[netfilter-cvslog] r7450 - in trunk/conntrack-tools: . include src
pablo at netfilter.org
pablo at netfilter.org
Tue Apr 8 17:50:43 CEST 2008
Author: pablo at netfilter.org
Date: 2008-04-08 17:50:42 +0200 (Tue, 08 Apr 2008)
New Revision: 7450
Modified:
trunk/conntrack-tools/ChangeLog
trunk/conntrack-tools/include/netlink.h
trunk/conntrack-tools/src/cache_wt.c
trunk/conntrack-tools/src/netlink.c
Log:
fix asymmetric path support (still some open concerns)
Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog 2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/ChangeLog 2008-04-08 15:50:42 UTC (rev 7450)
@@ -4,6 +4,7 @@
Pablo Neira Ayuso <pablo at netfilter.org>:
o remove .svn directory from make distcheck tarballs (reported by B.Benjamini)
o fix minor compilation issue in amd64 with gcc4.3 (reported by Daniel Schepler)
+o fix asymmetric path support (reported by Gary Richards)
Krzysztof Oledzki <ole at ans.pl>:
o fix minor compilation warning
Modified: trunk/conntrack-tools/include/netlink.h
===================================================================
--- trunk/conntrack-tools/include/netlink.h 2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/include/netlink.h 2008-04-08 15:50:42 UTC (rev 7450)
@@ -14,8 +14,12 @@
int nl_dump_conntrack_table(void);
+int nl_exist_conntrack(struct nf_conntrack *ct);
+
int nl_create_conntrack(struct nf_conntrack *ct);
+int nl_update_conntrack(struct nf_conntrack *ct);
+
int nl_destroy_conntrack(struct nf_conntrack *ct);
#endif
Modified: trunk/conntrack-tools/src/cache_wt.c
===================================================================
--- trunk/conntrack-tools/src/cache_wt.c 2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/src/cache_wt.c 2008-04-08 15:50:42 UTC (rev 7450)
@@ -16,30 +16,58 @@
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include "conntrackd.h"
#include "cache.h"
#include "netlink.h"
#include "us-conntrack.h"
+#include "log.h"
#include <string.h>
+#include <errno.h>
-static void add_update(struct us_conntrack *u)
+static void add_wt(struct us_conntrack *u)
{
+ int ret;
char __ct[nfct_maxsize()];
struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
+ ret = nl_exist_conntrack(u->ct);
+ switch (ret) {
+ case -1:
+ dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno));
+ break;
+ case 0:
+ memcpy(ct, u->ct, nfct_maxsize());
+ if (nl_create_conntrack(ct) == -1)
+ dlog(LOG_ERR, "cache_wt create: %s", strerror(errno));
+ break;
+ case 1:
+ memcpy(ct, u->ct, nfct_maxsize());
+ if (nl_update_conntrack(ct) == -1)
+ dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno));
+ break;
+ }
+}
+
+static void upd_wt(struct us_conntrack *u)
+{
+ char __ct[nfct_maxsize()];
+ struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct;
+
memcpy(ct, u->ct, nfct_maxsize());
- nl_create_conntrack(ct);
+ if (nl_update_conntrack(ct) == -1)
+ dlog(LOG_ERR, "cache_wt update:%s", strerror(errno));
}
static void writethrough_add(struct us_conntrack *u, void *data)
{
- add_update(u);
+ add_wt(u);
}
static void writethrough_update(struct us_conntrack *u, void *data)
{
- add_update(u);
+ upd_wt(u);
}
static void writethrough_destroy(struct us_conntrack *u, void *data)
Modified: trunk/conntrack-tools/src/netlink.c
===================================================================
--- trunk/conntrack-tools/src/netlink.c 2008-04-08 11:50:57 UTC (rev 7449)
+++ trunk/conntrack-tools/src/netlink.c 2008-04-08 15:50:42 UTC (rev 7450)
@@ -23,6 +23,8 @@
#include "log.h"
#include "debug.h"
+#include <errno.h>
+
int ignore_conntrack(struct nf_conntrack *ct)
{
/* ignore a certain protocol */
@@ -193,6 +195,17 @@
return nfct_query(STATE(dump), NFCT_Q_DUMP, &CONFIG(family));
}
+int nl_exist_conntrack(struct nf_conntrack *ct)
+{
+ int ret;
+
+ ret = nfct_query(STATE(dump), NFCT_Q_GET, ct);
+ if (ret == -1)
+ return errno == ENOENT ? 0 : -1;
+
+ return 1;
+}
+
/* This function modifies the conntrack passed as argument! */
int nl_create_conntrack(struct nf_conntrack *ct)
{
@@ -219,6 +232,24 @@
return nfct_query(STATE(dump), NFCT_Q_CREATE_UPDATE, ct);
}
+/* This function modifies the conntrack passed as argument! */
+int nl_update_conntrack(struct nf_conntrack *ct)
+{
+ /* unset NAT info, otherwise we hit error */
+ nfct_attr_unset(ct, ATTR_SNAT_IPV4);
+ nfct_attr_unset(ct, ATTR_DNAT_IPV4);
+ nfct_attr_unset(ct, ATTR_SNAT_PORT);
+ nfct_attr_unset(ct, ATTR_DNAT_PORT);
+
+ if (nfct_attr_is_set(ct, ATTR_STATUS)) {
+ uint32_t status = nfct_get_attr_u32(ct, ATTR_STATUS);
+ status &= ~IPS_NAT_MASK;
+ nfct_set_attr_u32(ct, ATTR_STATUS, status);
+ }
+
+ return nl_create_conntrack(ct);
+}
+
int nl_destroy_conntrack(struct nf_conntrack *ct)
{
return nfct_query(STATE(dump), NFCT_Q_DESTROY, ct);
More information about the netfilter-cvslog
mailing list