 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include "conntrack.h"#include <stdio.h>#include <getopt.h>#include <stdlib.h>#include <stdarg.h>#include <errno.h>#include <unistd.h>#include <netinet/in.h>#include <sys/types.h>#include <sys/socket.h>#include <sys/time.h>#include <time.h>#include <signal.h>#include <string.h>#include <netdb.h>#include <sys/stat.h>#include <fcntl.h>#include <libmnl/libmnl.h>#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
Data Structures | |
| struct | u32_mask |
| struct | parse_parameter |
| struct | addr_parse |
| union | ct_address |
| struct | nfct_mnl_socket |
Macros | |
| #define | CT_COMPARISON |
| #define | OPTION_OFFSET 256 |
| #define | ADDR_VALID_FLAGS_MAX 2 |
| #define | ENOTSUPP 524 /* Operation is not supported */ |
| #define | PARSE_STATUS 0 |
| #define | PARSE_EVENT 1 |
| #define | PARSE_OUTPUT 2 |
| #define | PARSE_MAX 3 |
| #define | CT_STATS_PROC "/proc/net/stat/nf_conntrack" |
| #define | CT_STATS_ENTRIES_MAX 64 |
| #define | CT_STATS_STRING_MAX 64 |
| #define | NF_CONNTRACK_COUNT_PROC "/proc/sys/net/netfilter/nf_conntrack_count" |
Enumerations | |
| enum | ct_command { CT_NONE = 0, CT_LIST_BIT = 0, CT_LIST = (1 << CT_LIST_BIT), CT_CREATE_BIT = 1, CT_CREATE = (1 << CT_CREATE_BIT), CT_UPDATE_BIT = 2, CT_UPDATE = (1 << CT_UPDATE_BIT), CT_DELETE_BIT = 3, CT_DELETE = (1 << CT_DELETE_BIT), CT_GET_BIT = 4, CT_GET = (1 << CT_GET_BIT), CT_FLUSH_BIT = 5, CT_FLUSH = (1 << CT_FLUSH_BIT), CT_EVENT_BIT = 6, CT_EVENT = (1 << CT_EVENT_BIT), CT_VERSION_BIT = 7, CT_VERSION = (1 << CT_VERSION_BIT), CT_HELP_BIT = 8, CT_HELP = (1 << CT_HELP_BIT), EXP_LIST_BIT = 9, EXP_LIST = (1 << EXP_LIST_BIT), EXP_CREATE_BIT = 10, EXP_CREATE = (1 << EXP_CREATE_BIT), EXP_DELETE_BIT = 11, EXP_DELETE = (1 << EXP_DELETE_BIT), EXP_GET_BIT = 12, EXP_GET = (1 << EXP_GET_BIT), EXP_FLUSH_BIT = 13, EXP_FLUSH = (1 << EXP_FLUSH_BIT), EXP_EVENT_BIT = 14, EXP_EVENT = (1 << EXP_EVENT_BIT), CT_COUNT_BIT = 15, CT_COUNT = (1 << CT_COUNT_BIT), EXP_COUNT_BIT = 16, EXP_COUNT = (1 << EXP_COUNT_BIT), CT_STATS_BIT = 17, CT_STATS = (1 << CT_STATS_BIT), EXP_STATS_BIT = 18, EXP_STATS = (1 << EXP_STATS_BIT) } |
| enum | ct_options { CT_OPT_ORIG_SRC_BIT = 0, CT_OPT_ORIG_SRC = (1 << CT_OPT_ORIG_SRC_BIT), CT_OPT_ORIG_DST_BIT = 1, CT_OPT_ORIG_DST = (1 << CT_OPT_ORIG_DST_BIT), CT_OPT_ORIG = (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST), CT_OPT_REPL_SRC_BIT = 2, CT_OPT_REPL_SRC = (1 << CT_OPT_REPL_SRC_BIT), CT_OPT_REPL_DST_BIT = 3, CT_OPT_REPL_DST = (1 << CT_OPT_REPL_DST_BIT), CT_OPT_REPL = (CT_OPT_REPL_SRC | CT_OPT_REPL_DST), CT_OPT_PROTO_BIT = 4, CT_OPT_PROTO = (1 << CT_OPT_PROTO_BIT), CT_OPT_TUPLE_ORIG = (CT_OPT_ORIG | CT_OPT_PROTO), CT_OPT_TUPLE_REPL = (CT_OPT_REPL | CT_OPT_PROTO), CT_OPT_TIMEOUT_BIT = 5, CT_OPT_TIMEOUT = (1 << CT_OPT_TIMEOUT_BIT), CT_OPT_STATUS_BIT = 6, CT_OPT_STATUS = (1 << CT_OPT_STATUS_BIT), CT_OPT_ZERO_BIT = 7, CT_OPT_ZERO = (1 << CT_OPT_ZERO_BIT), CT_OPT_EVENT_MASK_BIT = 8, CT_OPT_EVENT_MASK = (1 << CT_OPT_EVENT_MASK_BIT), CT_OPT_EXP_SRC_BIT = 9, CT_OPT_EXP_SRC = (1 << CT_OPT_EXP_SRC_BIT), CT_OPT_EXP_DST_BIT = 10, CT_OPT_EXP_DST = (1 << CT_OPT_EXP_DST_BIT), CT_OPT_MASK_SRC_BIT = 11, CT_OPT_MASK_SRC = (1 << CT_OPT_MASK_SRC_BIT), CT_OPT_MASK_DST_BIT = 12, CT_OPT_MASK_DST = (1 << CT_OPT_MASK_DST_BIT), CT_OPT_NATRANGE_BIT = 13, CT_OPT_NATRANGE = (1 << CT_OPT_NATRANGE_BIT), CT_OPT_MARK_BIT = 14, CT_OPT_MARK = (1 << CT_OPT_MARK_BIT), CT_OPT_ID_BIT = 15, CT_OPT_ID = (1 << CT_OPT_ID_BIT), CT_OPT_FAMILY_BIT = 16, CT_OPT_FAMILY = (1 << CT_OPT_FAMILY_BIT), CT_OPT_SRC_NAT_BIT = 17, CT_OPT_SRC_NAT = (1 << CT_OPT_SRC_NAT_BIT), CT_OPT_DST_NAT_BIT = 18, CT_OPT_DST_NAT = (1 << CT_OPT_DST_NAT_BIT), CT_OPT_OUTPUT_BIT = 19, CT_OPT_OUTPUT = (1 << CT_OPT_OUTPUT_BIT), CT_OPT_SECMARK_BIT = 20, CT_OPT_SECMARK = (1 << CT_OPT_SECMARK_BIT), CT_OPT_BUFFERSIZE_BIT = 21, CT_OPT_BUFFERSIZE = (1 << CT_OPT_BUFFERSIZE_BIT), CT_OPT_ANY_NAT_BIT = 22, CT_OPT_ANY_NAT = (1 << CT_OPT_ANY_NAT_BIT), CT_OPT_ZONE_BIT = 23, CT_OPT_ZONE = (1 << CT_OPT_ZONE_BIT), CT_OPT_LABEL_BIT = 24, CT_OPT_LABEL = (1 << CT_OPT_LABEL_BIT), CT_OPT_ADD_LABEL_BIT = 25, CT_OPT_ADD_LABEL = (1 << CT_OPT_ADD_LABEL_BIT), CT_OPT_DEL_LABEL_BIT = 26, CT_OPT_DEL_LABEL = (1 << CT_OPT_DEL_LABEL_BIT) } |
| enum | { _O_XML = (1 << 0), _O_EXT = (1 << 1), _O_TMS = (1 << 2), _O_ID = (1 << 3), _O_KTMS = (1 << 4), _O_CL = (1 << 5) } |
| enum | { CT_EVENT_F_NEW = (1 << 0), CT_EVENT_F_UPD = (1 << 1), CT_EVENT_F_DEL = (1 << 2), CT_EVENT_F_ALL = CT_EVENT_F_NEW | CT_EVENT_F_UPD | CT_EVENT_F_DEL } |
| enum | { CT_TABLE_CONNTRACK, CT_TABLE_EXPECT, CT_TABLE_DYING, CT_TABLE_UNCONFIRMED } |
Functions | |
| void | register_proto (struct ctproto_handler *h) |
| int | generic_opt_check (int local_options, int num_opts, char *optset, const char *optflg[], unsigned int *coupled_flags, int coupled_flags_size, int *partial) |
| int | main (int argc, char *argv[]) |
Variables | |
| struct ctproto_handler | ct_proto_unknown |
| #define ADDR_VALID_FLAGS_MAX 2 |
Referenced by main().
| #define CT_COMPARISON |
Referenced by main().
| #define CT_STATS_ENTRIES_MAX 64 |
| #define CT_STATS_PROC "/proc/net/stat/nf_conntrack" |
| #define CT_STATS_STRING_MAX 64 |
| #define ENOTSUPP 524 /* Operation is not supported */ |
| #define NF_CONNTRACK_COUNT_PROC "/proc/sys/net/netfilter/nf_conntrack_count" |
Referenced by main().
| #define OPTION_OFFSET 256 |
| #define PARSE_EVENT 1 |
Referenced by main().
| #define PARSE_MAX 3 |
| #define PARSE_OUTPUT 2 |
Referenced by main().
| #define PARSE_STATUS 0 |
Referenced by main().
| enum ct_command |
| enum ct_options |
| int generic_opt_check | ( | int | local_options, |
| int | num_opts, | ||
| char * | optset, | ||
| const char * | optflg[], | ||
| unsigned int * | coupled_flags, | ||
| int | coupled_flags_size, | ||
| int * | partial | ||
| ) |
References exit_error(), NULL, and PARAMETER_PROBLEM.
Referenced by do_command4(), do_command6(), do_commandarp(), do_commandx(), and main().
| int main | ( | int | argc, |
| char * | argv[] | ||
| ) |
References _O_CL, ADDR_VALID_FLAGS_MAX, ATTR_CONNLABELS, ATTR_EXP_EXPECTED, ATTR_EXP_MASK, ATTR_EXP_MASTER, ATTR_EXP_TIMEOUT, ATTR_L4PROTO, ATTR_MARK, ATTR_ORIG_L3PROTO, ATTR_STATUS, ATTR_TIMEOUT, CONNTRACK, CT_COMPARISON, CT_COUNT, CT_CREATE, CT_DELETE, CT_EVENT, CT_EVENT_F_DEL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_FLUSH, CT_GET, CT_HELP, CT_LIST, CT_OPT_BUFFERSIZE, CT_OPT_DEL_LABEL, CT_OPT_DST_NAT, CT_OPT_EVENT_MASK, CT_OPT_FAMILY, CT_OPT_ORIG, CT_OPT_OUTPUT, CT_OPT_PROTO, CT_OPT_REPL, CT_OPT_STATUS, CT_OPT_TIMEOUT, CT_OPT_ZERO, CT_STATS, CT_TABLE_CONNTRACK, CT_TABLE_DYING, CT_TABLE_UNCONFIRMED, CT_UPDATE, CT_VERSION, exit_error(), EXP_COUNT, EXP_CREATE, EXP_DELETE, EXP_EVENT, EXP_FLUSH, EXP_GET, EXP_LIST, EXP_STATS, EXPECT, ctproto_handler::final_check, generic_opt_check(), IPCTNL_MSG_CT_GET_DYING, IPCTNL_MSG_CT_GET_STATS, IPCTNL_MSG_CT_GET_STATS_CPU, IPCTNL_MSG_CT_GET_UNCONFIRMED, IPCTNL_MSG_EXP_GET_STATS_CPU, NF_CONNTRACK_COUNT_PROC, NF_NETLINK_CONNTRACK_DESTROY, NF_NETLINK_CONNTRACK_EXP_DESTROY, NF_NETLINK_CONNTRACK_EXP_NEW, NF_NETLINK_CONNTRACK_EXP_UPDATE, NF_NETLINK_CONNTRACK_NEW, NF_NETLINK_CONNTRACK_UPDATE, nfct_bitmask_new(), nfct_callback_register(), nfct_catch(), nfct_close(), nfct_filter_dump_create(), nfct_filter_dump_destroy(), NFCT_FILTER_DUMP_L3NUM, NFCT_FILTER_DUMP_MARK, nfct_filter_dump_set_attr(), nfct_filter_dump_set_attr_u8(), nfct_labelmap_destroy(), nfct_nfnlh(), nfct_open(), NFCT_Q_CREATE, NFCT_Q_DESTROY, NFCT_Q_DUMP, NFCT_Q_DUMP_FILTER, NFCT_Q_DUMP_FILTER_RESET, NFCT_Q_FLUSH, NFCT_Q_GET, nfct_query(), nfct_set_attr(), nfct_set_attr_u16(), nfct_set_attr_u32(), nfct_set_attr_u8(), nfct_setobjopt(), NFCT_SOPT_SETUP_ORIGINAL, NFCT_SOPT_SETUP_REPLY, NFCT_T_ALL, nfexp_callback_register(), nfexp_catch(), nfexp_query(), nfexp_set_attr(), nfexp_set_attr_u32(), nfnl_rcvbufsiz(), NFNL_SUBSYS_CTNETLINK, NFNL_SUBSYS_CTNETLINK_EXP, NULL, NUMBER_OF_OPT, ctproto_handler::option_offset, ctproto_handler::opts, OTHER_PROBLEM, PARAMETER_PROBLEM, PARSE_EVENT, ctproto_handler::parse_opts, PARSE_OUTPUT, PARSE_STATUS, PROGNAME, register_dccp(), register_gre(), register_icmp(), register_icmpv6(), register_sctp(), register_tcp(), register_udp(), register_udplite(), register_unknown(), ct_address::v4, and ct_address::v6.
| void register_proto | ( | struct ctproto_handler * | h | ) |
References ctproto_handler::head, ctproto_handler::name, and ctproto_handler::version.
Referenced by register_dccp(), register_gre(), register_icmp(), register_icmpv6(), register_sctp(), register_tcp(), register_udp(), and register_udplite().
| const struct nlmsghdr struct nf_conntrack * ct |
Referenced by __callback(), __getobjopt(), __setobjopt(), author_destroy(), author_new(), author_update(), cb_icmp_destroy(), cb_icmp_new(), cb_icmp_update(), cb_tcp_close(), cb_tcp_close_wait(), cb_tcp_destroy(), cb_tcp_established(), cb_tcp_fin_wait(), cb_tcp_new(), cb_tcp_syn_recv(), cb_udp_destroy(), cb_udp_new(), cb_udp_update(), debug_nfct_cb(), main(), nfct_get_attr(), nfct_get_attr_grp(), nfct_new(), nfct_set_attr_grp(), nfct_set_attr_l(), nfnlmsg_ct_parse(), nl_cli_ct_alloc(), nl_create_conntrack(), and nl_update_conntrack().
| struct ctproto_handler ct_proto_unknown |
Referenced by __callback(), main(), nfexp_get_attr(), nfexp_new(), nfexp_set_attr(), and nl_create_expect().
| struct nf_conntrack* exptuple |
| struct nfct_filter_dump_mark filter_mark_kernel |
| struct nfct_bitmask* label |
| struct nfct_bitmask* label_modify |
| struct nf_conntrack * mask |
Referenced by constant_expr_splice(), cthelper_expect_init(), ebt_change_counters(), ebt_check_option(), ipset_parse_skbmark(), ipset_print_skbmark(), main(), msg2exp(), nl_addr_cmp_prefix(), rtnl_class_dsmark_set_bitmask(), rtnl_u32_add_key(), rtnl_u32_add_key_in6_addr(), and rtnl_u32_add_key_in_addr().
1.8.8