[netfilter-cvslog] r7450 - in trunk/conntrack-tools: . include src

[pablo at netfilter.org]

Author: pablo at netfilter.org
Date: 2008-04-08 17:50:42 +0200 (Tue, 08 Apr 2008)
New Revision: 7450

Modified:
   trunk/conntrack-tools/ChangeLog
   trunk/conntrack-tools/include/netlink.h
   trunk/conntrack-tools/src/cache_wt.c
   trunk/conntrack-tools/src/netlink.c
Log:
fix asymmetric path support (still some open concerns)


Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog	2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/ChangeLog	2008-04-08 15:50:42 UTC (rev 7450)
@@ -4,6 +4,7 @@
 Pablo Neira Ayuso <pablo at netfilter.org>:
 o remove .svn directory from make distcheck tarballs (reported by B.Benjamini)
 o fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler)
+o fix asymmetric path support (reported by Gary Richards)
 
 Krzysztof Oledzki <ole at ans.pl>:
 o fix minor compilation warning

Modified: trunk/conntrack-tools/include/netlink.h
===================================================================
--- trunk/conntrack-tools/include/netlink.h	2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/include/netlink.h	2008-04-08 15:50:42 UTC (rev 7450)
@@ -14,8 +14,12 @@
 
 int nl_dump_conntrack_table(void);
 
+int nl_exist_conntrack(struct nf_conntrack *ct);
+
 int nl_create_conntrack(struct nf_conntrack *ct);
 
+int nl_update_conntrack(struct nf_conntrack *ct);
+
 int nl_destroy_conntrack(struct nf_conntrack *ct);
 
 #endif

Modified: trunk/conntrack-tools/src/cache_wt.c
===================================================================
--- trunk/conntrack-tools/src/cache_wt.c	2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/src/cache_wt.c	2008-04-08 15:50:42 UTC (rev 7450)
@@ -16,30 +16,58 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
+#include "conntrackd.h"
 #include "cache.h"
 #include "netlink.h"
 #include "us-conntrack.h"
+#include "log.h"
 
 #include <string.h>
+#include <errno.h>
 
-static void add_update(struct us_conntrack *u)
+static void add_wt(struct us_conntrack *u)
 {
+	int ret;
 	char __ct[nfct_maxsize()];
 	struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
 
+	ret = nl_exist_conntrack(u->ct);
+	switch (ret) {
+	case -1:
+		dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno));
+		break;
+	case 0:
+		memcpy(ct, u->ct, nfct_maxsize());
+		if (nl_create_conntrack(ct) == -1)
+			dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
+		break;
+	case 1:
+		memcpy(ct, u->ct, nfct_maxsize());
+		if (nl_update_conntrack(ct) == -1)
+			dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
+		break;
+	}
+}
+
+static void upd_wt(struct us_conntrack *u)
+{
+	char __ct[nfct_maxsize()];
+	struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
+
 	memcpy(ct, u->ct, nfct_maxsize());
 
-	nl_create_conntrack(ct);
+	if (nl_update_conntrack(ct) == -1)
+		dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
 }
 
 static void writethrough_add(struct us_conntrack *u, void *data)
 {
-	add_update(u);
+	add_wt(u);
 }
 
 static void writethrough_update(struct us_conntrack *u, void *data)
 {
-	add_update(u);
+	upd_wt(u);
 }
 
 static void writethrough_destroy(struct us_conntrack *u, void *data)

Modified: trunk/conntrack-tools/src/netlink.c
===================================================================
--- trunk/conntrack-tools/src/netlink.c	2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/src/netlink.c	2008-04-08 15:50:42 UTC (rev 7450)
@@ -23,6 +23,8 @@
 #include "log.h"
 #include "debug.h"
 
+#include <errno.h>
+
 int ignore_conntrack(struct nf_conntrack *ct)
 {
 	/* ignore a certain protocol */
@@ -193,6 +195,17 @@
 	return nfct_query(STATE(dump), NFCT_Q_DUMP, &CONFIG(family));
 }
 
+int nl_exist_conntrack(struct nf_conntrack *ct)
+{
+	int ret;
+
+	ret = nfct_query(STATE(dump), NFCT_Q_GET, ct);
+	if (ret == -1)
+		return errno == ENOENT ? 0 : -1;
+
+	return 1;
+}
+
 /* This function modifies the conntrack passed as argument! */
 int nl_create_conntrack(struct nf_conntrack *ct)
 {
@@ -219,6 +232,24 @@
 	return nfct_query(STATE(dump), NFCT_Q_CREATE_UPDATE, ct);
 }
 
+/* This function modifies the conntrack passed as argument! */
+int nl_update_conntrack(struct nf_conntrack *ct)
+{
+	/* unset NAT info, otherwise we hit error */
+	nfct_attr_unset(ct, ATTR_SNAT_IPV4);
+	nfct_attr_unset(ct, ATTR_DNAT_IPV4);
+	nfct_attr_unset(ct, ATTR_SNAT_PORT);
+	nfct_attr_unset(ct, ATTR_DNAT_PORT);
+
+	if (nfct_attr_is_set(ct, ATTR_STATUS)) {
+		uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
+		status &= ~IPS_NAT_MASK;
+		nfct_set_attr_u32(ct, ATTR_STATUS, status);
+	}
+
+	return nl_create_conntrack(ct);
+}
+
 int nl_destroy_conntrack(struct nf_conntrack *ct)
 {
 	return nfct_query(STATE(dump), NFCT_Q_DESTROY, ct);