, char *argv[], struct ctnl_tuple *orig, struct ctnl_tuple *reply, @@ -50,18 +62,22 @@ int parse(char c, char *argv[], case '1': if (optarg) { orig->l4dst.icmp.type = atoi(optarg); + reply->l4dst.icmp.type = + invmap[orig->l4dst.icmp.type] - 1; *flags |= ICMP_TYPE; } break; case '2': if (optarg) { orig->l4dst.icmp.code = atoi(optarg); + reply->l4dst.icmp.code = 0; *flags |= ICMP_CODE; } break; case '3': if (optarg) { orig->l4src.icmp.id = atoi(optarg); + reply->l4dst.icmp.id = 0; *flags |= ICMP_ID; } break; @@ -81,7 +97,7 @@ void parse_proto(struct nfattr *cda[], struct ctnl_tuple *tuple) if (cda[CTA_PROTO_ICMP_ID-1]) tuple->l4src.icmp.id = - *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); + *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]); } int final_check(unsigned int flags, @@ -98,9 +114,11 @@ int final_check(unsigned int flags, void print_proto(struct ctnl_tuple *t) { - fprintf(stdout, "type=%d code=%d id=%d ", t->l4dst.icmp.type, - t->l4dst.icmp.code, - t->l4src.icmp.id); + fprintf(stdout, "type=%d code=%d ", t->l4dst.icmp.type, + t->l4dst.icmp.code); + /* ID only makes sense with ECHO */ + if (t->l4dst.icmp.type == 8) + fprintf(stdout, "id=%d ", t->l4src.icmp.id); } static struct ctproto_handler icmp = { diff --git a/src/libct.c b/src/libct.c index 16ec4db..36aacbd 100644 --- a/src/libct.c +++ b/src/libct.c @@ -70,7 +70,7 @@ static void parse_proto(struct nfattr *attr, struct ctnl_tuple *tuple) memset(tb, 0, CTA_PROTO_MAX * sizeof(struct nfattr *)); - nfnl_parse_nested(tb, CTA_IP_MAX, attr); + nfnl_parse_nested(tb, CTA_PROTO_MAX, attr); if (tb[CTA_PROTO_NUM-1]) tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]); -- cgit v1.2.3