[netfilter-cvslog] r3877 - trunk/libctnetlink

laforge at netfilter.org laforge at netfilter.org
Sat Apr 16 15:29:51 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-04-16 15:29:50 +0200 (Sat, 16 Apr 2005)
New Revision: 3877

Modified:
   trunk/libctnetlink/ctnltest.c
   trunk/libctnetlink/libctnetlink.c
   trunk/libctnetlink/libctnetlink.h
Log:
merge with new ctnetlink patch


Modified: trunk/libctnetlink/ctnltest.c
===================================================================
--- trunk/libctnetlink/ctnltest.c	2005-04-16 13:28:42 UTC (rev 3876)
+++ trunk/libctnetlink/ctnltest.c	2005-04-16 13:29:50 UTC (rev 3877)
@@ -10,7 +10,7 @@
 
 #include <linux/types.h>
 #include <linux/netlink.h>
-#include <linux/nfnetlink_conntrack.h>
+#include <linux/netfilter/nfnetlink.h>
 
 #include "libctnetlink.h"
 
@@ -92,7 +92,7 @@
 	nladdr.nl_family = AF_NETLINK;
 
 	req.nlh.nlmsg_len = sizeof(req);
-	req.nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8)|CTNL_MSG_GETCONNTRACK;
+	req.nlh.nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8)|CTNL_MSG_CT_GET;
 	req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_DUMP|NLM_F_REQUEST;
 	req.nlh.nlmsg_pid = 0;
 	req.nlh.nlmsg_seq = 1;
@@ -115,7 +115,7 @@
 	if (cb[CTA_ORIG]) {
 		printf("orig: %s\n", 
 				display_tuple_flat(NFA_DATA(cb[CTA_ORIG])));
-		ctnl_del_conntrack(cth, NFA_DATA(cb[CTA_ORIG]));
+		ctnl_del_conntrack(cth, NFA_DATA(cb[CTA_ORIG]), CTA_ORIG);
 	}
 	if (cb[CTA_RPLY])
 		printf("rply: %s\n", 
@@ -169,7 +169,7 @@
 		exit(2);
 	}
 
-	ctnl_wilddump_request(cth, AF_INET, CTNL_MSG_GETCONNTRACK);
+	ctnl_wilddump_request(cth, AF_INET, IPCTNL_MSG_CT_GET);
 
 	while (len = recv(cth->nfnlh.fd, &buf, sizeof(buf), 0)) {
 		printf("pkt received\n");

Modified: trunk/libctnetlink/libctnetlink.c
===================================================================
--- trunk/libctnetlink/libctnetlink.c	2005-04-16 13:28:42 UTC (rev 3876)
+++ trunk/libctnetlink/libctnetlink.c	2005-04-16 13:29:50 UTC (rev 3877)
@@ -27,14 +27,12 @@
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
-#include <linux/nfnetlink_conntrack.h>
+#include <linux/netfilter_ipv4/ip_conntrack_netlink.h>
 
 #include "libctnetlink.h"
 
-#define ctnl_error(format, args...) \
-	fprintf(stderr, "%s: " format, __FUNCTION__, ## args)
+#define ctnl_error printf
 
 /***********************************************************************
  * low level stuff 
@@ -65,11 +63,17 @@
 	int type = NFNL_MSG_TYPE(n->nlmsg_type);
 	struct ctnl_msg_handler *hdlr = cth->handler[type];
 	int ret;
+	struct nlmsgerr *msgerr;
 
 	/* end of messages reached, let's return */
 	if (n->nlmsg_type == NLMSG_DONE)
 		return -100;
 
+	if (n->nlmsg_type == NLMSG_ERROR) {
+		msgerr = NLMSG_DATA(n);
+		return msgerr->error;
+	}
+
 	if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK) {
 		ctnl_error("received message for wrong subsys, skipping\n");
 		nfnl_dump_packet(n, n->nlmsg_len, "list_conntrack_handler");
@@ -81,28 +85,16 @@
 		return 0;
 	}
 
+	if (!hdlr->handler) {
+		ctnl_error("no handler function for type %d\n", type);
+		return 0;
+	}
+
 	ret = hdlr->handler(nladdr, n, arg);
 
 	return ret;
 }
 
-/* handler used for nfnl_listen */
-static int get_conntrack_handler(struct sockaddr_nl *nladdr,
-                                  struct nlmsghdr *n, void *arg)
-{
-	struct nfgenmsg *cm = NLMSG_DATA(n);
-	struct nfattr **cb = (struct nfattr **)arg;
-
-	/* this is what we get when there's no match */
-	if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK)
-		return -1;
-        
-	nfnl_parse_attr(cb, CTA_MAX, NFM_NFA(cm), n->nlmsg_len);
-	
-	return -100; /* to get nfnl_listen to break out of the loop */
-}
-
-
 /***********************************************************************
  * high level stuff 
  ***********************************************************************/
@@ -149,7 +141,7 @@
 int ctnl_register_handler(struct ctnl_handle *cth, 
 			  struct ctnl_msg_handler *hndlr)
 {
-	if (hndlr->type >= CTNL_MSG_COUNT)
+	if (hndlr->type >= IPCTNL_MSG_COUNT)
 		return -EINVAL;
 
 	cth->handler[hndlr->type] = hndlr;
@@ -165,7 +157,7 @@
  */
 int ctnl_unregister_handler(struct ctnl_handle *cth, int type)
 {
-	if (type >= CTNL_MSG_COUNT)
+	if (type >= IPCTNL_MSG_COUNT)
 		return -EINVAL;
 
 	cth->handler[type] = NULL;
@@ -180,7 +172,7 @@
  */
 int ctnl_list_conntrack(struct ctnl_handle *cth, int family)
 {
-	if (ctnl_wilddump_request(cth, family, CTNL_MSG_GETCONNTRACK) < 0) {
+	if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_CT_GET) < 0) {
 		ctnl_error("error during ctnl_wilddump_request\n");
 		return -1;
 	}
@@ -189,42 +181,63 @@
 
 }
 
+int ctnl_list_conntrack_zero_counters(struct ctnl_handle *cth, int family)
+{
+	if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_CT_GET_CTRZERO) < 0) {
+		ctnl_error("error during ctnl_wilddump_request\n");
+		return -1;
+	}
+	return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+}
+
+/* TODO: Don't user list_conntrack_handler */
+int ctnl_event_conntrack(struct ctnl_handle *cth, int family)
+{
+	return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
+}
+
 /**
  * ctnl_get_conntrack - get a connection from conntrack hashtable
  * cth: libctnetlink handle
  * t: tuple of connection to get
  * cb: a struct nfattr to put the connection in
  */
-int ctnl_get_conntrack(struct ctnl_handle *cth,
-		     struct ip_conntrack_tuple *t,
-		     struct nfattr **cb)
+int ctnl_get_conntrack(struct ctnl_handle *cth, 
+		       struct ip_conntrack_tuple *tuple,
+		       enum ctattr_type_t t)
 {
 	struct {
 		struct nlmsghdr nlh;
 		struct nfgenmsg g;
 	} *req;
 
-	char buf[sizeof(*req) + NFA_LENGTH(sizeof(*t))];
+	char buf[sizeof(*req) + NFA_LENGTH(sizeof(*tuple))
+		 + NFA_LENGTH(sizeof(unsigned long))];
 	memset(&buf, 0, sizeof(buf));
 
 	req = (void *) &buf;
-	
+
+	if (tuple == NULL) {
+		ctnl_error("tuple must be specified\n");
+		return -1;
+	}
+
 	nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
-			0, AF_INET, CTNL_MSG_GETCONNTRACK,
+			0, AF_INET, IPCTNL_MSG_CT_GET,
 			NLM_F_REQUEST);
 
-	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ORIG, t,
-			sizeof(*t)) < 0) {
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), t, tuple,
+				sizeof(*tuple)) < 0) {
 		ctnl_error("error during nfnl_addattr_l\n");
 		return -1;
 	}
-	
+
 	if (nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf) < 0 ) {
 		ctnl_error("error while nfnl_send\n");
 		return -1;
 	}
 
-	return nfnl_listen(&cth->nfnlh, &get_conntrack_handler, cb);
+	return nfnl_listen(&cth->nfnlh, &list_conntrack_handler, cth);
 }
 
 /**
@@ -232,24 +245,32 @@
  * cth: libctnetlink handle
  * t: tuple of to-be-deleted connection
  */
-int ctnl_del_conntrack(struct ctnl_handle *cth, struct ip_conntrack_tuple *t)
+int ctnl_del_conntrack(struct ctnl_handle *cth, 
+		       struct ip_conntrack_tuple *tuple,
+		       enum ctattr_type_t t)
 {
 	struct {
 		struct nlmsghdr nlh;
 		struct nfgenmsg nfmsg;
 	} *req;
 
-	char buf[sizeof(*req) + NFA_LENGTH(sizeof(*t))];
+	char buf[sizeof(*req) + NFA_LENGTH(sizeof(*tuple))
+		 + NFA_LENGTH(sizeof(unsigned long))];
 	memset(&buf, 0, sizeof(buf));
 
 	req = (void *) &buf;
 
+	if (tuple == NULL) {
+		ctnl_error("tuple must be specified\n");
+		return -1;
+	}
+	
 	nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
-		      0, AF_INET, CTNL_MSG_DELCONNTRACK,
+		      0, AF_INET, IPCTNL_MSG_CT_DELETE,
 		      NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST);
 
-	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ORIG, t, 
-			   sizeof(*t)) < 0) {
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), t, tuple, 
+			   sizeof(*tuple)) < 0) {
 		ctnl_error("error during nfnl_addattr_l\n");
 		return -1;
 	}
@@ -258,13 +279,75 @@
 }
 
 /**
+ * ctnl_new_conntrack - create a connection in the conntrack hashtable
+ * cth: libctnetlink handle
+ * t: tuple of to-be-created connection
+ */
+int ctnl_new_conntrack(struct ctnl_handle *cth,
+		       struct ip_conntrack_tuple *orig,
+		       struct ip_conntrack_tuple *reply, 
+		       unsigned long timeout, struct cta_proto *proto,
+		       unsigned int status)
+{
+	struct {
+		struct nlmsghdr nlh;
+		struct nfgenmsg nfmsg;
+	} *req;
+
+	char buf[sizeof(*req) + NFA_LENGTH(sizeof(*orig))
+		 + NFA_LENGTH(sizeof(*reply)) 
+		 + NFA_LENGTH(sizeof(unsigned long))
+		 + NFA_LENGTH(sizeof(*proto))
+		 + NFA_LENGTH(sizeof(unsigned int))];
+	memset(&buf, 0, sizeof(buf));
+
+	req = (void *) &buf;
+
+	nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
+		      0, AF_INET, IPCTNL_MSG_CT_NEW,
+		      NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_CREATE);
+
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ORIG, orig, 
+			   sizeof(*orig)) < 0) {
+		ctnl_error("error during nfnl_addattr_l\n");
+		return -1;
+	}
+
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_RPLY, reply, 
+			   sizeof(*reply)) < 0) {
+		ctnl_error("error during nfnl_addattr_l\n");
+		return -1;
+	}
+
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout, 
+			   sizeof(unsigned long)) < 0) {
+		ctnl_error("error during nfnl_addattr_l\n");
+		return -1;
+	}
+
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_PROTOINFO, proto, 
+			   sizeof(*proto)) < 0) {
+		ctnl_error("error during nfnl_addattr_l\n");
+		return -1;
+	}
+
+	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_STATUS, &status,
+			   sizeof(unsigned int)) < 0) {
+		ctnl_error("error during nfnl_addattr_l\n");
+		return -1;
+	}
+
+	return nfnl_send(&cth->nfnlh, (struct nlmsghdr *)&buf);
+}
+
+/**
  * ctnl_list_expect - retrieve a list of expectations from conntrack subsys
  * cth: libctnetlink handle
  * family: AF_INET, ...
  */
 int ctnl_list_expect(struct ctnl_handle *cth, int family)
 {
-	if (ctnl_wilddump_request(cth, family, CTNL_MSG_GETEXPECT) < 0) {
+	if (ctnl_wilddump_request(cth, family, IPCTNL_MSG_EXP_GET) < 0) {
 		ctnl_error("error during ctnl_wilddump_request\n");
 		return -1;
 	}
@@ -292,7 +375,7 @@
 	req = (void *) &buf;
 
 	nfnl_fill_hdr(&cth->nfnlh, (struct nlmsghdr *) &buf,
-		      0, AF_INET, CTNL_MSG_DELEXPECT,
+		      0, AF_INET, IPCTNL_MSG_EXP_DELETE,
 		      NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST);
 
 	if (nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ORIG, t, 

Modified: trunk/libctnetlink/libctnetlink.h
===================================================================
--- trunk/libctnetlink/libctnetlink.h	2005-04-16 13:28:42 UTC (rev 3876)
+++ trunk/libctnetlink/libctnetlink.h	2005-04-16 13:29:50 UTC (rev 3877)
@@ -13,8 +13,8 @@
 #include <netinet/in.h>
 #include <asm/types.h>
 #include <linux/if.h>
-#include <linux/nfnetlink.h>
-#include <linux/nfnetlink_conntrack.h> 
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter_ipv4/ip_conntrack_netlink.h> 
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 #include "../libnfnetlink/libnfnetlink.h"
 
@@ -27,7 +27,7 @@
 
 struct ctnl_handle {
 	struct nfnl_handle nfnlh;
-	struct ctnl_msg_handler *handler[CTNL_MSG_COUNT];
+	struct ctnl_msg_handler *handler[IPCTNL_MSG_COUNT];
 };
 
 extern int ctnl_open(struct ctnl_handle *cth, unsigned subscriptions);
@@ -37,10 +37,12 @@
 				 struct ctnl_msg_handler *hndlr);
 extern int ctnl_get_conntrack(struct ctnl_handle *cth,
 			      struct ip_conntrack_tuple *tuple,
-			      struct nfattr **cb);
+			      enum ctattr_type_t t);
 extern int ctnl_del_conntrack(struct ctnl_handle *cth,
-			      struct ip_conntrack_tuple *t);
+			      struct ip_conntrack_tuple *tuple,
+			      enum ctattr_type_t t);
 extern int ctnl_list_conntrack(struct ctnl_handle *cth, int family);
+extern int ctnl_list_conntrack_zero_counters(struct ctnl_handle *cth, int family);
 
 extern int ctnl_list_expect(struct ctnl_handle *cth, int family);
 extern int ctnl_del_expect(struct ctnl_handle *cth,

More information about the netfilter-cvslog mailing list