Re: [patch 1/1] Add subsystem accessors

[Pablo Neira Ayuso <pablo@netfilter.org>]

Holger Eitzenberger wrote:
> Pablo Neira Ayuso wrote:
> 
>>> Need by newer ulogd v2.
>>
>> Why do you need this? If I apply this, I'll have to provide support for
>> people mixing calls to libnfnetlink and libnetfilter_conntrack which can
>> be a problematic. The subsys handles are encapsulated for that reason.
>>
>> If you really need them, I suggest you to use libnfnetlink together with
>> the low level functions libnetfilter_conntrack functions:
>> nfct_[build|parse]_conntrack and nfct_build_query.
> 
> Which would nullify the use of libnetfilter-conntrack with ulogd.

No way. You're abusing the library APIs. The proper way for what you
want to do is the following:

1) open a nfnl handle
2) open a nfnl_subsys_handle
3) register the callback
4) use nfct_parse_conntrack inside the callback to get the conntrack
object while you can still access netlink details (such as the sequence
number).
5) use nfct_build_query plus nfnl_query if you want to send request to
ctnetlink.

This is the way to work in "low level" with libnfnetlink and
libnetfilter_conntrack. As said, with "low level" I mean if you require
netlink details. This is pretty similar to libnl.

If you require "high level", ie. no netlink details, you only have to
use the libnetfilter_conntrack API. Sorry, your patch violates layering
since you're doing some in "the wrong way(tm)", your want to mix low and
high level.

> BTW, after using the new libnetfilter-conntrack I get this:
> 
>  ulogd_inpflow_NFCT.c:455: warning: passing argument 1 of 'nfnl_send'
>   discards qualifiers from pointer target type
> ulogd_inpflow_NFCT.c: In function 'read_cb_nfct':
>  ulogd_inpflow_NFCT.c:1043: warning: passing argument 1 of
> 'nfnl_recv_msgs' discards qualifiers from pointer target type
>  ulogd_inpflow_NFCT.c: In function 'nfct_start':
> ulogd_inpflow_NFCT.c:1156: warning: passing argument 1 of
>  'nfnl_rcvbufsiz' discards qualifiers from pointer target type
> ulogd_inpflow_NFCT.c: In function 'read_cb_nfct':
>  ulogd_inpflow_NFCT.c:1043: warning: passing argument 1 of
> 'nfnl_recv_msgs' discards qualifiers from pointer target type
> ...
> 
> Do you accept patches for that or should I just cast-away the wrong
> const there?

I'm going to apply a patch to constify nfnl_send. The const in
nfct_nfnlh() is fine, it's there to warn people about improper use of
the API, ie. those that want to violate encapsulation.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers