[netfilter-cvslog] r4402 - in trunk/libnetfilter_conntrack:
extensions include/libnetfilter_conntrack utils
pablo at netfilter.org
pablo at netfilter.org
Mon Oct 31 05:21:00 CET 2005
Author: pablo at netfilter.org
Date: 2005-10-31 05:20:58 +0100 (Mon, 31 Oct 2005)
New Revision: 4402
Modified:
trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c
trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c
trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
trunk/libnetfilter_conntrack/utils/ctnl_test.c
Log:
Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;)
List of changes:
o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS
o Update test file to use NFCT_ALL_GROUPS
o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in
conjuction with events.
o Fix ICMP conntracks output
o Add missing prototype definition of nfct_default_expect_display_id in
libnetfilter_conntrack.h
Modified: trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c
===================================================================
--- trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c 2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c 2005-10-31 04:20:58 UTC (rev 4402)
@@ -52,7 +52,7 @@
t->l4dst.icmp.code);
/* ID only makes sense with ECHO */
if (t->l4dst.icmp.type == 8)
- size += sprintf(buf, "id=%d ", t->l4src.icmp.id);
+ size += sprintf(buf+size, "id=%d ", ntohs(t->l4src.icmp.id));
return size;
}
Modified: trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c
===================================================================
--- trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c 2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c 2005-10-31 04:20:58 UTC (rev 4402)
@@ -42,6 +42,18 @@
static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
{
struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+
+ /*
+ * Listen to me carefully: This is easy to trigger with events ;).
+ * The conntrack event messages don't always contain all the
+ * information about a conntrack, just those fields that have changed.
+ * So you can receive a message about a TCP connection with no bits
+ * talking about the private protocol information.
+ *
+ * --pablo 05/10/31
+ */
+ if (!cda[CTA_PROTOINFO_TCP-1])
+ return;
nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);
Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2005-10-31 04:20:58 UTC (rev 4402)
@@ -13,7 +13,7 @@
#include <linux/netfilter/nfnetlink_conntrack.h>
#include <libnfnetlink/libnfnetlink.h>
-#define LIBNETFILTER_CONNTRACK_VERSION "0.2.2"
+#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3"
enum {
CONNTRACK = NFNL_SUBSYS_CTNETLINK,
@@ -27,10 +27,12 @@
#define NFCT_ANY_ID 0
/*
- * Default flag that is passed to nfct_open(), subscribe
- * to all possible groups
+ * Subscribe to all possible netlink groups. Use this
+ * flag in case that you want to catch up all the possible
+ * events. Do not use this flag for dumping or any other
+ * similar operation.
*/
-#define NFCT_ANY_GROUP ~0U
+#define NFCT_ALL_GROUPS ~0U
union nfct_l4 {
/* Add other protocols here. */
@@ -237,6 +239,7 @@
extern int nfct_default_conntrack_display(void *arg, unsigned int, int);
extern int nfct_default_conntrack_display_id(void *arg, unsigned int, int);
extern int nfct_default_expect_display(void *arg, unsigned int, int);
+extern int nfct_default_expect_display_id(void *arg, unsigned int, int);
/*
* [Create|update|get|destroy] conntracks
Modified: trunk/libnetfilter_conntrack/utils/ctnl_test.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/ctnl_test.c 2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/utils/ctnl_test.c 2005-10-31 04:20:58 UTC (rev 4402)
@@ -73,7 +73,7 @@
goto end;
}
- cth = nfct_open(CONNTRACK, NFCT_ANY_GROUP);
+ cth = nfct_open(CONNTRACK, 0);
if (!cth) {
fprintf(stderr, "Can't open handler\n");
errors++;
@@ -118,6 +118,18 @@
if (ret < 0)
errors++;
+ nfct_close(cth);
+
+ /* Now open a handler that is subscribed to all possible events */
+ cth = nfct_open(CONNTRACK, NFCT_ALL_GROUPS);
+ if (!cth) {
+ fprintf(stderr, "Can't open handler\n");
+ errors++;
+ ret = -ENOENT;
+ nfct_conntrack_free(ct);
+ goto end;
+ }
+
fprintf(stdout, "TEST 7: Waiting for 10 conntrack events\n");
signal(SIGINT, event_sighandler);
nfct_register_callback(cth, event_counter);
More information about the netfilter-cvslog
mailing list