[netfilter-cvslog] r6807 - in trunk/libnetfilter_conntrack: include include/libnetfilter_conntrack src/conntrack

pablo at netfilter.org pablo at netfilter.org
Tue Apr 24 20:39:51 CEST 2007 

Author: pablo at netfilter.org
Date: 2007-04-24 20:39:51 +0200 (Tue, 24 Apr 2007)
New Revision: 6807

Added:
   trunk/libnetfilter_conntrack/src/conntrack/compare.c
Modified:
   trunk/libnetfilter_conntrack/include/internal.h
   trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
   trunk/libnetfilter_conntrack/src/conntrack/Makefile.am
   trunk/libnetfilter_conntrack/src/conntrack/api.c
Log:
- fix compilation warning in snprintf.c
- introduce the new compare infrastructure: much simple than previous
- introduce nfct_maxsize for nf_conntrack object allocated in the stack
- more strict checkings in nfct_set_attr: third parameter is const


Modified: trunk/libnetfilter_conntrack/include/internal.h
===================================================================
--- trunk/libnetfilter_conntrack/include/internal.h	2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/include/internal.h	2007-04-24 18:39:51 UTC (rev 6807)
@@ -148,11 +148,14 @@
 int __parse_message_type(const struct nlmsghdr *nlh);
 void __parse_conntrack(const struct nlmsghdr *nlh, const struct nfattr *cda[], struct nf_conntrack *ct);
 int __snprintf_conntrack(char *buf, unsigned int len, const struct nf_conntrack *ct, unsigned int type, unsigned int msg_output, unsigned int flags);
+int __snprintf_conntrack_default(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags);
+int __snprintf_conntrack_xml(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags);
 
 
 int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data);
 
 int __setobjopt(struct nf_conntrack *ct, unsigned int option);
 int __getobjopt(const struct nf_conntrack *ct, unsigned int option);
+int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2);
 
 #endif

Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-04-24 18:39:51 UTC (rev 6807)
@@ -414,6 +414,9 @@
 /* object size */
 extern size_t nfct_sizeof(const struct nf_conntrack *ct);
 
+/* maximum object size */
+extern size_t nfct_maxsize(void);
+
 /* set option */
 enum {
 	NFCT_SOPT_UNDO_SNAT,
@@ -459,7 +462,7 @@
 /* setter */
 extern void nfct_set_attr(struct nf_conntrack *ct,
 			  const enum nf_conntrack_attr type,
-			  void *value);
+			  const void *value);
 
 extern void nfct_set_attr_u8(struct nf_conntrack *ct,
 			     const enum nf_conntrack_attr type,
@@ -517,6 +520,9 @@
 			 const unsigned int out_type,
 			 const unsigned int out_flags);
 
+extern int nfct_compare(const struct nf_conntrack *ct1,
+			const struct nf_conntrack *ct2);
+
 /* query */
 enum nf_conntrack_query {
 	NFCT_Q_CREATE,

Modified: trunk/libnetfilter_conntrack/src/conntrack/Makefile.am
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/Makefile.am	2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/src/conntrack/Makefile.am	2007-04-24 18:39:51 UTC (rev 6807)
@@ -14,4 +14,5 @@
 					    parse.c build.c \
 					    snprintf.c \
 					    snprintf_default.c snprintf_xml.c \
-					    objopt.c
+					    objopt.c \
+					    compare.c

Modified: trunk/libnetfilter_conntrack/src/conntrack/api.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/api.c	2007-04-21 02:07:16 UTC (rev 6806)
+++ trunk/libnetfilter_conntrack/src/conntrack/api.c	2007-04-24 18:39:51 UTC (rev 6807)
@@ -43,7 +43,7 @@
 }
 
 /**
- * nf_sizeof - return the size of a certain conntrack object
+ * nf_sizeof - return the size in bytes of a certain conntrack object
  * @ct: pointer to the conntrack object
  */
 size_t nfct_sizeof(const struct nf_conntrack *ct)
@@ -53,6 +53,25 @@
 }
 
 /**
+ * nfct_maxsize - return the maximum size in bytes of a conntrack object
+ *
+ * Use this function if you want to allocate a conntrack object in the stack
+ * instead of the heap. For example:
+ *
+ * char buf[nfct_maxsize()];
+ * struct nf_conntrack *ct = (struct nf_conntrack *) buf;
+ * memset(ct, 0, nfct_maxsize());
+ *
+ * Note: As for now this function returns the same size that nfct_sizeof(ct)
+ * does although _this could change in the future_. Therefore, do not assume
+ * that nfct_sizeof(ct) == nfct_maxsize().
+ */
+size_t nfct_maxsize()
+{
+	return sizeof(struct nf_conntrack);
+}
+
+/**
  * nfct_clone - clone a conntrack object
  * @ct: pointer to a valid conntrack object
  *
@@ -194,7 +213,7 @@
  */
 void nfct_set_attr(struct nf_conntrack *ct,
 		   const enum nf_conntrack_attr type, 
-		   void *value)
+		   const void *value)
 {
 	assert(ct != NULL);
 	assert(value != NULL);
@@ -602,3 +621,24 @@
 
 	return __snprintf_conntrack(buf, size, ct, msg_type, out_type, flags);
 }
+
+/**
+ * nfct_compare - compare two conntrack objects
+ * @ct1: pointer to a valid conntrack object
+ * @ct2: pointer to a valid conntrack object
+ *
+ * This function only compare attribute set in both objects, ie. if a certain
+ * attribute is not set in ct1 but it is in ct2, then the value of such 
+ * attribute is not used in the comparison.
+ *
+ * If both conntrack object are equal, this function returns 1, otherwise
+ * 0 is returned.
+ */
+int nfct_compare(const struct nf_conntrack *ct1, 
+		 const struct nf_conntrack *ct2)
+{
+	assert(ct1 != NULL);
+	assert(ct2 != NULL);
+
+	return __compare(ct1, ct2);
+}

Added: trunk/libnetfilter_conntrack/src/conntrack/compare.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/compare.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/src/conntrack/compare.c	2007-04-24 18:39:51 UTC (rev 6807)
@@ -0,0 +1,102 @@
+/*
+ * (C) 2007 by Pablo Neira Ayuso <pablo at netfilter.org>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include "internal.h"
+
+int __compare(const struct nf_conntrack *ct1,
+	      const struct nf_conntrack *ct2)
+{
+	if (test_bit(ATTR_MARK, ct1->set) && 
+	    test_bit(ATTR_MARK, ct2->set) &&
+	    ct1->mark != ct2->mark)
+	    	return 0;
+
+	if (test_bit(ATTR_TIMEOUT, ct1->set) &&
+	    test_bit(ATTR_TIMEOUT, ct2->set) &&
+	    ct1->timeout != ct2->timeout)
+	    	return 0;
+
+	if (test_bit(ATTR_STATUS, ct1->set) &&
+	    test_bit(ATTR_STATUS, ct2->set) &&
+	    ct1->status == ct2->status)
+	    	return 0;
+
+	if (test_bit(ATTR_TCP_STATE, ct1->set) &&
+	    test_bit(ATTR_TCP_STATE, ct2->set) &&
+	    ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state)
+	    	return 0;
+
+	if (test_bit(ATTR_ORIG_L3PROTO, ct1->set) &&
+	    test_bit(ATTR_ORIG_L3PROTO, ct2->set) &&
+	    ct1->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC && 
+	    ct2->tuple[__DIR_ORIG].l3protonum != AF_UNSPEC &&
+	    ct1->tuple[__DIR_ORIG].l3protonum !=
+	    ct2->tuple[__DIR_ORIG].l3protonum)
+	    	return 0;
+
+	if (test_bit(ATTR_REPL_L3PROTO, ct1->set) &&
+	    test_bit(ATTR_REPL_L3PROTO, ct2->set) &&
+	    ct1->tuple[__DIR_REPL].l3protonum != AF_UNSPEC && 
+	    ct2->tuple[__DIR_REPL].l3protonum != AF_UNSPEC &&
+	    ct1->tuple[__DIR_REPL].l3protonum !=
+	    ct2->tuple[__DIR_REPL].l3protonum)
+		return 0;
+
+	if (test_bit(ATTR_ORIG_IPV4_SRC, ct1->set) &&
+	    test_bit(ATTR_ORIG_IPV4_SRC, ct2->set) &&
+	    ct1->tuple[__DIR_ORIG].src.v4 !=
+	    ct2->tuple[__DIR_ORIG].src.v4)
+		return 0;
+
+	if (test_bit(ATTR_ORIG_IPV4_DST, ct1->set) &&
+	    test_bit(ATTR_ORIG_IPV4_DST, ct2->set) &&
+	    ct1->tuple[__DIR_ORIG].dst.v4 !=
+	    ct2->tuple[__DIR_ORIG].dst.v4)
+		return 0;
+
+	if (test_bit(ATTR_REPL_IPV4_SRC, ct1->set) &&
+	    test_bit(ATTR_REPL_IPV4_SRC, ct2->set) &&
+	    ct1->tuple[__DIR_REPL].src.v4 !=
+	    ct2->tuple[__DIR_REPL].src.v4)
+		return 0;
+
+	if (test_bit(ATTR_REPL_IPV4_DST, ct1->set) && 
+	    test_bit(ATTR_REPL_IPV4_DST, ct2->set) &&
+	    ct1->tuple[__DIR_REPL].dst.v4 !=
+	    ct2->tuple[__DIR_REPL].dst.v4)
+		return 0;
+
+	if (test_bit(ATTR_ORIG_IPV6_SRC, ct1->set) &&
+	    test_bit(ATTR_ORIG_IPV6_SRC, ct2->set) &&
+	    memcmp(&ct1->tuple[__DIR_ORIG].src.v6,
+	    	   &ct2->tuple[__DIR_ORIG].src.v6,
+		   sizeof(u_int32_t)*4) == 0)
+		return 0;
+
+	if (test_bit(ATTR_ORIG_IPV6_DST, ct1->set) &&
+	    test_bit(ATTR_ORIG_IPV6_DST, ct2->set) &&
+	    memcmp(&ct1->tuple[__DIR_ORIG].dst.v6,
+	    	   &ct2->tuple[__DIR_ORIG].dst.v6,
+		   sizeof(u_int32_t)*4) == 0)
+		return 0;
+
+	if (test_bit(ATTR_REPL_IPV6_SRC, ct1->set) &&
+	    test_bit(ATTR_REPL_IPV6_SRC, ct2->set) &&
+	    memcmp(&ct1->tuple[__DIR_REPL].src.v6,
+	    	   &ct2->tuple[__DIR_REPL].src.v6,
+		   sizeof(u_int32_t)*4) == 0)
+		return 0;
+
+	if (test_bit(ATTR_REPL_IPV6_DST, ct1->set) &&
+	    test_bit(ATTR_REPL_IPV6_DST, ct2->set) &&
+	    memcmp(&ct1->tuple[__DIR_REPL].dst.v6,
+	    	   &ct2->tuple[__DIR_REPL].dst.v6,
+		   sizeof(u_int32_t)*4) == 0)
+		return 0;
+
+	return 1;
+}

More information about the netfilter-cvslog mailing list