* expectation entry creation with conntrack
@ 2015-06-25 10:22 pfeiffer.szilard
2015-06-25 10:22 ` [PATCH 1/2] conntrack: refactor handling of address options pfeiffer.szilard
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: pfeiffer.szilard @ 2015-06-25 10:22 UTC (permalink / raw)
To: netfilter-devel; +Cc: pfeiffer.szilard
Hello,
Here are two patches that fix the expectation entry creation with conntrack
tool. First patch is only a refactor with the purpose to make the second
patch smaller and easier to understand. The second one fixes the entry
creation by using the necessary conntrack stucture.
BR,
Szilárd Pfeiffer
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/2] conntrack: refactor handling of address options 2015-06-25 10:22 expectation entry creation with conntrack pfeiffer.szilard @ 2015-06-25 10:22 ` pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 2/2] conntrack: fix expectation entry creation pfeiffer.szilard 2015-06-26 8:11 ` expectation entry creation with conntrack Pablo Neira Ayuso 2 siblings, 0 replies; 4+ messages in thread From: pfeiffer.szilard @ 2015-06-25 10:22 UTC (permalink / raw) To: netfilter-devel; +Cc: pfeiffer.szilard From: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> Signed-off-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> --- src/conntrack.c | 69 ++++++++++++++++++++++++++------------------------------- 1 file changed, 32 insertions(+), 37 deletions(-) diff --git a/src/conntrack.c b/src/conntrack.c index b1a2589..4b22e75 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -437,6 +437,10 @@ static const int opt2attr[] = { ['d'] = ATTR_ORIG_L3PROTO, ['r'] = ATTR_REPL_L3PROTO, ['q'] = ATTR_REPL_L3PROTO, + ['{'] = ATTR_ORIG_L3PROTO, + ['}'] = ATTR_ORIG_L3PROTO, + ['['] = ATTR_ORIG_L3PROTO, + [']'] = ATTR_ORIG_L3PROTO, ['m'] = ATTR_MARK, ['c'] = ATTR_SECMARK, ['i'] = ATTR_ID, @@ -1952,6 +1956,31 @@ static void merge_bitmasks(struct nfct_bitmask **current, nfct_bitmask_destroy(src); } +static void +nfct_set_addr_from_opt(int opt, struct nf_conntrack *ct, union ct_address *ad, + int *family) +{ + int l3protonum; + + options |= opt2type[opt]; + l3protonum = parse_addr(optarg, ad); + if (l3protonum == AF_UNSPEC) { + exit_error(PARAMETER_PROBLEM, + "Invalid IP address `%s'", optarg); + } + set_family(family, l3protonum); + if (l3protonum == AF_INET) { + nfct_set_attr_u32(ct, + opt2family_attr[opt][0], + ad->v4); + } else if (l3protonum == AF_INET6) { + nfct_set_attr(ct, + opt2family_attr[opt][1], + &ad->v6); + } + nfct_set_attr_u8(ct, opt2attr[opt], l3protonum); +} + int main(int argc, char *argv[]) { int c, cmd; @@ -1959,7 +1988,7 @@ int main(int argc, char *argv[]) int res = 0, partial; size_t socketbuffersize = 0; int family = AF_UNSPEC; - int l3protonum, protonum = 0; + int protonum = 0; union ct_address ad; unsigned int command = 0; @@ -2030,47 +2059,13 @@ int main(int argc, char *argv[]) case 'd': case 'r': case 'q': - options |= opt2type[c]; - - l3protonum = parse_addr(optarg, &ad); - if (l3protonum == AF_UNSPEC) { - exit_error(PARAMETER_PROBLEM, - "Invalid IP address `%s'", optarg); - } - set_family(&family, l3protonum); - if (l3protonum == AF_INET) { - nfct_set_attr_u32(tmpl.ct, - opt2family_attr[c][0], - ad.v4); - } else if (l3protonum == AF_INET6) { - nfct_set_attr(tmpl.ct, - opt2family_attr[c][1], - &ad.v6); - } - nfct_set_attr_u8(tmpl.ct, opt2attr[c], l3protonum); + nfct_set_addr_from_opt(c, tmpl.ct, &ad, &family); break; case '{': case '}': case '[': case ']': - options |= opt2type[c]; - l3protonum = parse_addr(optarg, &ad); - if (l3protonum == AF_UNSPEC) { - exit_error(PARAMETER_PROBLEM, - "Invalid IP address `%s'", optarg); - } - set_family(&family, l3protonum); - if (l3protonum == AF_INET) { - nfct_set_attr_u32(tmpl.mask, - opt2family_attr[c][0], - ad.v4); - } else if (l3protonum == AF_INET6) { - nfct_set_attr(tmpl.mask, - opt2family_attr[c][1], - &ad.v6); - } - nfct_set_attr_u8(tmpl.mask, - ATTR_ORIG_L3PROTO, l3protonum); + nfct_set_addr_from_opt(c, tmpl.mask, &ad, &family); break; case 'p': options |= CT_OPT_PROTO; -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] conntrack: fix expectation entry creation 2015-06-25 10:22 expectation entry creation with conntrack pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 1/2] conntrack: refactor handling of address options pfeiffer.szilard @ 2015-06-25 10:22 ` pfeiffer.szilard 2015-06-26 8:11 ` expectation entry creation with conntrack Pablo Neira Ayuso 2 siblings, 0 replies; 4+ messages in thread From: pfeiffer.szilard @ 2015-06-25 10:22 UTC (permalink / raw) To: netfilter-devel; +Cc: pfeiffer.szilard From: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> Signed-off-by: Szilárd Pfeiffer <pfeiffer.szilard@balabit.hu> --- src/conntrack.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/conntrack.c b/src/conntrack.c index 4b22e75..45276f4 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -2063,6 +2063,8 @@ int main(int argc, char *argv[]) break; case '{': case '}': + nfct_set_addr_from_opt(c, tmpl.exptuple, &ad, &family); + break; case '[': case ']': nfct_set_addr_from_opt(c, tmpl.mask, &ad, &family); -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: expectation entry creation with conntrack 2015-06-25 10:22 expectation entry creation with conntrack pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 1/2] conntrack: refactor handling of address options pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 2/2] conntrack: fix expectation entry creation pfeiffer.szilard @ 2015-06-26 8:11 ` Pablo Neira Ayuso 2 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2015-06-26 8:11 UTC (permalink / raw) To: pfeiffer.szilard; +Cc: netfilter-devel On Thu, Jun 25, 2015 at 12:22:09PM +0200, pfeiffer.szilard@balabit.hu wrote: > > Hello, > > Here are two patches that fix the expectation entry creation with conntrack > tool. First patch is only a refactor with the purpose to make the second > patch smaller and easier to understand. The second one fixes the entry > creation by using the necessary conntrack stucture. Series applied, thanks Szilárd. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-26 8:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-06-25 10:22 expectation entry creation with conntrack pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 1/2] conntrack: refactor handling of address options pfeiffer.szilard 2015-06-25 10:22 ` [PATCH 2/2] conntrack: fix expectation entry creation pfeiffer.szilard 2015-06-26 8:11 ` expectation entry creation with conntrack Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).