[netfilter-cvslog] r4414 - in trunk/libnetfilter_conntrack:
include/libnetfilter_conntrack src
pablo at netfilter.org
pablo at netfilter.org
Tue Nov 1 01:28:21 CET 2005
Author: pablo at netfilter.org
Date: 2005-11-01 01:28:14 +0100 (Tue, 01 Nov 2005)
New Revision: 4414
Modified:
trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
trunk/libnetfilter_conntrack/src/libnetfilter_conntrack.c
Log:
o Bumped version to 0.2.4
o Redefine NFCT_ALL_CT_GROUPS
o Fix typemsg2enum prototype, flags and type are 16 bits long, not 8 bits
o Fix wrong expectation timeout and ID output
o Fix getting and killing conntracks by ID
Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2005-10-31 19:32:02 UTC (rev 4413)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2005-11-01 00:28:14 UTC (rev 4414)
@@ -13,7 +13,7 @@
#include <linux/netfilter/nfnetlink_conntrack.h>
#include <libnfnetlink/libnfnetlink.h>
-#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3"
+#define LIBNETFILTER_CONNTRACK_VERSION "0.2.4"
enum {
CONNTRACK = NFNL_SUBSYS_CTNETLINK,
@@ -27,12 +27,12 @@
#define NFCT_ANY_ID 0
/*
- * Subscribe to all possible netlink groups. Use this
+ * Subscribe to all possible conntrack event groups. Use this
* flag in case that you want to catch up all the possible
* events. Do not use this flag for dumping or any other
* similar operation.
*/
-#define NFCT_ALL_GROUPS ~0U
+#define NFCT_ALL_CT_GROUPS (NF_NETLINK_CONNTRACK_NEW|NF_NETLINK_CONNTRACK_UPDATE|NF_NETLINK_CONNTRACK_DESTROY)
union nfct_l4 {
/* Add other protocols here. */
Modified: trunk/libnetfilter_conntrack/src/libnetfilter_conntrack.c
===================================================================
--- trunk/libnetfilter_conntrack/src/libnetfilter_conntrack.c 2005-10-31 19:32:02 UTC (rev 4413)
+++ trunk/libnetfilter_conntrack/src/libnetfilter_conntrack.c 2005-11-01 00:28:14 UTC (rev 4414)
@@ -391,12 +391,12 @@
static char *msgtype[] = {"[UNKNOWN]", "[NEW]", "[UPDATE]", "[DESTROY]"};
-static int typemsg2enum(u_int8_t type, u_int8_t flags)
+static int typemsg2enum(u_int16_t type, u_int16_t flags)
{
int ret = NFCT_MSG_UNKNOWN;
if (type == IPCTNL_MSG_CT_NEW) {
- if (flags & NLM_F_CREATE)
+ if (flags & (NLM_F_CREATE|NLM_F_EXCL))
ret = NFCT_MSG_NEW;
else
ret = NFCT_MSG_UPDATE;
@@ -707,11 +707,11 @@
parse_tuple(cda[CTA_EXPECT_MASK-1], &exp.mask);
if (cda[CTA_EXPECT_TIMEOUT-1])
- exp.timeout = htonl(*(unsigned long *)
+ exp.timeout = ntohl(*(unsigned long *)
NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1]));
if (cda[CTA_EXPECT_ID-1])
- exp.id = htonl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]));
+ exp.id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]));
if (cth->callback)
ret = cth->callback((void *)&exp, 0,
@@ -797,8 +797,8 @@
char buf[NFCT_BUFSIZE];
int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG;
+ req = (void *) &buf;
memset(&buf, 0, sizeof(buf));
- req = (void *) &buf;
nfnl_fill_hdr(&cth->nfnlh, &req->nlh, 0,
AF_INET, 0, IPCTNL_MSG_CT_DELETE,
@@ -806,9 +806,11 @@
nfct_build_tuple(req, sizeof(buf), tuple, type);
- if (id != NFCT_ANY_ID)
+ if (id != NFCT_ANY_ID) {
+ id = htonl(id); /* to network byte order */
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id,
sizeof(unsigned int));
+ }
return nfnl_talk(&cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
}
@@ -832,9 +834,11 @@
nfct_build_tuple(req, sizeof(buf), tuple, type);
- if (id != NFCT_ANY_ID)
+ if (id != NFCT_ANY_ID) {
+ id = htonl(id); /* to network byte order */
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id,
sizeof(unsigned int));
+ }
err = nfnl_send(&cth->nfnlh, &req->nlh);
if (err < 0)
More information about the netfilter-cvslog
mailing list