Re: [security] iptables

To: debian-security@lists.debian.org
Subject: Re: [security] iptables
From: Samu <samu@linuxasylum.net>
Date: Tue, 3 Jul 2001 14:08:59 +0200
Message-id: <[🔎] 20010703140859.A12106@linuxasylum.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010702220323.A30287@fishbowl.madduck.net>

On Mon, Jul 02, 2001 at 10:03:23PM +0200, Martin F. Krafft wrote:
> > using iptables. I didn't found it in man iptables.

you must take a look at /proc/net/ip_conntrack 

i'm attaching here a small c source that was sent to netfilter ml some time
ago about a little program that keep you watching Masq connection. 
i'm not the author so redirect flames to /dev/null :-)))

bye 
Samuele 


-- 
Samuele Tonon  <samu@linuxasylum.net>
Undergraduate Student  of  Computer Science at  University of Bologna, Italy    
System administrator at Computer Science Lab's, University of Bologna, Italy  
Founder & Member of A.A.H.T.
UIN 3155609 
          	Acid -- better living through chemistry.
			       Timothy Leary

/*

   tracklist.c

   Earl C. Terwilliger
   Email: earlt@agent-source.com

*/

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define MAXLINE 512
#define MAXFIELDS 80
#define BLANK   ' '
#define LF      0x0A
#define CR      0x0D
#define TAB     0x09
#define SPACE   0x20
static char line[MAXLINE+1];
static char *field[MAXFIELDS];

int getparsedline(char *line);
char *extract_field(char start, char *fld);
char *get_host_name(char *ip);

#define CONNTRACK "/proc/net/ip_conntrack"

FILE *fp1;

int main(int argc, char **argv)
{
   int c;
   if ((fp1 = fopen(CONNTRACK,"rb")) == NULL) {
	printf("OPEN failed for file %s\n",CONNTRACK);
	return(0);
   }
   printf("       SOURCE          DESTINATION      STATUS\n");
   while ((c = getparsedline(line)) != 0) {
        switch (field[0][0]) {
            case 'u':
	        printf("UDP %-16s %-16s %-16s %s\n",
                   extract_field('=',field[3]),
                   extract_field('=',field[4]),
                   field[11],
	           get_host_name(extract_field('=',field[4])));
                break;
            case 't':
	        printf("TCP %-16s %-16s %-16s %s\n",
                   extract_field('=',field[4]),
                   extract_field('=',field[5]),
                   field[3],
	           get_host_name(extract_field('=',field[5])));
                break;
            default:
                break;
        }
   }
   fclose(fp1);
   return(0);
}
char *get_host_name(char *ip)
{
   static  struct hostent *h;
   static  unsigned int addr; 
   addr = inet_addr(ip);
   if ((h=gethostbyaddr((char *)&addr,4,AF_INET)) == NULL) {
       return("unknown host");
   }
//   printf("%s",h->h_name);
//   printf("IP Address  : %s\n",inet_ntoa(*((struct in_addr *)h->h_addr)));
    return(h->h_name);
}        
char *extract_field(char start, char *fld)
{
    while(*fld != start) ++fld;
    ++fld;
    return(fld);
}
getparsedline(line)
    char *line;
{
    int c,d,f;
    char *str, prev;    
    f = 0;
    str = line;
    prev = ' ';
    for (d=0;d<MAXLINE;++d) {
		c = getc(fp1);
		if (c == EOF) break;
		if (c == CR) continue;
		if (c == LF) { ++d; break; }
		if (c == ' ') *line = '\0';
		else {
			if (prev == ' ') { field[f] = line; ++f; }
			*line = c;
		}
		prev = c;
		++line;
    }
    field[f] = NULL;
    *line = 0x00;
    return(d);
}

Reply to:

References:
- Re: [security] iptables
  - From: "Martin F. Krafft" <madduck@madduck.net>

Prev by Date: Re: How to write a secure C program..
Next by Date: Re: How to write a secure C program..
Previous by thread: Re: [security] iptables
Next by thread: Re: Re[2]: Wierd file name?
Index(es):
- Date
- Thread