From: Pablo Neira <pablo@netfilter.org>
To: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Cc: Harald Welte <laforge@netfilter.org>
Subject: [PATCH] libnfnetlink_conntrack updates
Date: Tue, 13 Sep 2005 00:59:36 +0200 [thread overview]
Message-ID: <43260858.9010000@netfilter.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 855 bytes --]
Hi Harald,
Attached a patch that I forgot to send some time ago. The list of
changes is the following:
- Add missing files: include/libnfnetlink_conntrack/Makefile.am and
include/Makefile.am.
- Rename list_conntrack_handler to callback_handler, IMHO a proper name
for such function.
- Use new nfnl_open prototype: Now it's got four parameters.
- Kill recurrent definition of the structure nfnlhdr: Actually this
should go somewhere in libnfnetlink, later.
- Ignore utils subdirectory. It contains a testsuite that is currently
broken. Yes I know you're aware of it ;) it's on the TODO list. But
would it be worth to fix it? I use the conntrack tool to test
libnfnetlink_conntrack.
- ctnl_error now has a nicer definition.
BTW, I'll move libct to libconntrack as soon (as soon I get some spare
time) as you suggested in the TODO list.
--
Pablo
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 7659 bytes --]
Index: include/libnfnetlink_conntrack/Makefile.am
===================================================================
--- include/libnfnetlink_conntrack/Makefile.am (revision 0)
+++ include/libnfnetlink_conntrack/Makefile.am (revision 0)
@@ -0,0 +1,3 @@
+
+pkginclude_HEADERS = libnfnetlink_conntrack.h
+
Index: include/Makefile.am
===================================================================
--- include/Makefile.am (revision 0)
+++ include/Makefile.am (revision 0)
@@ -0,0 +1,3 @@
+
+SUBDIRS = libnfnetlink_conntrack
+
Index: src/libnfnetlink_conntrack.c
===================================================================
--- src/libnfnetlink_conntrack.c (revision 4257)
+++ src/libnfnetlink_conntrack.c (working copy)
@@ -28,8 +28,13 @@
#include <libnfnetlink/libnfnetlink.h>
#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
-#define ctnl_error printf
+#define ctnl_error(format, args...) fprintf(stderr, format, ## args)
+struct nfnlhdr {
+ struct nlmsghdr nlh;
+ struct nfgenmsg nfmsg;
+};
+
/***********************************************************************
* low level stuff
***********************************************************************/
@@ -40,10 +45,7 @@
int ctnl_wilddump_request(struct ctnl_handle *cth, int family, int type)
{
- struct {
- struct nlmsghdr nlh;
- struct nfgenmsg g;
- } req;
+ struct nfnlhdr req;
nfnl_fill_hdr(&cth->nfnlh, &req.nlh, 0, AF_INET, 0,
type, NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST);
@@ -52,8 +54,8 @@
}
/* handler used for nfnl_listen */
-static int list_conntrack_handler(struct sockaddr_nl *nladdr,
- struct nlmsghdr *n, void *arg)
+static int callback_handler(struct sockaddr_nl *nladdr,
+ struct nlmsghdr *n, void *arg)
{
struct ctnl_handle *cth = (struct ctnl_handle *) arg;
int type = NFNL_MSG_TYPE(n->nlmsg_type);
@@ -63,7 +65,7 @@
if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK &&
NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK_EXP) {
ctnl_error("received message for wrong subsys, skipping\n");
- nfnl_dump_packet(n, n->nlmsg_len, "list_conntrack_handler");
+ nfnl_dump_packet(n, n->nlmsg_len, "callback_handler");
return 0;
}
@@ -96,10 +98,22 @@
unsigned subscriptions)
{
int err;
+ u_int8_t cb_count;
+ switch(subsys_id) {
+ case NFNL_SUBSYS_CTNETLINK:
+ cb_count = IPCTNL_MSG_MAX;
+ break;
+ case NFNL_SUBSYS_CTNETLINK_EXP:
+ cb_count = IPCTNL_MSG_EXP_MAX;
+ break;
+ default:
+ return -ENOENT;
+ break;
+ }
memset(cth, 0, sizeof(*cth));
- err = nfnl_open(&cth->nfnlh, subsys_id, subscriptions);
+ err = nfnl_open(&cth->nfnlh, subsys_id, cb_count, subscriptions);
if (err < 0) {
return err;
}
@@ -154,14 +168,10 @@
int ctnl_flush_conntrack(struct ctnl_handle *cth)
{
- struct {
- struct nlmsghdr nlh;
- struct nfgenmsg g;
- } *req;
+ struct nfnlhdr *req;
+ char buf[sizeof(*req)];
- char buf[sizeof(*req)];
memset(&buf, 0, sizeof(buf));
-
req = (void *) &buf;
nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
@@ -171,7 +181,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 )
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
/**
@@ -184,7 +194,7 @@
if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_CT_GET) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
int ctnl_list_conntrack_zero_counters(struct ctnl_handle *cth, int family)
@@ -192,19 +202,14 @@
if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_CT_GET_CTRZERO) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
int ctnl_event_conntrack(struct ctnl_handle *cth, int family)
{
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
-struct nfnlhdr {
- struct nlmsghdr nlh;
- struct nfgenmsg nfmsg;
-};
-
static void ctnl_build_tuple_ip(struct nfnlhdr *req, int size,
struct ctnl_tuple *t)
{
@@ -271,10 +276,16 @@
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
switch (ct->tuple[CTNL_DIR_ORIGINAL].protonum) {
- case IPPROTO_TCP:
+ case IPPROTO_TCP: {
+ struct nfattr *nest_proto;
+ nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE,
&ct->protoinfo.tcp.state, sizeof(u_int8_t));
+ nfnl_nest_end(&req->nlh, nest_proto);
break;
+ }
+ default:
+ break;
}
nfnl_nest_end(&req->nlh, nest);
@@ -369,7 +380,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
/**
@@ -397,7 +408,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
static int new_update_conntrack(struct ctnl_handle *cth,
struct ctnl_conntrack *ct,
@@ -418,7 +429,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 )
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
/**
@@ -446,13 +457,13 @@
if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_EXP_GET) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
int ctnl_event_expect(struct ctnl_handle *cth, int family)
{
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
int ctnl_flush_expect(struct ctnl_handle *cth)
@@ -470,7 +481,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 )
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
/**
@@ -507,12 +518,10 @@
sizeof(timeout)) < 0)
return -1;
- if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 ) {
- ctnl_error("error while nfnl_send\n");
+ if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 )
return -1;
- }
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
/**
@@ -539,7 +548,7 @@
if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0)
return -1;
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
int ctnl_get_expect(struct ctnl_handle *cth,
@@ -557,11 +566,9 @@
ctnl_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_MASTER);
- if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 ) {
- ctnl_error("error while nfnl_send\n");
+ if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 )
return -1;
- }
- return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+ return nfnl_listen(&cth->nfnlh, &callback_handler, cth);
}
Index: Makefile.am
===================================================================
--- Makefile.am (revision 4257)
+++ Makefile.am (working copy)
@@ -1,7 +1,7 @@
AUTOMAKE_OPTIONS = foreign
INCLUDES =$(all_includes) -I$(top_srcdir)/include -I${KERNELDIR}
-SUBDIRS = include src utils
+SUBDIRS = include src
LINKOPTS = -lnfnetlink
man_MANS = #nfnetlink_conntrack.3 nfnetlink_conntrack.7
reply other threads:[~2005-09-12 22:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43260858.9010000@netfilter.org \
--to=pablo@netfilter.org \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.