tags 232058 patch thanks Alexey 'Snake' Nezhdanov <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED]:/tmp/cutter-1.02$ sudo cutter 192.168.0.20 32937 > 192.168.0.100 5222 > No matching connections found > =========8<================= > I do not really know if this problem 2.6 kernel-specific or not...
I've looked into this and fixed it. The problem was that some fields were added to /proc/net/ip_conntrack for 2.6 and cutter wasn't able to parse them. I've attached 2 /proc/net/ip_conntrack dumps, one from a 2.4 machine and one from a 2.6 box. Also attached is a patch that fixes the parsing issues. Unfortunately I couldn't test it on 2.6, since I don't have a router running linux 2.6. I've only tested the parsing part on 2.6. On 2.4 everything continues to work fine with my patch. Parsing still works and cutting the connection also functions. On 2.6 parsing works well to, and as far as I could test it, killing connections also works. Blars, do you care to upload this (probably alongside with the cleanup work I submitted in #372251)? Cheers, Christian Aichinger
diff -Nur cutter-1.02.old/cutter.c cutter-1.02/cutter.c
--- cutter-1.02.old/cutter.c 2003-06-16 21:35:02.000000000 +0200
+++ cutter-1.02/cutter.c 2006-06-09 06:26:30.000000000 +0200
@@ -454,11 +454,12 @@
char *junk[] = { "[UNREPLIED]", "[ASSURED]", NULL };
FILE *id = fopen( "/proc/net/ip_conntrack", "r" );
char src1[32], dst1[32], src2[32], dst2[32];
- int sport1, dport1, sport2, dport2, i, n, life, use;
+ int sport1, dport1, sport2, dport2, i, nread;
in_addr_t src1n, src2n, dst1n, dst2n;
char buff[1024], *p;
int found = 0;
int ok = TRUE;
+ int res;
if (id == NULL) {
perror( "openning /proc/net/ip_conntrack" );
@@ -470,16 +471,23 @@
while ((p = strstr(buff, junk[i])))
strcpy(p, p+strlen(junk[i]));
- if (sscanf(buff,
- "tcp %d %d ESTABLISHED "
- "src=%s dst=%s sport=%d dport=%d "
- "src=%s dst=%s sport=%d dport=%d "
- "use=%d",
- &n, &life,
- src1, dst1, &sport1, &dport1,
- src2, dst2, &sport2, &dport2,
- &use
- ) != 11)
+ res = sscanf(buff,
+ "tcp %*d %*d ESTABLISHED "
+ "src=%s dst=%s sport=%d dport=%d %n",
+ src1, dst1, &sport1, &dport1, &nread);
+
+ // `man sscanf` is unclear about the effect of %n on the retval,
+ // so we just check for both
+ if ((res != 4) && (res != 5))
+ continue;
+
+ if (!(p = strstr(buff+nread, "src=")))
+ continue;
+
+ if (sscanf(p,
+ "src=%s dst=%s sport=%d dport=%d",
+ src2, dst2, &sport2, &dport2
+ ) != 4)
continue;
src1n = inet_addr(src1);
tcp 6 99 TIME_WAIT src=192.168.0.2 dst=213.165.64.22 sport=54337 dport=110 src=213.165.64.22 dst=85.255.145.201 sport=110 dport=54337 [ASSURED] use=1 tcp 6 431953 ESTABLISHED src=192.168.0.2 dst=64.62.190.36 sport=41988 dport=6667 src=64.62.190.36 dst=85.255.145.201 sport=6667 dport=41988 [ASSURED] use=1 tcp 6 44316 ESTABLISHED src=192.168.0.2 dst=216.165.191.52 sport=52240 dport=6667 src=216.165.191.52 dst=85.255.145.201 sport=6667 dport=52240 [ASSURED] use=1 tcp 6 431944 ESTABLISHED src=192.168.0.2 dst=81.169.154.156 sport=44250 dport=31340 src=81.169.154.156 dst=85.255.145.201 sport=31340 dport=44250 [ASSURED] use=1 tcp 6 431999 ESTABLISHED src=192.168.0.2 dst=192.168.0.1 sport=33755 dport=26 src=192.168.0.1 dst=192.168.0.2 sport=26 dport=33755 [ASSURED] use=1 udp 17 162 src=192.168.0.2 dst=192.168.0.1 sport=32799 dport=53 src=192.168.0.1 dst=192.168.0.2 sport=53 dport=32799 [ASSURED] use=1 tcp 6 431974 ESTABLISHED src=192.168.0.2 dst=216.165.191.52 sport=42852 dport=6667 src=216.165.191.52 dst=85.255.145.201 sport=6667 dport=42852 [ASSURED] use=1 tcp 6 102 TIME_WAIT src=192.168.0.2 dst=81.169.154.156 sport=34078 dport=110 src=81.169.154.156 dst=85.255.145.201 sport=110 dport=34078 [ASSURED] use=1 tcp 6 431973 ESTABLISHED src=192.168.0.2 dst=64.12.26.133 sport=52887 dport=5190 src=64.12.26.133 dst=85.255.145.201 sport=5190 dport=52887 [ASSURED] use=1 tcp 6 431999 ESTABLISHED src=86.59.27.227 dst=85.255.145.201 sport=25549 dport=22 src=192.168.0.2 dst=86.59.27.227 sport=22 dport=25549 [ASSURED] use=1 tcp 6 43719 ESTABLISHED src=192.168.0.2 dst=64.62.190.36 sport=39197 dport=6667 src=64.62.190.36 dst=85.255.145.201 sport=6667 dport=39197 [ASSURED] use=1 tcp 6 431956 ESTABLISHED src=192.168.0.2 dst=212.112.242.3 sport=47328 dport=6667 src=212.112.242.3 dst=85.255.145.201 sport=6667 dport=47328 [ASSURED] use=1 tcp 6 105 TIME_WAIT src=192.168.0.2 dst=85.255.144.80 sport=43843 dport=110 src=85.255.144.80 dst=85.255.145.201 sport=110 dport=43843 [ASSURED] use=1
tcp 6 430163 ESTABLISHED src=192.168.2.168 dst=192.168.2.128 sport=22 dport=46811 packets=786 bytes=221932 src=192.168.2.128 dst=192.168.2.168 sport=46811 dport=22 packets=839 bytes=48884 [ASSURED] mark=0 use=1 tcp 6 431985 ESTABLISHED src=192.168.0.200 dst=209.87.179.222 sport=57234 dport=21 packets=10 bytes=571 src=209.87.179.222 dst=192.168.0.200 sport=21 dport=57234 packets=8 bytes=671 [ASSURED] mark=0 use=1 tcp 6 431985 ESTABLISHED src=192.168.0.200 dst=85.255.145.201 sport=34700 dport=22 packets=716 bytes=49655 src=85.255.145.201 dst=192.168.0.200 sport=22 dport=34700 packets=620 bytes=316931 [ASSURED] mark=0 use=1 udp 17 165 src=192.168.2.1 dst=192.168.2.128 sport=1194 dport=34067 packets=7294 bytes=8223696 src=192.168.2.128 dst=192.168.2.1 sport=34067 dport=1194 packets=6501 bytes=1129762 [ASSURED] mark=0 use=1 udp 17 5 src=192.168.2.128 dst=192.168.2.1 sport=34078 dport=53 packets=1 bytes=59 src=192.168.2.1 dst=192.168.2.128 sport=53 dport=34078 packets=1 bytes=131 mark=0 use=1
signature.asc
Description: Digital signature
