[conntrack-tools] src: move callbacks to run.c for better readability

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Thu Nov 27 23:47:17 CET 2008


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=9aba3974d60bfbc773ac366ad6b8859a5c000377
commit 9aba3974d60bfbc773ac366ad6b8859a5c000377
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Thu Nov 27 23:40:13 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Thu Nov 27 23:40:13 2008 +0100

    src: move callbacks to run.c for better readability
    
    This patch is a cleanup. It moves the callbacks from netlink.c to
    run.c where they are actually invoked. This is better for code
    readability as I usually have to switch from run.c to netlink.c
    to remember what the callbacks actually do.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  9aba3974d60bfbc773ac366ad6b8859a5c000377 (commit)
      from  e6832ed088eac06fee6316dd2ecb8003aa635f17 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9aba3974d60bfbc773ac366ad6b8859a5c000377
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Nov 27 23:40:13 2008 +0100

    src: move callbacks to run.c for better readability
    
    This patch is a cleanup. It moves the callbacks from netlink.c to
    run.c where they are actually invoked. This is better for code
    readability as I usually have to switch from run.c to netlink.c
    to remember what the callbacks actually do.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/filter.h  |    2 +-
 include/netlink.h |   10 +--
 src/filter.c      |   49 +++++++++++++++-
 src/netlink.c     |  166 ++++++++++------------------------------------------
 src/run.c         |   72 +++++++++++++++++++++--
 src/stats-mode.c  |    2 +-
 src/sync-mode.c   |    2 +-
 7 files changed, 154 insertions(+), 149 deletions(-)
This patch is a cleanup. It moves the callbacks from netlink.c to
run.c where they are actually invoked. This is better for code
readability as I usually have to switch from run.c to netlink.c
to remember what the callbacks actually do.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/filter.h b/include/filter.h
index 567be34..9c2cf66 100644
--- a/include/filter.h
+++ b/include/filter.h
@@ -39,6 +39,6 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int state);
 void ct_filter_set_logic(struct ct_filter *f,
 			 enum ct_filter_type type,
 			 enum ct_filter_logic logic);
-int ct_filter_check(struct ct_filter *filter, struct nf_conntrack *ct);
+int ct_filter_conntrack(struct nf_conntrack *ct, int userspace);
 
 #endif
diff --git a/include/netlink.h b/include/netlink.h
index d13d33d..52482c1 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -6,15 +6,13 @@
 struct nf_conntrack;
 struct nfct_handle;
 
-int ignore_conntrack(struct nf_conntrack *ct, int userspace);
+struct nfct_handle *nl_init_event_handler(void);
 
-int nl_init_event_handler(void);
+struct nfct_handle *nl_init_dump_handler(void);
 
-int nl_init_dump_handler(void);
+struct nfct_handle *nl_init_request_handler(void);
 
-int nl_init_request_handler(void);
-
-int nl_init_overrun_handler(void);
+struct nfct_handle *nl_init_overrun_handler(void);
 
 int nl_overrun_request_resync(void);
 
diff --git a/src/filter.c b/src/filter.c
index 905d10f..5a8b5d8 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -279,7 +279,7 @@ static int __ct_filter_test_state(struct ct_filter *f, struct nf_conntrack *ct)
 	return test_bit_u16(val, &f->statemap[protonum]);
 }
 
-int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct)
+static int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct)
 {
 	int ret, protonum = nfct_get_attr_u8(ct, ATTR_L4PROTO);
 
@@ -324,3 +324,50 @@ int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct)
 
 	return 1;
 }
+
+static inline int ct_filter_sanity_check(struct nf_conntrack *ct)
+{
+	if (!nfct_attr_is_set(ct, ATTR_L3PROTO)) {
+		dlog(LOG_ERR, "missing layer 3 protocol");
+		return 0;
+	}
+
+	switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
+	case AF_INET:
+		if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) ||
+		    !nfct_attr_is_set(ct, ATTR_IPV4_DST) ||
+		    !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) ||
+		    !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) {
+		    	dlog(LOG_ERR, "missing IPv4 address. "
+				      "You forgot to load "
+				      "nf_conntrack_ipv4?");
+			return 0;
+		}
+		break;
+	case AF_INET6:
+		if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) ||
+		    !nfct_attr_is_set(ct, ATTR_IPV6_DST) ||
+		    !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) ||
+		    !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) {
+		    	dlog(LOG_ERR, "missing IPv6 address. "
+				      "You forgot to load "
+				      "nf_conntrack_ipv6?");
+			return 0;
+		}
+		break;
+	}
+	return 1;
+}
+
+/* we do user-space filtering for dump and resyncs */
+int ct_filter_conntrack(struct nf_conntrack *ct, int userspace)
+{
+	/* missing mandatory attributes in object */
+	if (!ct_filter_sanity_check(ct))
+		return 1;
+
+	if (userspace && !ct_filter_check(STATE(us_filter), ct))
+		return 1;
+
+	return 0;
+}
diff --git a/src/netlink.c b/src/netlink.c
index b8a2a02..81ac7a1 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -18,103 +18,27 @@
 
 #include "netlink.h"
 #include "conntrackd.h"
-#include "traffic_stats.h"
 #include "filter.h"
 #include "log.h"
 #include "debug.h"
 
 #include <string.h>
 #include <errno.h>
-
-static int sanity_check(struct nf_conntrack *ct)
-{
-	if (!nfct_attr_is_set(ct, ATTR_L3PROTO)) {
-		dlog(LOG_ERR, "missing layer 3 protocol");
-		return 0;
-	}
-
-	switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-	case AF_INET:
-		if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) ||
-		    !nfct_attr_is_set(ct, ATTR_IPV4_DST) ||
-		    !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) ||
-		    !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) {
-		    	dlog(LOG_ERR, "missing IPv4 address. "
-				      "You forgot to load "
-				      "nf_conntrack_ipv4?");
-			return 0;
-		}
-		break;
-	case AF_INET6:
-		if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) ||
-		    !nfct_attr_is_set(ct, ATTR_IPV6_DST) ||
-		    !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) ||
-		    !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) {
-		    	dlog(LOG_ERR, "missing IPv6 address. "
-				      "You forgot to load "
-				      "nf_conntrack_ipv6?");
-			return 0;
-		}
-		break;
-	}
-	return 1;
-}
-
-/* we do user-space filtering for dump and resyncs */
-int ignore_conntrack(struct nf_conntrack *ct, int userspace)
-{
-	/* missing mandatory attributes in object */
-	if (!sanity_check(ct))
-		return 1;
-
-	if (userspace && !ct_filter_check(STATE(us_filter), ct)) {
-		debug_ct(ct, "ignore traffic");
-		return 1;
-	}
-
-	return 0;
-}
-
-static int event_handler(enum nf_conntrack_msg_type type,
-			 struct nf_conntrack *ct,
-			 void *data)
-{
-	/* skip user-space filtering if already do it in the kernel */
-	if (ignore_conntrack(ct, !CONFIG(filter_from_kernelspace)))
-		return NFCT_CB_STOP;
-
-	switch(type) {
-	case NFCT_T_NEW:
-		STATE(mode)->event_new(ct);
-		break;
-	case NFCT_T_UPDATE:
-		STATE(mode)->event_upd(ct);
-		break;
-	case NFCT_T_DESTROY:
-		if (STATE(mode)->event_dst(ct))
-			update_traffic_stats(ct);
-		break;
-	default:
-		dlog(LOG_WARNING, "unknown msg from ctnetlink\n");
-		break;
-	}
-
-	return NFCT_CB_CONTINUE;
-}
-
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/fcntl.h>
 
-int nl_init_event_handler(void)
+struct nfct_handle *nl_init_event_handler(void)
 {
-	STATE(event) = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
-	if (!STATE(event))
-		return -1;
+	struct nfct_handle *h;
+
+	h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
+	if (h == NULL)
+		return NULL;
 
 	if (STATE(filter)) {
 		if (CONFIG(filter_from_kernelspace)) {
-			if (nfct_filter_attach(nfct_fd(STATE(event)),
+			if (nfct_filter_attach(nfct_fd(h),
 					       STATE(filter)) == -1) {
 				dlog(LOG_ERR, "cannot set event filtering: %s",
 				     strerror(errno));
@@ -126,18 +50,18 @@ int nl_init_event_handler(void)
 		nfct_filter_destroy(STATE(filter));
 	}
 
-	fcntl(nfct_fd(STATE(event)), F_SETFL, O_NONBLOCK);
+	fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK);
 
 	/* set up socket buffer size */
 	if (CONFIG(netlink_buffer_size))
-		nfnl_rcvbufsiz(nfct_nfnlh(STATE(event)),
+		nfnl_rcvbufsiz(nfct_nfnlh(h),
 			       CONFIG(netlink_buffer_size));
 	else {
 		socklen_t socklen = sizeof(unsigned int);
 		unsigned int read_size;
 
 		/* get current buffer size */
-		getsockopt(nfct_fd(STATE(event)), SOL_SOCKET,
+		getsockopt(nfct_fd(h), SOL_SOCKET,
 			   SO_RCVBUF, &read_size, &socklen);
 
 		CONFIG(netlink_buffer_size) = read_size;
@@ -148,69 +72,43 @@ int nl_init_event_handler(void)
 		CONFIG(netlink_buffer_size_max_grown) =
 					CONFIG(netlink_buffer_size);
 
-	/* register callback for events */
-	nfct_callback_register(STATE(event), NFCT_T_ALL, event_handler, NULL);
-
-	return 0;
+	return h;
 }
 
-static int dump_handler(enum nf_conntrack_msg_type type,
-			struct nf_conntrack *ct,
-			void *data)
+struct nfct_handle *nl_init_dump_handler(void)
 {
-	if (ignore_conntrack(ct, 1))
-		return NFCT_CB_CONTINUE;
-
-	switch(type) {
-	case NFCT_T_UPDATE:
-		STATE(mode)->dump(ct);
-		break;
-	default:
-		dlog(LOG_WARNING, "unknown msg from ctnetlink");
-		break;
-	}
-	return NFCT_CB_CONTINUE;
-}
+	struct nfct_handle *h;
 
-int nl_init_dump_handler(void)
-{
 	/* open dump netlink socket */
-	STATE(dump) = nfct_open(CONNTRACK, 0);
-	if (!STATE(dump))
-		return -1;
-
-	/* register callback for dumped entries */
-	nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL);
+	h = nfct_open(CONNTRACK, 0);
+	if (h == NULL)
+		return NULL;
 
-	if (nl_dump_conntrack_table() == -1)
-		return -1;
-
-	return 0;
+	return h;
 }
 
-int nl_init_overrun_handler(void)
+struct nfct_handle *nl_init_overrun_handler(void)
 {
-	STATE(overrun) = nfct_open(CONNTRACK, 0);
-	if (!STATE(overrun))
-		return -1;
+	struct nfct_handle *h;
+
+	h = nfct_open(CONNTRACK, 0);
+	if (h == NULL)
+		return NULL;
 
-	fcntl(nfct_fd(STATE(overrun)), F_SETFL, O_NONBLOCK);
+	fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK);
 
-	nfct_callback_register(STATE(overrun), 
-			       NFCT_T_ALL, 
-			       STATE(mode)->overrun, 
-			       NULL);
-	return 0;
+	return h;
 }
 
-/* no callback, it does not do anything with the output */
-int nl_init_request_handler(void)
+struct nfct_handle *nl_init_request_handler(void)
 {
-	STATE(request) = nfct_open(CONNTRACK, 0);
-	if (!STATE(request))
-		return -1;
+	struct nfct_handle *h;
+
+	h = nfct_open(CONNTRACK, 0);
+	if (h == NULL)
+		return NULL;
 
-	return 0;
+	return h;
 }
 
 static int warned = 0;
diff --git a/src/run.c b/src/run.c
index ec110d7..6515e62 100644
--- a/src/run.c
+++ b/src/run.c
@@ -24,6 +24,7 @@
 #include "log.h"
 #include "alarm.h"
 #include "fds.h"
+#include "traffic_stats.h"
 
 #include <errno.h>
 #include <signal.h>
@@ -100,6 +101,51 @@ static void do_overrun_alarm(struct alarm_block *a, void *data)
 	add_alarm(&STATE(overrun_alarm), 2, 0);
 }
 
+static int event_handler(enum nf_conntrack_msg_type type,
+			 struct nf_conntrack *ct,
+			 void *data)
+{
+	/* skip user-space filtering if already do it in the kernel */
+	if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace)))
+		return NFCT_CB_STOP;
+
+	switch(type) {
+	case NFCT_T_NEW:
+		STATE(mode)->event_new(ct);
+		break;
+	case NFCT_T_UPDATE:
+		STATE(mode)->event_upd(ct);
+		break;
+	case NFCT_T_DESTROY:
+		if (STATE(mode)->event_dst(ct))
+			update_traffic_stats(ct);
+		break;
+	default:
+		dlog(LOG_WARNING, "unknown msg from ctnetlink\n");
+		break;
+	}
+
+	return NFCT_CB_CONTINUE;
+}
+
+static int dump_handler(enum nf_conntrack_msg_type type,
+			struct nf_conntrack *ct,
+			void *data)
+{
+	if (ct_filter_conntrack(ct, 1))
+		return NFCT_CB_CONTINUE;
+
+	switch(type) {
+	case NFCT_T_UPDATE:
+		STATE(mode)->dump(ct);
+		break;
+	default:
+		dlog(LOG_WARNING, "unknown msg from ctnetlink");
+		break;
+	}
+	return NFCT_CB_CONTINUE;
+}
+
 int
 init(void)
 {
@@ -126,28 +172,44 @@ init(void)
 		return -1;
 	}
 
-	if (nl_init_event_handler() == -1) {
+	STATE(event) = nl_init_event_handler();
+	if (STATE(event) == NULL) {
 		dlog(LOG_ERR, "can't open netlink handler: %s",
 		     strerror(errno));
 		dlog(LOG_ERR, "no ctnetlink kernel support?");
 		return -1;
 	}
+	nfct_callback_register(STATE(event), NFCT_T_ALL, event_handler, NULL);
 
-	if (nl_init_dump_handler() == -1) {
+	STATE(dump) = nl_init_dump_handler();
+	if (STATE(dump) == NULL) {
 		dlog(LOG_ERR, "can't open netlink handler: %s",
 		     strerror(errno));
 		dlog(LOG_ERR, "no ctnetlink kernel support?");
 		return -1;
 	}
+	nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL);
 
-	if (nl_init_overrun_handler() == -1) {
+	if (nl_dump_conntrack_table() == -1) {
+		dlog(LOG_ERR, "can't get kernel conntrack table");
+		return -1;
+	}
+
+	STATE(overrun) = nl_init_overrun_handler();
+	if (STATE(overrun)== NULL) {
 		dlog(LOG_ERR, "can't open netlink handler: %s",
 		     strerror(errno));
 		dlog(LOG_ERR, "no ctnetlink kernel support?");
 		return -1;
 	}
-
-	if (nl_init_request_handler() == -1) {
+	nfct_callback_register(STATE(overrun),
+			       NFCT_T_ALL,
+			       STATE(mode)->overrun,
+			       NULL);
+
+	/* no callback, it does not do anything with the output */
+	STATE(request) = nl_init_request_handler();
+	if (STATE(request) == NULL) {
 		dlog(LOG_ERR, "can't open netlink handler: %s",
 		     strerror(errno));
 		dlog(LOG_ERR, "no ctnetlink kernel support?");
diff --git a/src/stats-mode.c b/src/stats-mode.c
index 763afe0..ad28008 100644
--- a/src/stats-mode.c
+++ b/src/stats-mode.c
@@ -104,7 +104,7 @@ static int overrun_stats(enum nf_conntrack_msg_type type,
 			 struct nf_conntrack *ct,
 			 void *data)
 {
-	if (ignore_conntrack(ct, 1))
+	if (ct_filter_conntrack(ct, 1))
 		return NFCT_CB_CONTINUE;
 
 	/* This is required by kernels < 2.6.20 */
diff --git a/src/sync-mode.c b/src/sync-mode.c
index 152a8e2..e613111 100644
--- a/src/sync-mode.c
+++ b/src/sync-mode.c
@@ -438,7 +438,7 @@ static int overrun_sync(enum nf_conntrack_msg_type type,
 {
 	struct us_conntrack *u;
 
-	if (ignore_conntrack(ct, 1))
+	if (ct_filter_conntrack(ct, 1))
 		return NFCT_CB_CONTINUE;
 
 	/* This is required by kernels < 2.6.20 */



More information about the netfilter-cvslog mailing list