From 457092c60aa88b51640cd5f3b13214d562a0126c Mon Sep 17 00:00:00 2001 From: Thomas Bernard Date: Tue, 8 May 2012 00:21:03 +0200 Subject: [PATCH] Finalizing netfilter version of get_pinhole_info() --- miniupnpd/Changelog.txt | 5 ++++- miniupnpd/netfilter/iptpinhole.c | 37 ++++++++++++++++++++++++++------ miniupnpd/upnppinhole.c | 11 ++++++---- 3 files changed, 42 insertions(+), 11 deletions(-) diff --git a/miniupnpd/Changelog.txt b/miniupnpd/Changelog.txt index 8438a6d..53da3bc 100644 --- a/miniupnpd/Changelog.txt +++ b/miniupnpd/Changelog.txt @@ -1,4 +1,7 @@ -$Id: Changelog.txt,v 1.280 2012/05/01 22:37:52 nanard Exp $ +$Id: Changelog.txt,v 1.281 2012/05/07 15:40:03 nanard Exp $ + +2012/05/07: + Finalizing netfilter version of get_pinhole_info() 2012/05/01: Move IPv6FirewallControl related code from upnpredirect.c to upnppinhole.c diff --git a/miniupnpd/netfilter/iptpinhole.c b/miniupnpd/netfilter/iptpinhole.c index bceaf55..9705632 100644 --- a/miniupnpd/netfilter/iptpinhole.c +++ b/miniupnpd/netfilter/iptpinhole.c @@ -1,4 +1,4 @@ -/* $Id: iptpinhole.c,v 1.4 2012/05/01 22:37:53 nanard Exp $ */ +/* $Id: iptpinhole.c,v 1.6 2012/05/07 15:40:04 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * (c) 2012 Thomas Bernard @@ -336,11 +336,36 @@ get_pinhole_info(unsigned short uid, *proto = p->proto; if(timestamp) *timestamp = p->timestamp; - /* TODO */ - if(packets) - *packets = 0; - if(bytes) - *bytes = 0; + if(packets || bytes) { + /* theses informations need to be read from netfilter */ + IP6TC_HANDLE h; + const struct ip6t_entry * e; + const struct ip6t_entry_match * match; + h = ip6tc_init("filter"); + if(!h) { + syslog(LOG_ERR, "ip6tc_init error : %s", ip6tc_strerror(errno)); + return -1; + } + for(e = ip6tc_first_rule(miniupnpd_v6_filter_chain, h); + e; + e = ip6tc_next_rule(e, h)) { + if((e->ipv6.proto == p->proto) && + (0 == memcmp(&e->ipv6.src, &p->saddr, sizeof(e->ipv6.src))) && + (0 == memcmp(&e->ipv6.dst, &p->daddr, sizeof(e->ipv6.dst)))) { + const struct ip6t_tcp * info; + match = (const struct ip6t_entry_match *)&e->elems; + info = (const struct ip6t_tcp *)&match->data; + if((info->spts[0] == p->sport) && (info->dpts[0] == p->dport)) { + if(packets) + *packets = e->counters.pcnt; + if(bytes) + *bytes = e->counters.bcnt; + break; + } + } + } + ip6tc_free(h); + } return 0; } diff --git a/miniupnpd/upnppinhole.c b/miniupnpd/upnppinhole.c index 7a8c131..2609fbb 100644 --- a/miniupnpd/upnppinhole.c +++ b/miniupnpd/upnppinhole.c @@ -1,4 +1,4 @@ -/* $Id: upnppinhole.c,v 1.2 2012/05/01 22:37:53 nanard Exp $ */ +/* $Id: upnppinhole.c,v 1.3 2012/05/07 15:40:04 nanard Exp $ */ /* MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * (c) 2006-2012 Thomas Bernard @@ -220,11 +220,14 @@ upnp_get_pinhole_info(unsigned short uid, #if defined(USE_PF) || defined(USE_NETFILTER) int r; unsigned int timestamp; - u_int64_t packets_tmp, bytes_tmp; + u_int64_t packets_tmp; + /*u_int64_t bytes_tmp;*/ r = get_pinhole_info(uid, raddr, raddrlen, rport, - iaddr, iaddrlen, iport, proto, ×tamp, - &packets_tmp, &bytes_tmp); + iaddr, iaddrlen, iport, proto, + leasetime ? ×tamp : NULL, + packets ? &packets_tmp : NULL, + NULL/*&bytes_tmp*/); if(r >= 0) { if(leasetime) { time_t current_time;