[NETFILTER 11/18]: Filter dumped entries based on the layer 3 protocol number

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: David S. Miller <davem@davemloft.net>
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 11/18]: Filter dumped entries based on the layer 3 protocol number
Date: Thu,  5 Jan 2006 05:06:45 +0100 (MET)	[thread overview]
Message-ID: <20060105040609.23512.34371.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060105040554.23512.27346.sendpatchset@localhost.localdomain>

[NETFILTER]: Filter dumped entries based on the layer 3 protocol number

Dump entries of a given Layer 3 protocol number.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit d5c7bf63c8ae6153ecdf70add3f5b935d4b088a1
tree 648df16ff36e9395298e7e9bcddfebf2e06b325e
parent 61f61d46374f12a54086fe865242a3f248961d6e
author Pablo Neira Ayuso <pablo@netfilter.org> Thu, 05 Jan 2006 02:58:02 +0100
committer Patrick McHardy <kaber@trash.net> Thu, 05 Jan 2006 02:58:02 +0100

 net/netfilter/nf_conntrack_netlink.c |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 4f2e509..73ab16b 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -400,6 +400,8 @@ static int ctnetlink_done(struct netlink
 	return 0;
 }
 
+#define L3PROTO(ct) ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num
+
 static int
 ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
 {
@@ -407,6 +409,8 @@ ctnetlink_dump_table(struct sk_buff *skb
 	struct nf_conntrack_tuple_hash *h;
 	struct list_head *i;
 	u_int32_t *id = (u_int32_t *) &cb->args[1];
+	struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+	u_int8_t l3proto = nfmsg->nfgen_family;
 
 	DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__, 
 			cb->args[0], *id);
@@ -418,6 +422,11 @@ ctnetlink_dump_table(struct sk_buff *skb
 			if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
 				continue;
 			ct = nf_ct_tuplehash_to_ctrack(h);
+			/* Dump entries of a given L3 protocol number.
+			 * If it is not specified, ie. l3proto == 0,
+			 * then dump everything. */
+			if (l3proto && L3PROTO(ct) != l3proto)
+				continue;
 			if (ct->id <= *id)
 				continue;
 			if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -444,6 +453,8 @@ ctnetlink_dump_table_w(struct sk_buff *s
 	struct nf_conntrack_tuple_hash *h;
 	struct list_head *i;
 	u_int32_t *id = (u_int32_t *) &cb->args[1];
+	struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+	u_int8_t l3proto = nfmsg->nfgen_family;	
 
 	DEBUGP("entered %s, last bucket=%u id=%u\n", __FUNCTION__, 
 			cb->args[0], *id);
@@ -455,6 +466,8 @@ ctnetlink_dump_table_w(struct sk_buff *s
 			if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
 				continue;
 			ct = nf_ct_tuplehash_to_ctrack(h);
+			if (l3proto && L3PROTO(ct) != l3proto)
+				continue;
 			if (ct->id <= *id)
 				continue;
 			if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -750,9 +763,6 @@ ctnetlink_get_conntrack(struct sock *ctn
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 		u32 rlen;
 
-		if (nfmsg->nfgen_family != AF_INET)
-			return -EAFNOSUPPORT;
-
 		if (NFNL_MSG_TYPE(nlh->nlmsg_type) ==
 					IPCTNL_MSG_CT_GET_CTRZERO) {
 #ifdef CONFIG_NF_CT_ACCT
@@ -1251,12 +1261,16 @@ ctnetlink_exp_dump_table(struct sk_buff 
 	struct nf_conntrack_expect *exp = NULL;
 	struct list_head *i;
 	u_int32_t *id = (u_int32_t *) &cb->args[0];
+	struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+	u_int8_t l3proto = nfmsg->nfgen_family;
 
 	DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
 
 	read_lock_bh(&nf_conntrack_lock);
 	list_for_each_prev(i, &nf_conntrack_expect_list) {
 		exp = (struct nf_conntrack_expect *) i;
+		if (l3proto && exp->tuple.src.l3num != l3proto)
+			continue;
 		if (exp->id <= *id)
 			continue;
 		if (ctnetlink_exp_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -1298,9 +1312,6 @@ ctnetlink_get_expect(struct sock *ctnl, 
 	if (nlh->nlmsg_flags & NLM_F_DUMP) {
 		u32 rlen;
 
-		if (nfmsg->nfgen_family != AF_INET)
-			return -EAFNOSUPPORT;
-
 		if ((*errp = netlink_dump_start(ctnl, skb, nlh,
 		    				ctnetlink_exp_dump_table,
 						ctnetlink_done)) != 0)

next prev parent reply	other threads:[~2006-01-05  4:06 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-05  4:06 [NETFILTER 00/18]: 2.6.15 netfilter update Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 01/18]: Decrease number of pointer derefs in nfnetlink_queue.c Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 02/18]: Decrease number of pointer derefs in nf_conntrack_core.c Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 03/18]: ctnetlink: remove bogus checks in ICMP protocol at dumping Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 04/18]: ctnetlink: Add sanity checkings for ICMP Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 05/18]: ctnetlink: propagate ctnetlink_dump_tuples_proto return value back Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 06/18]: ctnetlink: use u_int32_t instead of unsigned int Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 07/18]: ctnetlink: ctnetlink_event cleanup Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 08/18]: ctnetlink: fix conntrack mark race Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 09/18]: ctnetlink: remove unused variable Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 10/18]: Add ctnetlink port for nf_conntrack Patrick McHardy
2006-01-05  4:06 ` Patrick McHardy [this message]
2006-01-05  4:06 ` [NETFILTER 12/18]: Fix module_param types and permissions Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 13/18]: ctnetlink: Fix dumping of helper name Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 14/18]: Remove okfn usage in ip_vs_core.c Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 15/18]: Call POST_ROUTING hook before fragmentation Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 16/18]: make ipv6_find_hdr() find transport protocol header Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 17/18]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack Patrick McHardy
2006-01-05  4:06 ` [NETFILTER 18/18]: nf_conntrack_l3proto_ipv4.c needs net/route.h Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4f2e509 dfblob:73ab16b )
 OR (
bs:"[NETFILTER 11/18]: Filter dumped entries based on the layer 3 protocol number" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060105040609.23512.34371.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.