Changeset 9447 for mirror/edenwall/pynetfilter_conntrack/trunk
- Timestamp:
- 10/01/08 16:21:23 (22 months ago)
- svm:headrev:
c624a6cb-57d4-0310-9736-a25a8df6d016:16284- svk:copy_cache_prev:
- 9444
- Location:
- mirror/edenwall/pynetfilter_conntrack/trunk/pynetfilter_conntrack
- Files:
-
- 1 added
- 2 modified
-
__init__.py (modified) (1 diff)
-
conntrack.py (modified) (5 diffs)
-
filter.py (added)
Legend:
- Unmodified
- Added
- Removed
-
mirror/edenwall/pynetfilter_conntrack/trunk/pynetfilter_conntrack/__init__.py
r5882 r9447 5 5 from pynetfilter_conntrack.func_expect import * 6 6 from pynetfilter_conntrack.conntrack_entry import * 7 from pynetfilter_conntrack.filter import Filter 7 8 from pynetfilter_conntrack.conntrack import * 8 9 from pynetfilter_conntrack.expect_entry import * -
mirror/edenwall/pynetfilter_conntrack/trunk/pynetfilter_conntrack/conntrack.py
r9445 r9447 1 from pynetfilter_conntrack import ConntrackEntry, \1 from pynetfilter_conntrack import ConntrackEntry, Filter, \ 2 2 nfct_query, nfct_callback_t, nfct_callback_register, \ 3 3 nfct_callback_unregister, nfct_catch, \ 4 CONNTRACK, NFCT_Q_DUMP, NFCT_T_ALL, NFCT_CB_CONTINUE, NFCT_CB_STOLEN, \ 5 IPPROTO_TCP, TCP_CONNTRACK_TIME_WAIT, PF_INET, PF_INET6 4 CONNTRACK, NFCT_Q_DUMP, NFCT_T_ALL, NFCT_CB_CONTINUE, NFCT_CB_STOLEN 6 5 from pynetfilter_conntrack.conntrack_base import ConntrackBase 7 6 from ctypes import byref … … 36 35 self.callback_arg = None 37 36 38 def filterConnection(self, conn, filter): 39 # Ignore TCP connection in state TIME_WAIT 40 if (conn.orig_l4proto == IPPROTO_TCP) \ 41 and (conn.tcp_state == TCP_CONNTRACK_TIME_WAIT): 42 return False 43 44 # Get source and destination IP (v4 or v6) addresses 45 l3proto = conn.orig_l3proto 46 if l3proto == PF_INET: 47 ip_src = conn.orig_ipv4_src 48 ip_dst = conn.orig_ipv4_dst 49 elif l3proto == PF_INET6: 50 ip_src = conn.orig_ipv6_src 51 ip_dst = conn.orig_ipv6_dst 52 else: 53 return True 54 55 # Ignore IP address in self.filter 56 for network in filter: 57 if (ip_src in network) or (ip_dst in network): 58 return False 59 return True 60 61 def dump_table(self, family=AF_INET, event_type=NFCT_T_ALL, drop_networks=None, sort=None, reverse=False, start=0, size=None): 37 def dump_table(self, family=AF_INET, event_type=NFCT_T_ALL, filter=None): 38 if not filter: 39 filter = Filter() 62 40 if HAS_CNETFILTER_CONNTRACK: 63 41 if family != AF_INET: 64 42 raise ValueError("cnetfilter_conntrack only supports IPv4") 65 if drop_networks: 66 drop_networks = tuple((ip.int(), ip.broadcast().int()) for ip in drop_networks) 67 if not size: 68 size = 0 69 table, total = dump_table_ipv4(self.handle, drop_networks=drop_networks, sort=sort, reverse=reverse, start=start, size=size) 43 options = filter.createCNetfilterOptions() 44 table, total = dump_table_ipv4(self.handle, **options) 70 45 71 46 connections = [] … … 80 55 return connections, total 81 56 else: 82 if sort:83 raise NotImplementedError("Python version of dump_table() doesn't support sorting")84 if reverse:85 raise NotImplementedError("Python version of dump_table() doesn't support reverse")86 87 57 # Create a pointer to a 'uint8_t' of the address family 88 58 family = byref(uint8_t(family)) … … 90 60 def copyEntry(msgtype, conntrack, data): 91 61 conn = ConntrackEntry(self, conntrack, msgtype) 92 if not self.filterConnection(conn, drop_networks):62 if not filter.filterConnection(conn): 93 63 conn._destroy = False 94 64 return NFCT_CB_CONTINUE … … 101 71 self.query(NFCT_Q_DUMP, family) 102 72 self.unregister_callback() 103 table = copyEntry.ctlist 73 connset = copyEntry.ctlist 74 75 # Sort the list 76 filter.sortTable(connset) 104 77 105 78 # Truncated the list 106 79 total = len(connset) 107 if size is None: 108 connset = connset[start:] 109 else: 110 connset = connset[start:start+size] 80 connset = filter.truncate(connset) 111 81 112 82 # Suppress unwanted entries 113 return table, total83 return connset, total 114 84 115 85 def query(self, command, argument):
