[netfilter-cvslog] r6807 - in trunk/libnetfilter_conntrack: include
include/libnetfilter_conntrack src/conntrack
pablo at netfilter.org
pablo at netfilter.org
Tue Apr 24 20:39:51 CEST 2007
Author: pablo at netfilter.org
Date: 2007-04-24 20:39:51 +0200 (Tue, 24 Apr 2007)
New Revision: 6807
Added:
trunk/libnetfilter_conntrack/src/conntrack/compare.c
Modified:
trunk/libnetfilter_conntrack/include/internal.h
trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
trunk/libnetfilter_conntrack/src/conntrack/Makefile.am
trunk/libnetfilter_conntrack/src/conntrack/api.c
Log:
- fix compilation warning in snprintf.c
- introduce the new compare infrastructure: much simple than previous
- introduce nfct_maxsize for nf_conntrack object allocated in the stack
- more strict checkings in nfct_set_attr: third parameter is const
Modified: trunk/libnetfilter_conntrack/include/internal.h
===================================================================
--- trunk/libnetfilter_conntrack/include/internal.h 2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/include/internal.h 2007-04-24 18:39:51 UTC (rev 6807)
@@ -148,11 +148,14 @@
int __parse_message_type(const struct nlmsghdr *nlh);
void __parse_conntrack(const struct nlmsghdr *nlh, const struct nfattr *cda[], struct nf_conntrack *ct);
int __snprintf_conntrack(char *buf, unsigned int len, const struct nf_conntrack *ct, unsigned int type, unsigned int msg_output, unsigned int flags);
+int __snprintf_conntrack_default(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags);
+int __snprintf_conntrack_xml(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags);
int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data);
int __setobjopt(struct nf_conntrack *ct, unsigned int option);
int __getobjopt(const struct nf_conntrack *ct, unsigned int option);
+int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2);
#endif
Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2007-04-24 18:39:51 UTC (rev 6807)
@@ -414,6 +414,9 @@
/* object size */
extern size_t nfct_sizeof(const struct nf_conntrack *ct);
+/* maximum object size */
+extern size_t nfct_maxsize(void);
+
/* set option */
enum {
NFCT_SOPT_UNDO_SNAT,
@@ -459,7 +462,7 @@
/* setter */
extern void nfct_set_attr(struct nf_conntrack *ct,
const enum nf_conntrack_attr type,
- void *value);
+ const void *value);
extern void nfct_set_attr_u8(struct nf_conntrack *ct,
const enum nf_conntrack_attr type,
@@ -517,6 +520,9 @@
const unsigned int out_type,
const unsigned int out_flags);
+extern int nfct_compare(const struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2);
+
/* query */
enum nf_conntrack_query {
NFCT_Q_CREATE,
Modified: trunk/libnetfilter_conntrack/src/conntrack/Makefile.am
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/Makefile.am 2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/src/conntrack/Makefile.am 2007-04-24 18:39:51 UTC (rev 6807)
@@ -14,4 +14,5 @@
parse.c build.c \
snprintf.c \
snprintf_default.c snprintf_xml.c \
- objopt.c
+ objopt.c \
+ compare.c
Modified: trunk/libnetfilter_conntrack/src/conntrack/api.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/api.c 2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/src/conntrack/api.c 2007-04-24 18:39:51 UTC (rev 6807)
@@ -43,7 +43,7 @@
}
/**
- * nf_sizeof - return the size of a certain conntrack object
+ * nf_sizeof - return the size in bytes of a certain conntrack object
* @ct: pointer to the conntrack object
*/
size_t nfct_sizeof(const struct nf_conntrack *ct)
@@ -53,6 +53,25 @@
}
/**
+ * nfct_maxsize - return the maximum size in bytes of a conntrack object
+ *
+ * Use this function if you want to allocate a conntrack object in the stack
+ * instead of the heap. For example:
+ *
+ * char buf[nfct_maxsize()];
+ * struct nf_conntrack *ct = (struct nf_conntrack *) buf;
+ * memset(ct, 0, nfct_maxsize());
+ *
+ * Note: As for now this function returns the same size that nfct_sizeof(ct)
+ * does although _this could change in the future_. Therefore, do not assume
+ * that nfct_sizeof(ct) == nfct_maxsize().
+ */
+size_t nfct_maxsize()
+{
+ return sizeof(struct nf_conntrack);
+}
+
+/**
* nfct_clone - clone a conntrack object
* @ct: pointer to a valid conntrack object
*
@@ -194,7 +213,7 @@
*/
void nfct_set_attr(struct nf_conntrack *ct,
const enum nf_conntrack_attr type,
- void *value)
+ const void *value)
{
assert(ct != NULL);
assert(value != NULL);
@@ -602,3 +621,24 @@
return __snprintf_conntrack(buf, size, ct, msg_type, out_type, flags);
}
+
+/**
+ * nfct_compare - compare two conntrack objects
+ * @ct1: pointer to a valid conntrack object
+ * @ct2: pointer to a valid conntrack object
+ *
+ * This function only compare attribute set in both objects, ie. if a certain
+ * attribute is not set in ct1 but it is in ct2, then the value of such
+ * attribute is not used in the comparison.
+ *
+ * If both conntrack object are equal, this function returns 1, otherwise
+ * 0 is returned.
+ */
+int nfct_compare(const struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2)
+{
+ assert(ct1 != NULL);
+ assert(ct2 != NULL);
+
+ return __compare(ct1, ct2);
+}
Added: trunk/libnetfilter_conntrack/src/conntrack/compare.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/compare.c (rev 0)
+++ trunk/libnetfilter_conntrack/src/conntrack/compare.c 2007-04-24 18:39:51 UTC (rev 6807)
@@ -0,0 +1,102 @@
+/*
+ * (C) 2007 by Pablo Neira Ayuso <pablo at netfilter.org>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include "internal.h"
+
+int __compare(const struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2)
+{
+ if (test_bit(ATTR_MARK, ct1->set) &&
+ test_bit(ATTR_MARK, ct2->set) &&
+ ct1->mark != ct2->mark)
+ return 0;
+
+ if (test_bit(ATTR_TIMEOUT, ct1->set) &&
+ test_bit(ATTR_TIMEOUT, ct2->set) &&
+ ct1->timeout != ct2->timeout)
+ return 0;
+
+ if (test_bit(ATTR_STATUS, ct1->set) &&
+ test_bit(ATTR_STATUS, ct2->set) &&
+ ct1->status == ct2->status)
+ return 0;
+
+ if (test_bit(ATTR_TCP_STATE, ct1->set) &&
+ test_bit(ATTR_TCP_STATE, ct2->set) &&
+ ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
+ test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_ORIG].l3protonum !=
+ ct2->tuple[__DIR_ORIG].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
+ test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
+ ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+ ct1->tuple[__DIR_REPL].l3protonum !=
+ ct2->tuple[__DIR_REPL].l3protonum)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_IPV4_SRC, ct1->set) &&
+ test_bit(ATTR_ORIG_IPV4_SRC, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].src.v4 !=
+ ct2->tuple[__DIR_ORIG].src.v4)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_IPV4_DST, ct1->set) &&
+ test_bit(ATTR_ORIG_IPV4_DST, ct2->set) &&
+ ct1->tuple[__DIR_ORIG].dst.v4 !=
+ ct2->tuple[__DIR_ORIG].dst.v4)
+ return 0;
+
+ if (test_bit(ATTR_REPL_IPV4_SRC, ct1->set) &&
+ test_bit(ATTR_REPL_IPV4_SRC, ct2->set) &&
+ ct1->tuple[__DIR_REPL].src.v4 !=
+ ct2->tuple[__DIR_REPL].src.v4)
+ return 0;
+
+ if (test_bit(ATTR_REPL_IPV4_DST, ct1->set) &&
+ test_bit(ATTR_REPL_IPV4_DST, ct2->set) &&
+ ct1->tuple[__DIR_REPL].dst.v4 !=
+ ct2->tuple[__DIR_REPL].dst.v4)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_IPV6_SRC, ct1->set) &&
+ test_bit(ATTR_ORIG_IPV6_SRC, ct2->set) &&
+ memcmp(&ct1->tuple[__DIR_ORIG].src.v6,
+ &ct2->tuple[__DIR_ORIG].src.v6,
+ sizeof(u_int32_t)*4) == 0)
+ return 0;
+
+ if (test_bit(ATTR_ORIG_IPV6_DST, ct1->set) &&
+ test_bit(ATTR_ORIG_IPV6_DST, ct2->set) &&
+ memcmp(&ct1->tuple[__DIR_ORIG].dst.v6,
+ &ct2->tuple[__DIR_ORIG].dst.v6,
+ sizeof(u_int32_t)*4) == 0)
+ return 0;
+
+ if (test_bit(ATTR_REPL_IPV6_SRC, ct1->set) &&
+ test_bit(ATTR_REPL_IPV6_SRC, ct2->set) &&
+ memcmp(&ct1->tuple[__DIR_REPL].src.v6,
+ &ct2->tuple[__DIR_REPL].src.v6,
+ sizeof(u_int32_t)*4) == 0)
+ return 0;
+
+ if (test_bit(ATTR_REPL_IPV6_DST, ct1->set) &&
+ test_bit(ATTR_REPL_IPV6_DST, ct2->set) &&
+ memcmp(&ct1->tuple[__DIR_REPL].dst.v6,
+ &ct2->tuple[__DIR_REPL].dst.v6,
+ sizeof(u_int32_t)*4) == 0)
+ return 0;
+
+ return 1;
+}
More information about the netfilter-cvslog
mailing list