Logo Search packages:      
Sourcecode: libnl version File versions  Download package

f_ct.c

/*
 * src/f_ct.c           Conntrack Filter
 *
 *    This library is free software; you can redistribute it and/or
 *    modify it under the terms of the GNU Lesser General Public
 *    License as published by the Free Software Foundation version 2.1
 *    of the License.
 *
 * Copyright (c) 2003-2006 Thomas Graf <tgraf@suug.ch>
 * Copyright (c) 2007 Philip Craig <philipc@snapgear.com>
 * Copyright (c) 2007 Secure Computing Corporation
 */

static void get_filter(struct nfnl_ct *ct, int argc, char **argv, int idx)
{
      struct nl_addr *a;

      while (argc > idx) {
            if (arg_match("family")) {
                  if (argc > ++idx) {
                        int family = nl_str2af(argv[idx++]);
                        if (family == AF_UNSPEC)
                              goto err_invaf;
                        nfnl_ct_set_family(ct, family);
                  }
            } else if (arg_match("proto")) {
                  if (argc > ++idx) {
                        int proto = nl_str2ip_proto(argv[idx++]);
                        if (proto < 0)
                              goto err_invproto;
                        nfnl_ct_set_proto(ct, proto);
                  }
            } else if (arg_match("tcpstate")) {
                  if (argc > ++idx) {
                        int state = nfnl_ct_str2tcp_state(argv[idx++]);
                        if (state < 0)
                              goto err_invtcpstate;
                        nfnl_ct_set_tcp_state(ct, state);
                  }
            } else if (arg_match("status")) {
                  if (argc > ++idx) {
                        int status = strtoul(argv[idx++], NULL, 0);
                        nfnl_ct_set_status(ct, status);
                        nfnl_ct_unset_status(ct, ~status);
                  }
            } else if (arg_match("timeout")) {
                  if (argc > ++idx)
                        nfnl_ct_set_timeout(ct, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("mark")) {
                  if (argc > ++idx)
                        nfnl_ct_set_mark(ct, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("use")) {
                  if (argc > ++idx)
                        nfnl_ct_set_use(ct, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("id")) {
                  if (argc > ++idx)
                        nfnl_ct_set_id(ct, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origsrc")) {
                  if (argc > ++idx) {
                        a = nl_addr_parse(argv[idx++],
                                      nfnl_ct_get_family(ct));
                        if (!a)
                              goto err_invaddr;
                        nfnl_ct_set_src(ct, 0, a);
                        nl_addr_put(a);
                  }
            } else if (arg_match("origdst")) {
                  if (argc > ++idx) {
                        a = nl_addr_parse(argv[idx++],
                                      nfnl_ct_get_family(ct));
                        if (!a)
                              goto err_invaddr;
                        nfnl_ct_set_dst(ct, 0, a);
                        nl_addr_put(a);
                  }
            } else if (arg_match("origsrcport")) {
                  if (argc > ++idx)
                        nfnl_ct_set_src_port(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origdstport")) {
                  if (argc > ++idx)
                        nfnl_ct_set_dst_port(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origicmpid")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_id(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origicmptype")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_type(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origicmpcode")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_code(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origpackets")) {
                  if (argc > ++idx)
                        nfnl_ct_set_packets(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("origbytes")) {
                  if (argc > ++idx)
                        nfnl_ct_set_bytes(ct, 0, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replysrc")) {
                  if (argc > ++idx) {
                        a = nl_addr_parse(argv[idx++],
                                      nfnl_ct_get_family(ct));
                        if (!a)
                              goto err_invaddr;
                        nfnl_ct_set_src(ct, 1, a);
                        nl_addr_put(a);
                  }
            } else if (arg_match("replydst")) {
                  if (argc > ++idx) {
                        a = nl_addr_parse(argv[idx++],
                                      nfnl_ct_get_family(ct));
                        if (!a)
                              goto err_invaddr;
                        nfnl_ct_set_dst(ct, 1, a);
                        nl_addr_put(a);
                  }
            } else if (arg_match("replysrcport")) {
                  if (argc > ++idx)
                        nfnl_ct_set_src_port(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replydstport")) {
                  if (argc > ++idx)
                        nfnl_ct_set_dst_port(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replyicmpid")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_id(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replyicmptype")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_type(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replyicmpcode")) {
                  if (argc > ++idx)
                        nfnl_ct_set_icmp_code(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replypackets")) {
                  if (argc > ++idx)
                        nfnl_ct_set_packets(ct, 1, strtoul(argv[idx++], NULL, 0));
            } else if (arg_match("replybytes")) {
                  if (argc > ++idx)
                        nfnl_ct_set_bytes(ct, 1, strtoul(argv[idx++], NULL, 0));
            }
#define MSTATUS(STR, STATUS) \
      else if (!strcasecmp(argv[idx], STR)) { \
            nfnl_ct_set_status(ct, STATUS); idx++; }
#define MNOSTATUS(STR, STATUS) \
      else if (!strcasecmp(argv[idx], STR)) { \
            nfnl_ct_unset_status(ct, STATUS); idx++; }

            MSTATUS("replied", IPS_SEEN_REPLY)
            MNOSTATUS("unreplied", IPS_SEEN_REPLY)
            MSTATUS("assured", IPS_ASSURED)
            MNOSTATUS("unassured", IPS_ASSURED)
#undef MSTATUS
#undef MNOSTATUS
            else {
                  fprintf(stderr, "What is '%s'?\n", argv[idx]);
                  exit(1);
            }
      }

      return;

err_invproto:
      fprintf(stderr, "Invalid IP protocol \"%s\".\n", argv[idx-1]);
      exit(1);
err_invtcpstate:
      fprintf(stderr, "Invalid TCP state \"%s\".\n", argv[idx-1]);
      exit(1);
err_invaf:
      fprintf(stderr, "Invalid address family \"%s\"\n", argv[idx-1]);
      exit(1);
err_invaddr:
      fprintf(stderr, "Invalid address \"%s\": %s\n", argv[idx-1], nl_geterror());
      exit(1);
}

Generated by  Doxygen 1.6.0   Back to index