[netfilter-cvslog] r4402 - in trunk/libnetfilter_conntrack: extensions include/libnetfilter_conntrack utils

[pablo at netfilter.org]

Author: pablo at netfilter.org
Date: 2005-10-31 05:20:58 +0100 (Mon, 31 Oct 2005)
New Revision: 4402

Modified:
   trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c
   trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c
   trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
   trunk/libnetfilter_conntrack/utils/ctnl_test.c
Log:
Special thanks to Deti Fiegl from the Leibniz Supercomputing Centre in Munich, Germany for providing the "fast" hardware to reproduce spurious bugs ;)

List of changes:
o Replace misleading flag NFCT_ANY_GROUP by NFCT_ALL_GROUPS
o Update test file to use NFCT_ALL_GROUPS
o Add missing check of CTA_PROTOINFO_TCP that resulted in a segfault in 
conjuction with events.
o Fix ICMP conntracks output
o Add missing prototype definition of nfct_default_expect_display_id in 
libnetfilter_conntrack.h



Modified: trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c
===================================================================
--- trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c	2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_icmp.c	2005-10-31 04:20:58 UTC (rev 4402)
@@ -52,7 +52,7 @@
 					         t->l4dst.icmp.code);
 	/* ID only makes sense with ECHO */
 	if (t->l4dst.icmp.type == 8)
-		size += sprintf(buf, "id=%d ", t->l4src.icmp.id);
+		size += sprintf(buf+size, "id=%d ", ntohs(t->l4src.icmp.id));
 
 	return size;
 }

Modified: trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c
===================================================================
--- trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c	2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/extensions/libnetfilter_conntrack_tcp.c	2005-10-31 04:20:58 UTC (rev 4402)
@@ -42,6 +42,18 @@
 static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
 {
 	struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+
+	/*
+	 * Listen to me carefully: This is easy to trigger with events ;). 
+	 * The conntrack event messages don't always contain all the
+	 * information about a conntrack, just those fields that have changed.
+	 * So you can receive a message about a TCP connection with no bits 
+	 * talking about the private protocol information. 
+	 *
+	 * 						--pablo 05/10/31
+	 */
+	if (!cda[CTA_PROTOINFO_TCP-1])
+		return;
 	
 	nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);
 	

Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2005-10-31 04:20:58 UTC (rev 4402)
@@ -13,7 +13,7 @@
 #include <linux/netfilter/nfnetlink_conntrack.h> 
 #include <libnfnetlink/libnfnetlink.h>
 
-#define LIBNETFILTER_CONNTRACK_VERSION "0.2.2"
+#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3"
 
 enum {
 	CONNTRACK = NFNL_SUBSYS_CTNETLINK,
@@ -27,10 +27,12 @@
 #define NFCT_ANY_ID 0
 
 /*
- * Default flag that is passed to nfct_open(), subscribe
- * to all possible groups
+ * Subscribe to all possible netlink groups. Use this 
+ * flag in case that you want to catch up all the possible 
+ * events. Do not use this flag for dumping or any other
+ * similar operation.
  */
-#define NFCT_ANY_GROUP ~0U
+#define NFCT_ALL_GROUPS ~0U
 
 union nfct_l4 {
 	/* Add other protocols here. */
@@ -237,6 +239,7 @@
 extern int nfct_default_conntrack_display(void *arg, unsigned int, int); 
 extern int nfct_default_conntrack_display_id(void *arg, unsigned int, int);
 extern int nfct_default_expect_display(void *arg, unsigned int, int);
+extern int nfct_default_expect_display_id(void *arg, unsigned int, int);
 
 /*
  * [Create|update|get|destroy] conntracks

Modified: trunk/libnetfilter_conntrack/utils/ctnl_test.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/ctnl_test.c	2005-10-30 15:32:27 UTC (rev 4401)
+++ trunk/libnetfilter_conntrack/utils/ctnl_test.c	2005-10-31 04:20:58 UTC (rev 4402)
@@ -73,7 +73,7 @@
 		goto end;
 	}
 
-	cth = nfct_open(CONNTRACK, NFCT_ANY_GROUP);
+	cth = nfct_open(CONNTRACK, 0);
 	if (!cth) {
 		fprintf(stderr, "Can't open handler\n");
 		errors++;
@@ -118,6 +118,18 @@
 	if (ret < 0)
 		errors++;
 
+	nfct_close(cth);
+
+	/* Now open a handler that is subscribed to all possible events */
+	cth = nfct_open(CONNTRACK, NFCT_ALL_GROUPS);
+	if (!cth) {
+		fprintf(stderr, "Can't open handler\n");
+		errors++;
+		ret = -ENOENT;
+		nfct_conntrack_free(ct);
+		goto end;
+	}
+
 	fprintf(stdout, "TEST 7: Waiting for 10 conntrack events\n");
 	signal(SIGINT, event_sighandler);
 	nfct_register_callback(cth, event_counter);