[netfilter-cvslog] [conntrack-tools] branch, master, updated. svn_t_conntrack-tools-0.9.6-22-gbe2450f

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Fri May 16 17:18:05 CEST 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=be2450f37f2ce56eadc78793efc4a54ced4315c6
Commit:		be2450f37f2ce56eadc78793efc4a54ced4315c6
Parent:		d97bb9c44030d1493cae82433825b77585768a75

The branch, master has been updated
       via  be2450f37f2ce56eadc78793efc4a54ced4315c6 (commit)
      from  d97bb9c44030d1493cae82433825b77585768a75 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit be2450f37f2ce56eadc78793efc4a54ced4315c6
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri May 16 17:05:17 2008 +0200

    - remove (misleading) counters and use information from the statistics mode
    - use generic nfct_copy() from libnetfilter_conntrack to update objects
    - use generic nfct_cmp() to compare objects

-----------------------------------------------------------------------

commit be2450f37f2ce56eadc78793efc4a54ced4315c6
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri May 16 17:05:17 2008 +0200

    - remove (misleading) counters and use information from the statistics mode
    - use generic nfct_copy() from libnetfilter_conntrack to update objects
    - use generic nfct_cmp() to compare objects

diff --git a/ChangeLog b/ChangeLog
index 02ac75a..d67ad30 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,9 @@ o improve netlink overrun handling
 o add more verbose error notification when we fail to inject a conntrack
 o rework of the FT-FW approach
 o minor fix of the manpage (Max Wilhelm)
+o remove (misleading) counters and use information from the statistics mode
+o use generic nfct_copy() from libnetfilter_conntrack to update objects
+o use generic nfct_cmp() to compare objects
 
 version 0.9.6 (2008/03/08)
 ------------------------------
diff --git a/configure.in b/configure.in
index 17101e9..f3b8785 100644
--- a/configure.in
+++ b/configure.in
@@ -17,8 +17,8 @@ case $target in
 esac
 
 dnl Dependencies
-LIBNFNETLINK_REQUIRED=0.0.32
-LIBNETFILTER_CONNTRACK_REQUIRED=0.0.92
+LIBNFNETLINK_REQUIRED=0.0.33
+LIBNETFILTER_CONNTRACK_REQUIRED=0.0.94
 
 AC_CHECK_PROG(HAVE_PKG_CONFIG, pkg-config, yes)
 if test "x$HAVE_PKG_CONFIG" = "x"
diff --git a/src/cache.c b/src/cache.c
index eac9a78..4162661 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -85,75 +85,12 @@ static uint32_t hash(const void *data, struct hashtable *table)
 	return ret;
 }
 
-static int __compare(const struct nf_conntrack *ct1, 
-		     const struct nf_conntrack *ct2)
-{
-	return ((nfct_get_attr_u8(ct1, ATTR_ORIG_L4PROTO) ==
-		 nfct_get_attr_u8(ct2, ATTR_ORIG_L4PROTO)) && 
-		(nfct_get_attr_u16(ct1, ATTR_ORIG_PORT_SRC) ==
-		 nfct_get_attr_u16(ct2, ATTR_ORIG_PORT_SRC)) &&
-		(nfct_get_attr_u16(ct1, ATTR_ORIG_PORT_DST) ==
-	 	 nfct_get_attr_u16(ct2, ATTR_ORIG_PORT_DST)) &&
-		(nfct_get_attr_u16(ct1, ATTR_REPL_PORT_SRC) ==
-	 	 nfct_get_attr_u16(ct2, ATTR_REPL_PORT_SRC)) &&
-		(nfct_get_attr_u16(ct1, ATTR_REPL_PORT_DST) ==
-	 	 nfct_get_attr_u16(ct2, ATTR_REPL_PORT_DST)));
-}
-
-static int 
-__compare4(const struct us_conntrack *u1, const struct us_conntrack *u2)
-{
-	return ((nfct_get_attr_u32(u1->ct, ATTR_ORIG_IPV4_SRC) ==
-	         nfct_get_attr_u32(u2->ct, ATTR_ORIG_IPV4_SRC)) &&
-	 	(nfct_get_attr_u32(u1->ct, ATTR_ORIG_IPV4_DST) ==
-		 nfct_get_attr_u32(u2->ct, ATTR_ORIG_IPV4_DST)) &&
-		(nfct_get_attr_u32(u1->ct, ATTR_REPL_IPV4_SRC) ==
-		 nfct_get_attr_u32(u2->ct, ATTR_REPL_IPV4_SRC)) &&
-		(nfct_get_attr_u32(u1->ct, ATTR_REPL_IPV4_DST) ==
-		 nfct_get_attr_u32(u2->ct, ATTR_REPL_IPV4_DST)) &&
-		 __compare(u1->ct, u2->ct));
-}
-
-static int 
-__compare6(const struct us_conntrack *u1, const struct us_conntrack *u2)
-{
-	return ((memcmp(nfct_get_attr(u1->ct, ATTR_ORIG_IPV6_SRC),
-		        nfct_get_attr(u2->ct, ATTR_ORIG_IPV6_SRC),
-		        sizeof(uint32_t)*4) == 0) &&
-		(memcmp(nfct_get_attr(u1->ct, ATTR_ORIG_IPV6_DST),
-		        nfct_get_attr(u2->ct, ATTR_ORIG_IPV6_DST),
-		        sizeof(uint32_t)*4) == 0) &&
-		(memcmp(nfct_get_attr(u1->ct, ATTR_REPL_IPV6_SRC),
-		        nfct_get_attr(u2->ct, ATTR_REPL_IPV6_SRC),
-		        sizeof(uint32_t)*4) == 0) &&
-		(memcmp(nfct_get_attr(u1->ct, ATTR_REPL_IPV6_DST),
-		        nfct_get_attr(u2->ct, ATTR_REPL_IPV6_DST),
-		        sizeof(uint32_t)*4) == 0) &&
-		__compare(u1->ct, u2->ct));
-}
-
 static int compare(const void *data1, const void *data2)
 {
-	int ret = 0;
 	const struct us_conntrack *u1 = data1;
 	const struct us_conntrack *u2 = data2;
 
-	if (nfct_get_attr_u8(u1->ct, ATTR_L3PROTO) !=
-	    nfct_get_attr_u8(u2->ct, ATTR_L3PROTO))
-		return ret;
-
-	switch(nfct_get_attr_u8(u1->ct, ATTR_L3PROTO)) {
-		case AF_INET:
-			ret = __compare4(u1, u2);
-			break;
-		case AF_INET6:
-			ret = __compare6(u1, u2);
-			break;
-		default:
-			dlog(LOG_ERR, "unknown layer 3 in compare");
-			break;
-	}
-	return ret;
+	return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG | NFCT_CMP_REPL);
 }
 
 struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
@@ -305,15 +242,7 @@ static struct us_conntrack *__update(struct cache *c, struct nf_conntrack *ct)
 		unsigned i;
 		char *data = u->data;
 
-		if (nfct_attr_is_set(ct, ATTR_STATUS))
-		    	nfct_set_attr_u32(u->ct, ATTR_STATUS,
-					  nfct_get_attr_u32(ct, ATTR_STATUS));
-		if (nfct_attr_is_set(ct, ATTR_TCP_STATE))
-			nfct_set_attr_u8(u->ct, ATTR_TCP_STATE,
-					 nfct_get_attr_u8(ct, ATTR_TCP_STATE));
-		if (nfct_attr_is_set(ct, ATTR_TIMEOUT))
-			nfct_set_attr_u32(u->ct, ATTR_TIMEOUT,
-					  nfct_get_attr_u32(ct, ATTR_TIMEOUT));
+		nfct_copy(u->ct, ct, NFCT_CP_META);
 
 		for (i = 0; i < c->num_features; i++) {
 			c->features[i]->update(u, data);
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 5808320..1650d5d 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -89,7 +89,12 @@ static int local_handler_stats(int fd, int type, void *data)
 
 static void dump_stats(struct nf_conntrack *ct)
 {
+	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_BYTES);
+	nfct_attr_unset(ct, ATTR_ORIG_COUNTER_PACKETS);
+	nfct_attr_unset(ct, ATTR_REPL_COUNTER_BYTES);
+	nfct_attr_unset(ct, ATTR_REPL_COUNTER_PACKETS);
 	nfct_attr_unset(ct, ATTR_TIMEOUT);
+	nfct_attr_unset(ct, ATTR_USE);
 
 	if (cache_update_force(STATE_STATS(cache), ct))
 		debug_ct(ct, "resync entry");


hooks/post-receive
--
conntrack-tools

More information about the netfilter-cvslog mailing list