From: Pablo Neira <pablo@eurodev.net>
To: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Cc: Harald Welte <laforge@netfilter.org>, Patrick McHardy <kaber@trash.net>
Subject: [PATCH] updates for libnfnetlink_conntrack
Date: Fri, 05 Aug 2005 02:39:45 +0200 [thread overview]
Message-ID: <42F2B551.4070204@eurodev.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 489 bytes --]
@Harald: BTW, I can reach SVN to commit changes to conntrack (timeout
error).
This patch includes the following updates for the userspace
libnfnetlink_conntrack library:
a) change ctnl_open prototype: Now the subsystem is passed as parameter
to select if we work working with given subsystem, say
NFNL_CTNETLINK_CONNTRACK[_EXP].
b) added functions ctnl_[new|get|del]_expect
c) minor change in ctnl_build_tuple that let us create tuples based on
CTA_* and CTA_EXPECT_* attributes.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 6174 bytes --]
Index: include/libnfnetlink_conntrack/libnfnetlink_conntrack.h
===================================================================
--- include/libnfnetlink_conntrack/libnfnetlink_conntrack.h (revision 4208)
+++ include/libnfnetlink_conntrack/libnfnetlink_conntrack.h (working copy)
@@ -99,7 +99,7 @@
struct ctnl_msg_handler *handler[IPCTNL_MSG_MAX];
};
-extern int ctnl_open(struct ctnl_handle *, unsigned);
+extern int ctnl_open(struct ctnl_handle *, u_int8_t, unsigned);
extern int ctnl_close(struct ctnl_handle *);
extern int ctnl_unregister_handler(struct ctnl_handle *, int);
extern int ctnl_register_handler(struct ctnl_handle *,
@@ -113,6 +113,11 @@
extern int ctnl_event_conntrack(struct ctnl_handle *, int);
extern int ctnl_flush_conntrack(struct ctnl_handle *);
+extern int ctnl_new_expect(struct ctnl_handle *, struct ctnl_tuple *,
+ struct ctnl_tuple *, struct ctnl_tuple *,
+ unsigned long);
+extern int ctnl_del_expect(struct ctnl_handle *,struct ctnl_tuple *);
+extern int ctnl_get_expect(struct ctnl_handle *, struct ctnl_tuple *);
extern int ctnl_list_expect(struct ctnl_handle *, int);
extern int ctnl_event_expect(struct ctnl_handle *, int);
extern int ctnl_flush_expect(struct ctnl_handle *);
Index: src/libnfnetlink_conntrack.c
===================================================================
--- src/libnfnetlink_conntrack.c (revision 4208)
+++ src/libnfnetlink_conntrack.c (working copy)
@@ -60,7 +60,8 @@
struct ctnl_msg_handler *hdlr = cth->handler[type];
int ret;
- if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK) {
+ if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK &&
+ NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK_EXP) {
ctnl_error("received message for wrong subsys, skipping\n");
nfnl_dump_packet(n, n->nlmsg_len, "list_conntrack_handler");
return 0;
@@ -91,13 +92,14 @@
* cth: pointer to already allocated library handle
* subscriptions: netlink groups we are interested in
*/
-int ctnl_open(struct ctnl_handle *cth, unsigned subscriptions)
+int ctnl_open(struct ctnl_handle *cth, u_int8_t subsys_id,
+ unsigned subscriptions)
{
int err;
memset(cth, 0, sizeof(*cth));
- err = nfnl_open(&cth->nfnlh, NFNL_SUBSYS_CTNETLINK, subscriptions);
+ err = nfnl_open(&cth->nfnlh, subsys_id, subscriptions);
if (err < 0) {
return err;
}
@@ -249,9 +251,8 @@
}
static void ctnl_build_tuple(struct nfnlhdr *req, int size,
- struct ctnl_tuple *t, int dir)
+ struct ctnl_tuple *t, int type)
{
- enum ctattr_type type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG;
struct nfattr *nest;
nest = nfnl_nest(&req->nlh, size, type);
@@ -329,9 +330,9 @@
struct ctnl_conntrack *ct)
{
ctnl_build_tuple(req, size, &ct->tuple[CTNL_DIR_ORIGINAL],
- CTNL_DIR_ORIGINAL);
+ CTA_TUPLE_ORIG);
ctnl_build_tuple(req, size, &ct->tuple[CTNL_DIR_REPLY],
- CTNL_DIR_REPLY);
+ CTA_TUPLE_REPLY);
nfnl_addattr_l(&req->nlh, size, CTA_STATUS, &ct->status,
sizeof(unsigned int));
@@ -382,6 +383,7 @@
{
struct nfnlhdr *req;
char buf[CTNL_BUFFSIZE];
+ int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG;
memset(&buf, 0, sizeof(buf));
req = (void *) &buf;
@@ -390,7 +392,7 @@
0, AF_INET, 0, IPCTNL_MSG_CT_DELETE,
NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_ACK);
- ctnl_build_tuple(req, sizeof(buf), tuple, dir);
+ ctnl_build_tuple(req, sizeof(buf), tuple, type);
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0)
return -1;
@@ -470,3 +472,96 @@
return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
}
+
+/**
+ * ctnl_new_expect - create a new expectation
+ *
+ * cth: libctnetlink handle
+ * master_tuple: tuple of the master original direction
+ * t: direction, original or reply.
+ * exp_tuple: tuple of to-be-created expectation
+ * mask: mask of to-be-created expectation
+ * timeout: timeout of new expectation
+ */
+int ctnl_new_expect(struct ctnl_handle *cth,
+ struct ctnl_tuple *master,
+ struct ctnl_tuple *tuple,
+ struct ctnl_tuple *mask,
+ unsigned long timeout)
+{
+ struct nfnlhdr *req;
+ char buf[CTNL_BUFFSIZE];
+
+ memset(&buf, 0, sizeof(buf));
+ req = (void *) &buf;
+
+ nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
+ 0, AF_INET, 0, IPCTNL_MSG_EXP_NEW,
+ NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK);
+
+ ctnl_build_tuple(req, sizeof(buf), master, CTA_EXPECT_MASTER);
+ ctnl_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_TUPLE);
+ ctnl_build_tuple(req, sizeof(buf), mask, CTA_EXPECT_MASK);
+
+ if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_TIMEOUT, &timeout,
+ sizeof(timeout)) < 0)
+ return -1;
+
+ if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 ) {
+ ctnl_error("error while nfnl_send\n");
+ return -1;
+ }
+
+ return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+}
+
+/**
+ * ctnl_del_expect - delete an expectation from conntrack subsystem
+ *
+ * cth: libctnetlink handle
+ * t: tuple of to-be-deleted expectation
+ */
+int ctnl_del_expect(struct ctnl_handle *cth,
+ struct ctnl_tuple *tuple)
+{
+ struct nfnlhdr *req;
+ char buf[CTNL_BUFFSIZE];
+
+ memset(&buf, 0, sizeof(buf));
+ req = (void *) &buf;
+
+ nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
+ 0, AF_INET, 0, IPCTNL_MSG_EXP_DELETE,
+ NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_ACK);
+
+ ctnl_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_MASTER);
+
+ if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0)
+ return -1;
+
+ return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+}
+
+int ctnl_get_expect(struct ctnl_handle *cth,
+ struct ctnl_tuple *tuple)
+{
+ struct nfnlhdr *req;
+ char buf[CTNL_BUFFSIZE];
+
+ memset(&buf, 0, sizeof(buf));
+ req = (void *) &buf;
+
+ nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
+ 0, AF_INET, 0, IPCTNL_MSG_EXP_GET,
+ NLM_F_REQUEST|NLM_F_ACK);
+
+ ctnl_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_MASTER);
+
+ if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 ) {
+ ctnl_error("error while nfnl_send\n");
+ return -1;
+ }
+
+ return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+}
+
next reply other threads:[~2005-08-05 0:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-05 0:39 Pablo Neira [this message]
2005-08-05 12:50 ` [PATCH] updates for libnfnetlink_conntrack Harald Welte
2005-08-05 13:04 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42F2B551.4070204@eurodev.net \
--to=pablo@eurodev.net \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.