From: Patrick McHardy <kaber@trash.net>
To: tgraf@suug.ch
Cc: Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org, philipc@snapgear.com
Subject: [LIBNL 08/09]: Support conntrack add/delete/query requests
Date: Fri, 18 Jan 2008 17:55:58 +0100 (MET) [thread overview]
Message-ID: <20080118165525.13385.47304.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080118165514.13385.44695.sendpatchset@localhost.localdomain>
commit 5d2b826674d411f99e571fd35ad5722fed077e5e
Author: Patrick McHardy <kaber@trash.net>
Date: Fri Jan 18 17:53:14 2008 +0100
[LIBNL]: Support conntrack add/delete/query requests
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/netlink/netfilter/ct.h b/include/netlink/netfilter/ct.h
index 965b869..f554017 100644
--- a/include/netlink/netfilter/ct.h
+++ b/include/netlink/netfilter/ct.h
@@ -39,6 +39,15 @@ extern void nfnl_ct_put(struct nfnl_ct *);
extern int nfnl_ct_dump_request(struct nl_handle *);
+extern struct nl_msg * nfnl_ct_build_add_request(const struct nfnl_ct *, int);
+extern int nfnl_ct_add(struct nl_handle *, const struct nfnl_ct *, int);
+
+extern struct nl_msg * nfnl_ct_build_delete_request(const struct nfnl_ct *, int);
+extern int nfnl_ct_delete(struct nl_handle *, const struct nfnl_ct *, int);
+
+extern struct nl_msg * nfnl_ct_build_query_request(const struct nfnl_ct *, int);
+extern int nfnl_ct_query(struct nl_handle *, const struct nfnl_ct *, int);
+
extern void nfnl_ct_set_family(struct nfnl_ct *, uint8_t);
extern uint8_t nfnl_ct_get_family(const struct nfnl_ct *);
diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c
index e9df924..e16a606 100644
--- a/lib/netfilter/ct.c
+++ b/lib/netfilter/ct.c
@@ -9,6 +9,7 @@
* Copyright (c) 2003-2006 Thomas Graf <tgraf@suug.ch>
* Copyright (c) 2007 Philip Craig <philipc@snapgear.com>
* Copyright (c) 2007 Secure Computing Corporation
+ * Copyright (c= 2008 Patrick McHardy <kaber@trash.net>
*/
/**
@@ -388,6 +389,158 @@ static int ct_request_update(struct nl_cache *c, struct nl_handle *h)
return nfnl_ct_dump_request(h);
}
+static int nfnl_ct_build_tuple(struct nl_msg *msg, const struct nfnl_ct *ct,
+ int repl)
+{
+ struct nlattr *tuple, *ip, *proto;
+ struct nl_addr *addr;
+ int family;
+
+ family = nfnl_ct_get_family(ct);
+
+ tuple = nla_nest_start(msg, repl ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG);
+ if (!tuple)
+ goto nla_put_failure;
+
+ ip = nla_nest_start(msg, CTA_TUPLE_IP);
+ if (!ip)
+ goto nla_put_failure;
+
+ addr = nfnl_ct_get_src(ct, repl);
+ if (addr)
+ NLA_PUT_ADDR(msg,
+ family == AF_INET ? CTA_IP_V4_SRC : CTA_IP_V6_SRC,
+ addr);
+
+ addr = nfnl_ct_get_dst(ct, repl);
+ if (addr)
+ NLA_PUT_ADDR(msg,
+ family == AF_INET ? CTA_IP_V4_DST : CTA_IP_V6_DST,
+ addr);
+
+ nla_nest_end(msg, ip);
+
+ proto = nla_nest_start(msg, CTA_TUPLE_PROTO);
+ if (!proto)
+ goto nla_put_failure;
+
+ if (nfnl_ct_test_proto(ct))
+ NLA_PUT_U8(msg, CTA_PROTO_NUM, nfnl_ct_get_proto(ct));
+
+ if (nfnl_ct_test_src_port(ct, repl))
+ NLA_PUT_U16(msg, CTA_PROTO_SRC_PORT,
+ nfnl_ct_get_src_port(ct, repl));
+
+ if (nfnl_ct_test_dst_port(ct, repl))
+ NLA_PUT_U16(msg, CTA_PROTO_DST_PORT,
+ nfnl_ct_get_dst_port(ct, repl));
+
+ if (nfnl_ct_test_icmp_id(ct, repl))
+ NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
+ nfnl_ct_get_icmp_id(ct, repl));
+
+ if (nfnl_ct_test_icmp_type(ct, repl))
+ NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
+ nfnl_ct_get_icmp_type(ct, repl));
+
+ if (nfnl_ct_test_icmp_code(ct, repl))
+ NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
+ nfnl_ct_get_icmp_code(ct, repl));
+
+ nla_nest_end(msg, proto);
+
+ nla_nest_end(msg, tuple);
+ return 0;
+
+nla_put_failure:
+ return -1;
+}
+
+static struct nl_msg *nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags)
+{
+ struct nl_msg *msg;
+
+ msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags,
+ nfnl_ct_get_family(ct), 0);
+ if (msg == NULL)
+ return NULL;
+
+ if (nfnl_ct_build_tuple(msg, ct, 0) < 0)
+ goto err_out;
+
+ return msg;
+
+err_out:
+ nlmsg_free(msg);
+ return NULL;
+}
+
+struct nl_msg *nfnl_ct_build_add_request(const struct nfnl_ct *ct, int flags)
+{
+ return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_NEW, flags);
+}
+
+int nfnl_ct_add(struct nl_handle *h, const struct nfnl_ct *ct, int flags)
+{
+ struct nl_msg *msg;
+ int err;
+
+ msg = nfnl_ct_build_add_request(ct, flags);
+ if (msg == NULL)
+ return nl_errno(ENOMEM);
+
+ err = nl_send_auto_complete(h, msg);
+ nlmsg_free(msg);
+ if (err < 0)
+ return err;
+
+ return nl_wait_for_ack(h);
+}
+
+struct nl_msg *nfnl_ct_build_delete_request(const struct nfnl_ct *ct, int flags)
+{
+ return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_DELETE, flags);
+}
+
+int nfnl_ct_del(struct nl_handle *h, const struct nfnl_ct *ct, int flags)
+{
+ struct nl_msg *msg;
+ int err;
+
+ msg = nfnl_ct_build_delete_request(ct, flags);
+ if (msg == NULL)
+ return nl_errno(ENOMEM);
+
+ err = nl_send_auto_complete(h, msg);
+ nlmsg_free(msg);
+ if (err < 0)
+ return err;
+
+ return nl_wait_for_ack(h);
+}
+
+struct nl_msg *nfnl_ct_build_query_request(const struct nfnl_ct *ct, int flags)
+{
+ return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_GET, flags);
+}
+
+int nfnl_ct_query(struct nl_handle *h, const struct nfnl_ct *ct, int flags)
+{
+ struct nl_msg *msg;
+ int err;
+
+ msg = nfnl_ct_build_query_request(ct, flags);
+ if (msg == NULL)
+ return nl_errno(ENOMEM);
+
+ err = nl_send_auto_complete(h, msg);
+ nlmsg_free(msg);
+ if (err < 0)
+ return err;
+
+ return nl_wait_for_ack(h);
+}
+
/**
* @name Cache Management
* @{
next prev parent reply other threads:[~2008-01-18 16:56 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-18 16:55 [LIBNL 00/09]: Netfilter update + minor fixes Patrick McHardy
2008-01-18 16:55 ` [LIBNL 01/09]: Add if_vlan.h Patrick McHardy
2008-02-07 11:50 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 02/09]: Fix minor memleaks on exit Patrick McHardy
2008-02-07 11:52 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 03/09]: Generic netfilter stuff Patrick McHardy
2008-02-07 11:54 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 04/09]: Add nfnetlink_queue support Patrick McHardy
2008-02-07 12:00 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 05/09]: nfnetlink_log: only set hwproto if not zero Patrick McHardy
2008-02-07 12:01 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 06/09]: nfnetlink_log: support NUFLA_GID attribute Patrick McHardy
2008-02-07 12:03 ` Thomas Graf
2008-01-18 16:55 ` [LIBNL 07/09]: Split up nfnetlink_log into log and msg objects Patrick McHardy
2008-01-21 8:05 ` Philip Craig
2008-01-21 9:45 ` Patrick McHardy
2008-02-07 12:11 ` Thomas Graf
2008-01-18 16:55 ` Patrick McHardy [this message]
2008-01-21 8:39 ` [LIBNL 08/09]: Support conntrack add/delete/query requests Philip Craig
2008-01-21 9:46 ` Patrick McHardy
2008-01-21 10:53 ` Philip Craig
2008-01-21 10:55 ` Patrick McHardy
2008-02-07 12:14 ` Thomas Graf
2008-02-19 12:32 ` Patrick McHardy
2008-01-18 16:56 ` [LIBNL 09/09]: Install netfilter headers Patrick McHardy
2008-02-07 12:16 ` Thomas Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080118165525.13385.47304.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=philipc@snapgear.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).