[libnetfilter_conntrack] src: remove old deprecated API
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 21:38:55 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=cdf0d6c32f5c6c7c3071d35fa770eaf62fbad312
commit cdf0d6c32f5c6c7c3071d35fa770eaf62fbad312
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Feb 17 21:36:43 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Feb 17 21:36:43 2009 +0100
src: remove old deprecated API
This patch removes the first API version which was scheduled in
2007. That API had several major limitations that the new one
solved. I don't know of any known existing client of this old
API.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via cdf0d6c32f5c6c7c3071d35fa770eaf62fbad312 (commit)
from 2473a408abdd79fb4b24c5c56f769791203c0cd8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cdf0d6c32f5c6c7c3071d35fa770eaf62fbad312
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue Feb 17 21:36:43 2009 +0100
src: remove old deprecated API
This patch removes the first API version which was scheduled in
2007. That API had several major limitations that the new one
solved. I don't know of any known existing client of this old
API.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
configure.in | 2 +-
include/internal/Makefile.am | 2 +-
include/internal/deprecated.h | 65 --
include/internal/internal.h | 1 -
include/internal/object.h | 5 -
src/Makefile.am | 12 +-
src/deprecated.c | 1204 --------------------
src/deprecated/Makefile.am | 3 -
src/deprecated/extensions/Makefile.am | 14 -
.../extensions/libnetfilter_conntrack_icmp.c | 84 --
.../extensions/libnetfilter_conntrack_sctp.c | 94 --
.../extensions/libnetfilter_conntrack_tcp.c | 136 ---
.../extensions/libnetfilter_conntrack_udp.c | 78 --
src/deprecated/l3extensions/Makefile.am | 9 -
.../l3extensions/libnetfilter_conntrack_ipv4.c | 88 --
.../l3extensions/libnetfilter_conntrack_ipv6.c | 109 --
src/main.c | 2 -
17 files changed, 5 insertions(+), 1903 deletions(-)
delete mode 100644 include/internal/deprecated.h
delete mode 100644 src/deprecated.c
delete mode 100644 src/deprecated/Makefile.am
delete mode 100644 src/deprecated/extensions/Makefile.am
delete mode 100644 src/deprecated/extensions/libnetfilter_conntrack_icmp.c
delete mode 100644 src/deprecated/extensions/libnetfilter_conntrack_sctp.c
delete mode 100644 src/deprecated/extensions/libnetfilter_conntrack_tcp.c
delete mode 100644 src/deprecated/extensions/libnetfilter_conntrack_udp.c
delete mode 100644 src/deprecated/l3extensions/Makefile.am
delete mode 100644 src/deprecated/l3extensions/libnetfilter_conntrack_ipv4.c
delete mode 100644 src/deprecated/l3extensions/libnetfilter_conntrack_ipv6.c
This patch removes the first API version which was scheduled in
2007. That API had several major limitations that the new one
solved. I don't know of any known existing client of this old
API.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/configure.in b/configure.in
index f6f31ab..0d23b0e 100644
--- a/configure.in
+++ b/configure.in
@@ -78,5 +78,5 @@ LIBNFCONNTRACK_LIBS="$LIBNFNETLINK_LIBS"
AC_SUBST(LIBNFCONNTRACK_LIBS)
dnl Output the makefile
-AC_OUTPUT(Makefile src/Makefile include/Makefile utils/Makefile qa/Makefile include/libnetfilter_conntrack/Makefile include/internal/Makefile src/conntrack/Makefile src/expect/Makefile src/deprecated/Makefile src/deprecated/l3extensions/Makefile src/deprecated/extensions/Makefile libnetfilter_conntrack.pc)
+AC_OUTPUT(Makefile src/Makefile include/Makefile utils/Makefile qa/Makefile include/libnetfilter_conntrack/Makefile include/internal/Makefile src/conntrack/Makefile src/expect/Makefile libnetfilter_conntrack.pc)
diff --git a/include/internal/Makefile.am b/include/internal/Makefile.am
index b1632fa..d5c2be6 100644
--- a/include/internal/Makefile.am
+++ b/include/internal/Makefile.am
@@ -1,2 +1,2 @@
noinst_HEADERS = bitops.h extern.h linux_list.h prototypes.h \
- deprecated.h internal.h object.h types.h stack.h
+ internal.h object.h types.h stack.h
diff --git a/include/internal/deprecated.h b/include/internal/deprecated.h
deleted file mode 100644
index fe6f890..0000000
--- a/include/internal/deprecated.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * WARNING: Do *NOT* ever include this file, only for internal use!
- */
-#ifndef _NFCT_DEPRECATED_H_
-#define _NFCT_DEPRECATED_H_
-
-typedef int (*nfct_handler)(struct nfct_handle *cth, struct nlmsghdr *nlh,
- void *arg);
-
-/* some systems have old libc's */
-#include <netinet/in.h>
-#ifndef IPPROTO_SCTP
-#define IPPROTO_SCTP 132
-#endif
-
-#include "internal/linux_list.h"
-
-/* extensions */
-struct nfct_proto {
- struct list_head head;
-
- char *name;
- u_int8_t protonum;
- char *version;
-
- void (*parse_proto)(struct nfattr **, struct nfct_tuple *);
- void (*parse_protoinfo)(struct nfattr **, struct nfct_conntrack *);
- void (*build_tuple_proto)(struct nfnlhdr *, int, struct nfct_tuple *);
- void (*build_protoinfo)(struct nfnlhdr *, int, struct nfct_conntrack *);
- int (*print_protoinfo)(char *, union nfct_protoinfo *);
- int (*print_proto)(char *, struct nfct_tuple *);
- int (*compare)(struct nfct_conntrack *, struct nfct_conntrack *,
- unsigned int);
-};
-
-extern void nfct_register_proto(struct nfct_proto *h);
-
-struct nfct_l3proto {
- struct list_head head;
-
- char *name;
- u_int16_t protonum;
- char *version;
-
- void (*parse_proto)(struct nfattr **, struct nfct_tuple *);
- void (*build_tuple_proto)(struct nfnlhdr *, int, struct nfct_tuple *);
- int (*print_proto)(char *, struct nfct_tuple *);
- int (*compare)(struct nfct_conntrack *, struct nfct_conntrack *,
- unsigned int);
-};
-
-extern void nfct_register_l3proto(struct nfct_l3proto *h);
-
-/* backward compatibility of the deprecated API */
-extern struct nfct_l3proto ipv4;
-extern struct nfct_l3proto ipv6;
-
-extern struct nfct_proto tcp;
-extern struct nfct_proto udp;
-extern struct nfct_proto sctp;
-extern struct nfct_proto icmp;
-
-extern void deprecated_backward_support();
-
-#endif
diff --git a/include/internal/internal.h b/include/internal/internal.h
index 37e4143..a72e071 100644
--- a/include/internal/internal.h
+++ b/include/internal/internal.h
@@ -24,7 +24,6 @@
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include "internal/deprecated.h"
#include "internal/object.h"
#include "internal/prototypes.h"
#include "internal/types.h"
diff --git a/include/internal/object.h b/include/internal/object.h
index 53f942d..f76bf98 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -15,11 +15,6 @@ struct nfct_handle {
struct nfnl_subsys_handle *nfnlssh_ct;
struct nfnl_subsys_handle *nfnlssh_exp;
- /* deprecated old API */
- nfct_callback callback;
- void *callback_data;
- nfct_handler handler;
-
/* callback handler for the new API */
struct nfnl_callback nfnl_cb;
diff --git a/src/Makefile.am b/src/Makefile.am
index 22ba2bc..96446fb 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,7 +4,7 @@ include $(top_srcdir)/Make_global.am
#EXTRA_DIST = $(man_MANS) acinclude.m4
-SUBDIRS=conntrack expect deprecated
+SUBDIRS=conntrack expect
AM_CFLAGS = -fPIC -Wall
LIBS = @LIBNFCONNTRACK_LIBS@
@@ -12,13 +12,7 @@ LIBS = @LIBNFCONNTRACK_LIBS@
lib_LTLIBRARIES = libnetfilter_conntrack.la
libnetfilter_conntrack_la_LIBADD = conntrack/libnfconntrack.la \
- expect/libnfexpect.la \
- deprecated/l3extensions/libnfct_l3proto_ipv4.la \
- deprecated/l3extensions/libnfct_l3proto_ipv6.la \
- deprecated/extensions/libnfct_proto_tcp.la \
- deprecated/extensions/libnfct_proto_udp.la \
- deprecated/extensions/libnfct_proto_icmp.la \
- deprecated/extensions/libnfct_proto_sctp.la
+ expect/libnfexpect.la
libnetfilter_conntrack_la_LDFLAGS = -Wc,-nostartfiles -lnfnetlink -ldl \
-version-info $(LIBVERSION)
-libnetfilter_conntrack_la_SOURCES = main.c deprecated.c
+libnetfilter_conntrack_la_SOURCES = main.c
diff --git a/src/deprecated.c b/src/deprecated.c
deleted file mode 100644
index 84de04b..0000000
--- a/src/deprecated.c
+++ /dev/null
@@ -1,1204 +0,0 @@
-/*
- * (C) 2005-2006 by Pablo Neira Ayuso <pablo at netfilter.org>
- * Harald Welte <laforge at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * Warning: This file contains the old API that is deprecated!
- */
-#include <stdio.h>
-#include <unistd.h>
-#include <dlfcn.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <errno.h>
-#include <string.h>
-#include <arpa/inet.h>
-#include <libnfnetlink/libnfnetlink.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-
-#include "internal/linux_list.h"
-#include "internal/internal.h"
-
-#define NFCT_BUFSIZE 4096
-
-static LIST_HEAD(proto_list);
-static LIST_HEAD(l3proto_list);
-static char *proto2str[IPPROTO_MAX] = {
- [IPPROTO_TCP] = "tcp",
- [IPPROTO_UDP] = "udp",
- [IPPROTO_ICMP] = "icmp",
- [IPPROTO_SCTP] = "sctp"
-};
-static char *l3proto2str[AF_MAX] = {
- [AF_INET] = "ipv4",
- [AF_INET6] = "ipv6"
-};
-static struct nfct_proto *findproto(char *name);
-static struct nfct_l3proto *findl3proto(char *name);
-
-void deprecated_backward_support()
-{
- nfct_register_l3proto(&ipv4);
- nfct_register_l3proto(&ipv6);
-
- nfct_register_proto(&tcp);
- nfct_register_proto(&udp);
- nfct_register_proto(&icmp);
- nfct_register_proto(&sctp);
-}
-
-/* handler used for nfnl_listen */
-static int callback_handler(struct sockaddr_nl *nladdr,
- struct nlmsghdr *n, void *arg)
-{
- struct nfct_handle *cth = (struct nfct_handle *) arg;
- int ret;
-
- if (NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK &&
- NFNL_SUBSYS_ID(n->nlmsg_type) != NFNL_SUBSYS_CTNETLINK_EXP) {
- nfnl_dump_packet(n, n->nlmsg_len, "callback_handler");
- return 0;
- }
-
- if (!cth)
- return -ENODEV;
-
- if (!cth->handler)
- return -ENODEV;
-
- ret = cth->handler(cth, n, NULL);
-
- return ret;
-}
-
-void nfct_register_callback(struct nfct_handle *cth, nfct_callback callback,
- void *data)
-{
- cth->callback = callback;
- cth->callback_data = data;
-}
-
-void nfct_unregister_callback(struct nfct_handle *cth)
-{
- cth->callback = NULL;
- cth->callback_data = NULL;
-}
-
-static void nfct_build_tuple_ip(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- struct nfattr *nest;
- struct nfct_l3proto *h;
-
- nest = nfnl_nest(&req->nlh, size, CTA_TUPLE_IP);
-
- h = findl3proto(l3proto2str[t->l3protonum]);
- if (h && h->build_tuple_proto)
- h->build_tuple_proto(req, size, t);
-
- nfnl_nest_end(&req->nlh, nest);
-}
-
-static void nfct_build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- struct nfct_proto *h;
- struct nfattr *nest;
-
- nest = nfnl_nest(&req->nlh, size, CTA_TUPLE_PROTO);
-
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_NUM, &t->protonum,
- sizeof(u_int8_t));
-
- h = findproto(proto2str[t->protonum]);
-
- if (h && h->build_tuple_proto)
- h->build_tuple_proto(req, size, t);
-
- nfnl_nest_end(&req->nlh, nest);
-}
-
-void nfct_build_tuple(struct nfnlhdr *req, int size,
- struct nfct_tuple *t, int type)
-{
- struct nfattr *nest;
-
- nest = nfnl_nest(&req->nlh, size, type);
-
- nfct_build_tuple_ip(req, size, t);
- nfct_build_tuple_proto(req, size, t);
-
- nfnl_nest_end(&req->nlh, nest);
-}
-
-static void nfct_build_protoinfo(struct nfnlhdr *req, int size,
- struct nfct_conntrack *ct)
-{
- struct nfattr *nest;
- struct nfct_proto *h;
-
- h = findproto(proto2str[ct->tuple[NFCT_DIR_ORIGINAL].protonum]);
- if (h && h->build_protoinfo) {
- nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
- h->build_protoinfo(req, size, ct);
- nfnl_nest_end(&req->nlh, nest);
- }
-}
-
-static void nfct_build_protonat(struct nfnlhdr *req, int size,
- struct nfct_conntrack *ct)
-{
- struct nfattr *nest;
-
- nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO);
-
- switch (ct->tuple[NFCT_DIR_ORIGINAL].protonum) {
-#if 0
- case IPPROTO_TCP:
- nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_TCP_MIN,
- &ct->nat.l4min.tcp.port, sizeof(u_int16_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_TCP_MAX,
- &ct->nat.l4max.tcp.port, sizeof(u_int16_t));
- break;
- case IPPROTO_UDP:
- nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_UDP_MIN,
- &ct->nat.l4min.udp.port, sizeof(u_int16_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_UDP_MAX,
- &ct->nat.l4max.udp.port, sizeof(u_int16_t));
- break;
-#endif
- }
- nfnl_nest_end(&req->nlh, nest);
-}
-
-static void nfct_build_nat(struct nfnlhdr *req, int size,
- struct nfct_conntrack *ct)
-{
- struct nfattr *nest;
-
- nest = nfnl_nest(&req->nlh, size, CTA_NAT);
-
- nfnl_addattr_l(&req->nlh, size, CTA_NAT_MINIP,
- &ct->nat.min_ip, sizeof(u_int32_t));
-
- if (ct->nat.min_ip != ct->nat.max_ip)
- nfnl_addattr_l(&req->nlh, size, CTA_NAT_MAXIP,
- &ct->nat.max_ip, sizeof(u_int32_t));
-
- if (ct->nat.l4min.all != ct->nat.l4max.all)
- nfct_build_protonat(req, size, ct);
-
- nfnl_nest_end(&req->nlh, nest);
-}
-
-void nfct_dump_tuple(struct nfct_tuple *tp)
-{
- struct in_addr src = { .s_addr = tp->src.v4 };
- struct in_addr dst = { .s_addr = tp->dst.v4 };
-
- fprintf(stdout, "tuple %p: %u %s:%hu -> ", tp, tp->protonum,
- inet_ntoa(src),
- ntohs(tp->l4src.all));
-
- fprintf(stdout, "%s:%hu\n", inet_ntoa(dst), ntohs(tp->l4dst.all));
-}
-
-static struct nfct_proto *findproto(char *name)
-{
- struct list_head *i;
- struct nfct_proto *cur = NULL, *handler = NULL;
-
- if (!name)
- return handler;
-
- list_for_each(i, &proto_list) {
- cur = (struct nfct_proto *) i;
- if (strcmp(cur->name, name) == 0) {
- handler = cur;
- break;
- }
- }
-
- if (!handler)
- fprintf(stderr, "libnetfilter_conntrack: "
- "cannot find %s handler\n", name);
-
- return handler;
-}
-
-static struct nfct_l3proto *findl3proto(char *name)
-{
- struct list_head *i;
- struct nfct_l3proto *cur = NULL, *handler = NULL;
-
- if (!name)
- return handler;
-
- list_for_each(i, &l3proto_list) {
- cur = (struct nfct_l3proto *) i;
- if (strcmp(cur->name, name) == 0) {
- handler = cur;
- break;
- }
- }
-
- if (!handler)
- fprintf(stderr, "libnetfilter_conntrack: "
- "cannot find %s handler\n", name);
-
- return handler;
-}
-
-int nfct_sprintf_status_assured(char *buf, struct nfct_conntrack *ct)
-{
- int size = 0;
-
- if (ct->status & IPS_ASSURED)
- size = sprintf(buf, "[ASSURED] ");
-
- return size;
-}
-
-int nfct_sprintf_status_seen_reply(char *buf, struct nfct_conntrack *ct)
-{
- int size = 0;
-
- if (!(ct->status & IPS_SEEN_REPLY))
- size = sprintf(buf, "[UNREPLIED] ");
-
- return size;
-}
-
-static void parse_ip(struct nfattr *attr, struct nfct_tuple *tuple)
-{
- struct nfattr *tb[CTA_IP_MAX];
- struct nfct_l3proto *h;
-
- nfnl_parse_nested(tb, CTA_IP_MAX, attr);
- h = findl3proto(l3proto2str[tuple->l3protonum]);
- if (h && h->parse_proto)
- h->parse_proto(tb, tuple);
-}
-
-static void parse_proto(struct nfattr *attr, struct nfct_tuple *tuple)
-{
- struct nfattr *tb[CTA_PROTO_MAX];
- struct nfct_proto *h;
-
- nfnl_parse_nested(tb, CTA_PROTO_MAX, attr);
- if (tb[CTA_PROTO_NUM-1])
- tuple->protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);
-
- h = findproto(proto2str[tuple->protonum]);
- if (h && h->parse_proto)
- h->parse_proto(tb, tuple);
-}
-
-static void parse_tuple(struct nfattr *attr, struct nfct_tuple *tuple)
-{
- struct nfattr *tb[CTA_TUPLE_MAX];
-
- nfnl_parse_nested(tb, CTA_TUPLE_MAX, attr);
-
- if (tb[CTA_TUPLE_IP-1])
- parse_ip(tb[CTA_TUPLE_IP-1], tuple);
- if (tb[CTA_TUPLE_PROTO-1])
- parse_proto(tb[CTA_TUPLE_PROTO-1], tuple);
-}
-
-static void parse_mask(struct nfattr *attr, struct nfct_tuple *tuple,
- u_int8_t l3protonum, u_int16_t protonum)
-{
- struct nfattr *cda[CTA_TUPLE_MAX];
-
- nfnl_parse_nested(cda, CTA_TUPLE_MAX, attr);
-
- if (cda[CTA_TUPLE_IP-1]) {
- struct nfattr *tb[CTA_IP_MAX];
- struct nfct_l3proto *h;
-
- nfnl_parse_nested(tb, CTA_IP_MAX, cda[CTA_TUPLE_IP-1]);
- h = findl3proto(l3proto2str[l3protonum]);
- if (h && h->parse_proto)
- h->parse_proto(tb, tuple);
- }
- if (cda[CTA_TUPLE_PROTO-1]) {
- struct nfattr *tb[CTA_PROTO_MAX];
- struct nfct_proto *h;
-
- nfnl_parse_nested(tb, CTA_PROTO_MAX, cda[CTA_TUPLE_PROTO-1]);
- if (tb[CTA_PROTO_NUM-1])
- tuple->protonum =
- *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);
-
- h = findproto(proto2str[protonum]);
- if (h && h->parse_proto)
- h->parse_proto(tb, tuple);
- }
-}
-
-static void parse_protoinfo(struct nfattr *attr, struct nfct_conntrack *ct)
-{
- struct nfattr *tb[CTA_PROTOINFO_MAX];
- struct nfct_proto *h;
-
- nfnl_parse_nested(tb,CTA_PROTOINFO_MAX, attr);
-
- h = findproto(proto2str[ct->tuple[NFCT_DIR_ORIGINAL].protonum]);
- if (h && h->parse_protoinfo)
- h->parse_protoinfo(tb, ct);
-}
-
-static void nfct_parse_counters(struct nfattr *attr,
- struct nfct_conntrack *ct,
- enum ctattr_type parent)
-{
- struct nfattr *tb[CTA_COUNTERS_MAX];
- int dir = (parent == CTA_COUNTERS_ORIG ? NFCT_DIR_REPLY
- : NFCT_DIR_ORIGINAL);
-
- nfnl_parse_nested(tb, CTA_COUNTERS_MAX, attr);
- if (tb[CTA_COUNTERS_PACKETS-1])
- ct->counters[dir].packets
- = __be64_to_cpu(*(u_int64_t *)
- NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]));
- if (tb[CTA_COUNTERS_BYTES-1])
- ct->counters[dir].bytes
- = __be64_to_cpu(*(u_int64_t *)
- NFA_DATA(tb[CTA_COUNTERS_BYTES-1]));
- if (tb[CTA_COUNTERS32_PACKETS-1])
- ct->counters[dir].packets
- = ntohl(*(u_int32_t *)
- NFA_DATA(tb[CTA_COUNTERS32_PACKETS-1]));
- if (tb[CTA_COUNTERS32_BYTES-1])
- ct->counters[dir].bytes
- = ntohl(*(u_int32_t *)
- NFA_DATA(tb[CTA_COUNTERS32_BYTES-1]));
-}
-
-static char *msgtype[] = {"[UNKNOWN]", "[NEW]", "[UPDATE]", "[DESTROY]"};
-
-static int typemsg2enum(u_int16_t type, u_int16_t flags)
-{
- int ret = NFCT_MSG_UNKNOWN;
-
- if (type == IPCTNL_MSG_CT_NEW) {
- if (flags & (NLM_F_CREATE|NLM_F_EXCL))
- ret = NFCT_MSG_NEW;
- else
- ret = NFCT_MSG_UPDATE;
- } else if (type == IPCTNL_MSG_CT_DELETE)
- ret = NFCT_MSG_DESTROY;
-
- return ret;
-}
-
-static int nfct_conntrack_netlink_handler(struct nfct_handle *cth,
- struct nlmsghdr *nlh, void *arg)
-{
- struct nfct_conntrack ct;
- unsigned int flags = 0;
- struct nfgenmsg *nfhdr = NLMSG_DATA(nlh);
- int type = NFNL_MSG_TYPE(nlh->nlmsg_type), ret = 0;
- int len = nlh->nlmsg_len;
- struct nfattr *cda[CTA_MAX];
-
- len -= NLMSG_LENGTH(sizeof(struct nfgenmsg));
- if (len < 0)
- return -EINVAL;
-
- memset(&ct, 0, sizeof(struct nfct_conntrack));
-
- ct.tuple[NFCT_DIR_ORIGINAL].l3protonum = nfhdr->nfgen_family;
- ct.tuple[NFCT_DIR_REPLY].l3protonum = nfhdr->nfgen_family;
-
- nfnl_parse_attr(cda, CTA_MAX, NFA_DATA(nfhdr), len);
-
- if (cda[CTA_TUPLE_ORIG-1])
- parse_tuple(cda[CTA_TUPLE_ORIG-1],
- &ct.tuple[NFCT_DIR_ORIGINAL]);
-
- if (cda[CTA_TUPLE_REPLY-1])
- parse_tuple(cda[CTA_TUPLE_REPLY-1],
- &ct.tuple[NFCT_DIR_REPLY]);
-
- if (cda[CTA_STATUS-1]) {
- ct.status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
- flags |= NFCT_STATUS;
- }
-
- if (cda[CTA_PROTOINFO-1]) {
- parse_protoinfo(cda[CTA_PROTOINFO-1], &ct);
- flags |= NFCT_PROTOINFO;
- }
-
- if (cda[CTA_TIMEOUT-1]) {
- ct.timeout = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1]));
- flags |= NFCT_TIMEOUT;
- }
-
- if (cda[CTA_MARK-1]) {
- ct.mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
- flags |= NFCT_MARK;
- }
-
- if (cda[CTA_COUNTERS_ORIG-1]) {
- nfct_parse_counters(cda[CTA_COUNTERS_ORIG-1], &ct,
- NFA_TYPE(cda[CTA_COUNTERS_ORIG-1])-1);
- flags |= NFCT_COUNTERS_ORIG;
- }
-
- if (cda[CTA_COUNTERS_REPLY-1]) {
- nfct_parse_counters(cda[CTA_COUNTERS_REPLY-1], &ct,
- NFA_TYPE(cda[CTA_COUNTERS_REPLY-1])-1);
- flags |= NFCT_COUNTERS_RPLY;
- }
-
- if (cda[CTA_USE-1]) {
- ct.use = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_USE-1]));
- flags |= NFCT_USE;
- }
-
- if (cda[CTA_ID-1]) {
- ct.id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_ID-1]));
- flags |= NFCT_ID;
- }
-
- if (cth->callback)
- ret = cth->callback((void *) &ct, flags,
- typemsg2enum(type, nlh->nlmsg_flags),
- cth->callback_data);
-
- return ret;
-}
-
-int nfct_sprintf_protocol(char *buf, struct nfct_conntrack *ct)
-{
- return (sprintf(buf, "%-8s %u ",
- proto2str[ct->tuple[NFCT_DIR_ORIGINAL].protonum] == NULL ?
- "unknown" : proto2str[ct->tuple[NFCT_DIR_ORIGINAL].protonum],
- ct->tuple[NFCT_DIR_ORIGINAL].protonum));
-}
-
-int nfct_sprintf_timeout(char *buf, struct nfct_conntrack *ct)
-{
- return sprintf(buf, "%u ", ct->timeout);
-}
-
-int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct)
-{
- int size = 0;
- struct nfct_proto *h = NULL;
-
- h = findproto(proto2str[ct->tuple[NFCT_DIR_ORIGINAL].protonum]);
- if (h && h->print_protoinfo)
- size += h->print_protoinfo(buf+size, &ct->protoinfo);
-
- return size;
-}
-
-int nfct_sprintf_address(char *buf, struct nfct_tuple *t)
-{
- int size = 0;
- struct nfct_l3proto *h;
-
- h = findl3proto(l3proto2str[t->l3protonum]);
- if (h && h->print_proto)
- size += h->print_proto(buf, t);
-
- return size;
-}
-
-int nfct_sprintf_proto(char *buf, struct nfct_tuple *t)
-{
- int size = 0;
- struct nfct_proto *h = NULL;
-
- h = findproto(proto2str[t->protonum]);
- if (h && h->print_proto)
- size += h->print_proto(buf, t);
-
- return size;
-}
-
-int nfct_sprintf_counters(char *buf, struct nfct_conntrack *ct, int dir)
-{
- return (sprintf(buf, "packets=%llu bytes=%llu ",
- (unsigned long long) ct->counters[dir].packets,
- (unsigned long long) ct->counters[dir].bytes));
-}
-
-int nfct_sprintf_mark(char *buf, struct nfct_conntrack *ct)
-{
- return (sprintf(buf, "mark=%u ", ct->mark));
-}
-
-int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct)
-{
- return (sprintf(buf, "use=%u ", ct->use));
-}
-
-int nfct_sprintf_id(char *buf, u_int32_t id)
-{
- return (sprintf(buf, "id=%u ", id));
-}
-
-int nfct_sprintf_conntrack(char *buf, struct nfct_conntrack *ct,
- unsigned int flags)
-{
- int size = 0;
-
- size += nfct_sprintf_protocol(buf, ct);
-
- if (flags & NFCT_TIMEOUT)
- size += nfct_sprintf_timeout(buf+size, ct);
-
- if (flags & NFCT_PROTOINFO)
- size += nfct_sprintf_protoinfo(buf+size, ct);
-
- size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
- size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
-
- if (flags & NFCT_COUNTERS_ORIG)
- size += nfct_sprintf_counters(buf+size, ct, NFCT_DIR_ORIGINAL);
-
- if (flags & NFCT_STATUS)
- size += nfct_sprintf_status_seen_reply(buf+size, ct);
-
- size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_REPLY]);
- size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_REPLY]);
-
- if (flags & NFCT_COUNTERS_RPLY)
- size += nfct_sprintf_counters(buf+size, ct, NFCT_DIR_REPLY);
-
- if (flags & NFCT_STATUS)
- size += nfct_sprintf_status_assured(buf+size, ct);
-
- if (flags & NFCT_MARK)
- size += nfct_sprintf_mark(buf+size, ct);
-
- if (flags & NFCT_USE)
- size += nfct_sprintf_use(buf+size, ct);
-
- /* Delete the last blank space */
- size--;
-
- return size;
-}
-
-int nfct_sprintf_conntrack_id(char *buf, struct nfct_conntrack *ct,
- unsigned int flags)
-{
- int size;
-
- /* add a blank space, that's why the add 1 to the size */
- size = nfct_sprintf_conntrack(buf, ct, flags) + 1;
- if (flags & NFCT_ID)
- size += nfct_sprintf_id(buf+size, ct->id);
-
- /* Delete the last blank space */
- return --size;
-}
-
-int nfct_default_conntrack_display(void *arg, unsigned int flags, int type,
- void *data)
-{
- char buf[512];
- int size;
- struct nfct_conntrack_compare *cmp = data;
-
- if (cmp && !nfct_conntrack_compare(cmp->ct, arg, cmp))
- return 0;
-
- memset(buf, 0, sizeof(buf));
- size = nfct_sprintf_conntrack(buf, arg, flags);
- sprintf(buf+size, "\n");
- fprintf(stdout, buf);
-
- return 0;
-}
-
-int nfct_default_conntrack_display_id(void *arg, unsigned int flags, int type,
- void *data)
-{
- char buf[512];
- int size;
- struct nfct_conntrack_compare *cmp = data;
-
- if (cmp && !nfct_conntrack_compare(cmp->ct, arg, cmp))
- return 0;
-
- memset(buf, 0, sizeof(buf));
- size = nfct_sprintf_conntrack_id(buf, arg, flags);
- sprintf(buf+size, "\n");
- fprintf(stdout, buf);
-
- return 0;
-}
-
-int nfct_default_conntrack_event_display(void *arg, unsigned int flags,
- int type, void *data)
-{
- char buf[512];
- int size;
- struct nfct_conntrack_compare *cmp = data;
-
- if (cmp && !nfct_conntrack_compare(cmp->ct, arg, cmp))
- return 0;
-
- memset(buf, 0, sizeof(buf));
- size = sprintf(buf, "%9s ", msgtype[type]);
- size += nfct_sprintf_conntrack_id(buf + size, arg, flags);
- sprintf(buf+size, "\n");
- fprintf(stdout, buf);
- fflush(stdout);
-
- return 0;
-}
-
-int nfct_sprintf_expect_proto(char *buf, struct nfct_expect *exp)
-{
- return(sprintf(buf, "%u proto=%d ", exp->timeout,
- exp->tuple.protonum));
-}
-
-int nfct_sprintf_expect(char *buf, struct nfct_expect *exp)
-{
- int size = 0;
-
- size = nfct_sprintf_expect_proto(buf, exp);
- size += nfct_sprintf_address(buf+size, &exp->tuple);
- size += nfct_sprintf_proto(buf+size, &exp->tuple);
-
- /* remove last blank space */
- return --size;
-}
-
-int nfct_sprintf_expect_id(char *buf, struct nfct_expect *exp)
-{
- int size = 0;
-
- /* add a blank space, that's why the add 1 to the size */
- size = nfct_sprintf_expect(buf, exp) + 1;
- size += nfct_sprintf_id(buf+size, exp->id);
-
- /* remove last blank space */
- return --size;
-}
-
-int nfct_default_expect_display(void *arg, unsigned int flags, int type,
- void *data)
-{
- char buf[256];
- int size = 0;
-
- memset(buf, 0, sizeof(buf));
- size = nfct_sprintf_expect(buf, arg);
- sprintf(buf+size, "\n");
- fprintf(stdout, buf);
-
- return 0;
-}
-
-int nfct_default_expect_display_id(void *arg, unsigned int flags, int type,
- void *data)
-{
- char buf[256];
- int size = 0;
-
- size = nfct_sprintf_expect_id(buf, arg);
- sprintf(buf+size, "\n");
- fprintf(stdout, buf);
-
- return 0;
-}
-
-static int nfct_expect_netlink_handler(struct nfct_handle *cth,
- struct nlmsghdr *nlh, void *arg)
-{
- struct nfgenmsg *nfhdr = NLMSG_DATA(nlh);
- struct nfct_expect exp;
- int type = NFNL_MSG_TYPE(nlh->nlmsg_type), ret = 0;
- int len = nlh->nlmsg_len;
- struct nfattr *cda[CTA_EXPECT_MAX];
-
- len -= NLMSG_LENGTH(sizeof(struct nfgenmsg));
- if (len < 0)
- return -EINVAL;
-
- memset(&exp, 0, sizeof(struct nfct_expect));
-
- exp.tuple.l3protonum = nfhdr->nfgen_family;
-
- nfnl_parse_attr(cda, CTA_EXPECT_MAX, NFA_DATA(nfhdr), len);
-
- if (cda[CTA_EXPECT_TUPLE-1])
- parse_tuple(cda[CTA_EXPECT_TUPLE-1], &exp.tuple);
-
- if (cda[CTA_EXPECT_MASK-1])
- parse_mask(cda[CTA_EXPECT_MASK-1], &exp.mask,
- exp.tuple.l3protonum, exp.tuple.protonum);
-
- if (cda[CTA_EXPECT_TIMEOUT-1])
- exp.timeout = ntohl(*(u_int32_t *)
- NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1]));
-
- if (cda[CTA_EXPECT_ID-1])
- exp.id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]));
-
- if (cth->callback)
- ret = cth->callback((void *)&exp, 0,
- typemsg2enum(type, nlh->nlmsg_flags),
- cth->callback_data);
-
- return 0;
-}
-
-struct nfct_conntrack *
-nfct_conntrack_alloc(struct nfct_tuple *orig, struct nfct_tuple *reply,
- u_int32_t timeout, union nfct_protoinfo *proto,
- u_int32_t status, u_int32_t mark,
- u_int32_t id, struct nfct_nat *range)
-{
- struct nfct_conntrack *ct;
-
- ct = malloc(sizeof(struct nfct_conntrack));
- if (!ct)
- return NULL;
- memset(ct, 0, sizeof(struct nfct_conntrack));
-
- ct->tuple[NFCT_DIR_ORIGINAL] = *orig;
- ct->tuple[NFCT_DIR_REPLY] = *reply;
- ct->timeout = timeout;
- ct->status = status;
- ct->protoinfo = *proto;
- ct->mark = mark;
- if (id != NFCT_ANY_ID)
- ct->id = id;
- if (range)
- ct->nat = *range;
-
- return ct;
-}
-
-void nfct_conntrack_free(struct nfct_conntrack *ct)
-{
- free(ct);
-}
-
-#define L3PROTONUM(ct) ct->tuple[NFCT_DIR_ORIGINAL].l3protonum
-#define L4PROTONUM(ct) ct->tuple[NFCT_DIR_ORIGINAL].protonum
-
-int nfct_conntrack_compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- struct nfct_conntrack_compare *cmp)
-{
- struct nfct_l3proto *l3proto;
- struct nfct_proto *proto;
- unsigned int l3flags = cmp->l3flags;
- unsigned int l4flags = cmp->l4flags;
- unsigned int flags = cmp->flags;
-
- if ((flags & NFCT_MARK) && (ct1->mark != ct2->mark))
- return 0;
-
- if (l3flags) {
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l3protonum != AF_UNSPEC &&
- ct2->tuple[NFCT_DIR_ORIGINAL].l3protonum != AF_UNSPEC &&
- ct1->tuple[NFCT_DIR_ORIGINAL].l3protonum !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l3protonum)
- return 0;
- if (ct1->tuple[NFCT_DIR_REPLY].l3protonum != AF_UNSPEC &&
- ct2->tuple[NFCT_DIR_REPLY].l3protonum != AF_UNSPEC &&
- ct1->tuple[NFCT_DIR_REPLY].l3protonum !=
- ct2->tuple[NFCT_DIR_REPLY].l3protonum)
- return 0;
- l3proto = findl3proto(l3proto2str[L3PROTONUM(ct1)]);
- if (l3proto && !l3proto->compare(ct1, ct2, l3flags))
- return 0;
- }
-
- if (l4flags) {
- if (ct1->tuple[NFCT_DIR_ORIGINAL].protonum != 0 &&
- ct2->tuple[NFCT_DIR_ORIGINAL].protonum != 0 &&
- ct1->tuple[NFCT_DIR_ORIGINAL].protonum !=
- ct2->tuple[NFCT_DIR_ORIGINAL].protonum)
- return 0;
- if (ct1->tuple[NFCT_DIR_REPLY].protonum != 0 &&
- ct2->tuple[NFCT_DIR_REPLY].protonum != 0 &&
- ct1->tuple[NFCT_DIR_REPLY].protonum !=
- ct2->tuple[NFCT_DIR_REPLY].protonum)
- return 0;
- proto = findproto(proto2str[L4PROTONUM(ct1)]);
- if (proto && !proto->compare(ct1, ct2, l4flags))
- return 0;
- }
-
- return 1;
-}
-
-int nfct_create_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct)
-{
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
- u_int32_t timeout = htonl(ct->timeout);
- u_int32_t mark = htonl(ct->mark);
- u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
-
- req = (void *) buf;
-
- memset(buf, 0, sizeof(buf));
-
- nfnl_fill_hdr(cth->nfnlssh_ct, &req->nlh, 0, l3num, 0,
- IPCTNL_MSG_CT_NEW,
- NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL);
-
- nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_ORIGINAL],
- CTA_TUPLE_ORIG);
- nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_REPLY],
- CTA_TUPLE_REPLY);
-
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_STATUS, &status,
- sizeof(u_int32_t));
-
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout,
- sizeof(u_int32_t));
-
- if (ct->mark != 0)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
- sizeof(u_int32_t));
-
- nfct_build_protoinfo(req, sizeof(buf), ct);
- if (ct->nat.min_ip != 0)
- nfct_build_nat(req, sizeof(buf), ct);
-
- return nfnl_talk(cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_update_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct)
-{
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
- u_int32_t timeout = htonl(ct->timeout);
- u_int32_t id = htonl(ct->id);
- u_int32_t mark = htonl(ct->mark);
- u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
-
- req = (void *) &buf;
- memset(&buf, 0, sizeof(buf));
-
- nfnl_fill_hdr(cth->nfnlssh_ct, &req->nlh, 0, l3num, 0,
- IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_ACK);
-
- nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_ORIGINAL],
- CTA_TUPLE_ORIG);
- nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_REPLY],
- CTA_TUPLE_REPLY);
-
- if (ct->status != 0)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_STATUS, &status,
- sizeof(u_int32_t));
-
- if (ct->timeout != 0)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout,
- sizeof(u_int32_t));
-
- if (ct->mark != 0)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
- sizeof(u_int32_t));
-
- if (ct->id != NFCT_ANY_ID)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id,
- sizeof(u_int32_t));
-
- nfct_build_protoinfo(req, sizeof(buf), ct);
-
- return nfnl_talk(cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple,
- int dir, u_int32_t id)
-{
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG;
- u_int8_t l3num = tuple->l3protonum;
-
- req = (void *) &buf;
- memset(&buf, 0, sizeof(buf));
-
- nfnl_fill_hdr(cth->nfnlssh_ct, &req->nlh, 0,
- l3num, 0, IPCTNL_MSG_CT_DELETE,
- NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_ACK);
-
- nfct_build_tuple(req, sizeof(buf), tuple, type);
-
- if (id != NFCT_ANY_ID) {
- id = htonl(id); /* to network byte order */
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id,
- sizeof(u_int32_t));
- }
-
- return nfnl_talk(cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple,
- int dir, u_int32_t id)
-{
- int err;
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG;
- u_int8_t l3num = tuple->l3protonum;
-
- cth->handler = nfct_conntrack_netlink_handler;
-
- memset(&buf, 0, sizeof(buf));
- req = (void *) &buf;
-
- nfnl_fill_hdr(cth->nfnlssh_ct, &req->nlh, 0,
- l3num, 0, IPCTNL_MSG_CT_GET,
- NLM_F_REQUEST|NLM_F_ACK);
-
- nfct_build_tuple(req, sizeof(buf), tuple, type);
-
- if (id != NFCT_ANY_ID) {
- id = htonl(id); /* to network byte order */
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id,
- sizeof(u_int32_t));
- }
-
- err = nfnl_send(cth->nfnlh, &req->nlh);
- if (err < 0)
- return err;
-
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-static int __nfct_dump_conntrack_table(struct nfct_handle *cth, int zero,
- int family)
-{
- int err, msg;
- struct nfnlhdr req;
-
- memset(&req, 0, sizeof(req));
- cth->handler = nfct_conntrack_netlink_handler;
-
- if (zero)
- msg = IPCTNL_MSG_CT_GET_CTRZERO;
- else
- msg = IPCTNL_MSG_CT_GET;
-
- nfnl_fill_hdr(cth->nfnlssh_ct, &req.nlh, 0, family, 0,
- msg, NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_DUMP);
-
- err = nfnl_send(cth->nfnlh, &req.nlh);
- if (err < 0)
- return err;
-
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-int nfct_dump_conntrack_table(struct nfct_handle *cth, int family)
-{
- return(__nfct_dump_conntrack_table(cth, 0, family));
-}
-
-int nfct_dump_conntrack_table_reset_counters(struct nfct_handle *cth,
- int family)
-{
- return(__nfct_dump_conntrack_table(cth, 1, family));
-}
-
-int nfct_event_conntrack(struct nfct_handle *cth)
-{
- cth->handler = nfct_conntrack_netlink_handler;
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-void nfct_register_proto(struct nfct_proto *h)
-{
- if (strcmp(h->version, VERSION) != 0) {
- fprintf(stderr, "plugin `%s': version %s (I'm %s)\n",
- h->name, h->version, VERSION);
- exit(1);
- }
- list_add(&h->head, &proto_list);
-}
-
-void nfct_register_l3proto(struct nfct_l3proto *h)
-{
- if (strcmp(h->version, VERSION) != 0) {
- fprintf(stderr, "plugin `%s': version %s (I'm %s)\n",
- h->name, h->version, VERSION);
- exit(1);
- }
- list_add(&h->head, &l3proto_list);
-}
-
-int nfct_dump_expect_list(struct nfct_handle *cth, int family)
-{
- int err;
- struct nfnlhdr req;
-
- memset(&req, 0, sizeof(req));
-
- cth->handler = nfct_expect_netlink_handler;
- nfnl_fill_hdr(cth->nfnlssh_exp, &req.nlh, 0, family, 0,
- IPCTNL_MSG_EXP_GET, NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST);
-
- err = nfnl_send(cth->nfnlh, &req.nlh);
- if (err < 0)
- return err;
-
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-int nfct_flush_conntrack_table(struct nfct_handle *cth, int family)
-{
- struct nfnlhdr req;
-
- memset(&req, 0, sizeof(req));
-
- nfnl_fill_hdr(cth->nfnlssh_ct, (struct nlmsghdr *) &req,
- 0, family, 0, IPCTNL_MSG_CT_DELETE,
- NLM_F_REQUEST|NLM_F_ACK);
-
- return nfnl_talk(cth->nfnlh, &req.nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_get_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple,
- u_int32_t id)
-{
- int err;
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- u_int8_t l3num = tuple->l3protonum;
-
- memset(&buf, 0, sizeof(buf));
- req = (void *) &buf;
-
- nfnl_fill_hdr(cth->nfnlssh_exp, &req->nlh, 0, l3num, 0,
- IPCTNL_MSG_EXP_GET,
- NLM_F_REQUEST|NLM_F_ACK);
-
- cth->handler = nfct_expect_netlink_handler;
- nfct_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_MASTER);
-
- if (id != NFCT_ANY_ID)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_ID, &id,
- sizeof(u_int32_t));
-
- err = nfnl_send(cth->nfnlh, &req->nlh);
- if (err < 0)
- return err;
-
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-struct nfct_expect *
-nfct_expect_alloc(struct nfct_tuple *master, struct nfct_tuple *tuple,
- struct nfct_tuple *mask, u_int32_t timeout,
- u_int32_t id)
-{
- struct nfct_expect *exp;
-
- exp = malloc(sizeof(struct nfct_expect));
- if (!exp)
- return NULL;
- memset(exp, 0, sizeof(struct nfct_expect));
-
- exp->master = *master;
- exp->tuple = *tuple;
- exp->mask = *mask;
- exp->timeout = timeout;
- if (id != NFCT_ANY_ID)
- exp->id = htonl(id);
-
- return exp;
-}
-
-void nfct_expect_free(struct nfct_expect *exp)
-{
- free(exp);
-}
-
-int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *exp)
-{
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- req = (void *) &buf;
- u_int8_t l3num = exp->tuple.l3protonum;
- u_int32_t timeout;
- u_int16_t queuenr;
-
- memset(&buf, 0, sizeof(buf));
-
- nfnl_fill_hdr(cth->nfnlssh_exp, &req->nlh, 0, l3num, 0,
- IPCTNL_MSG_EXP_NEW,
- NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK);
-
- nfct_build_tuple(req, sizeof(buf), &exp->master, CTA_EXPECT_MASTER);
- nfct_build_tuple(req, sizeof(buf), &exp->tuple, CTA_EXPECT_TUPLE);
- nfct_build_tuple(req, sizeof(buf), &exp->mask, CTA_EXPECT_MASK);
-
- timeout = htonl(exp->timeout);
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_TIMEOUT,
- &timeout, sizeof(u_int32_t));
-
- queuenr = htons(exp->expectfn_queue_id);
- if (queuenr)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_QUEUENR,
- &queuenr, sizeof(u_int16_t));
-
- return nfnl_talk(cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_delete_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple,
- u_int32_t id)
-{
- struct nfnlhdr *req;
- char buf[NFCT_BUFSIZE];
- u_int8_t l3num = tuple->l3protonum;
-
- memset(&buf, 0, sizeof(buf));
- req = (void *) &buf;
-
- nfnl_fill_hdr(cth->nfnlssh_exp, &req->nlh, 0, l3num,
- 0, IPCTNL_MSG_EXP_DELETE,
- NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST|NLM_F_ACK);
-
- nfct_build_tuple(req, sizeof(buf), tuple, CTA_EXPECT_MASTER);
-
- if (id != NFCT_ANY_ID)
- nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_ID, &id,
- sizeof(u_int32_t));
-
- return nfnl_talk(cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL);
-}
-
-int nfct_event_expectation(struct nfct_handle *cth)
-{
- cth->handler = nfct_expect_netlink_handler;
- return nfnl_listen(cth->nfnlh, &callback_handler, cth);
-}
-
-int nfct_flush_expectation_table(struct nfct_handle *cth, int family)
-{
- struct nfnlhdr req;
-
- memset(&req, 0, sizeof(req));
-
- nfnl_fill_hdr(cth->nfnlssh_exp, (struct nlmsghdr *) &req,
- 0, family, 0, IPCTNL_MSG_EXP_DELETE,
- NLM_F_REQUEST|NLM_F_ACK);
-
- return nfnl_talk(cth->nfnlh, &req.nlh, 0, 0, NULL, NULL, NULL);
-}
-
diff --git a/src/deprecated/Makefile.am b/src/deprecated/Makefile.am
deleted file mode 100644
index eedaefd..0000000
--- a/src/deprecated/Makefile.am
+++ /dev/null
@@ -1,3 +0,0 @@
-include $(top_srcdir)/Make_global.am
-
-SUBDIRS=extensions l3extensions
diff --git a/src/deprecated/extensions/Makefile.am b/src/deprecated/extensions/Makefile.am
deleted file mode 100644
index e44525b..0000000
--- a/src/deprecated/extensions/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-include $(top_srcdir)/Make_global.am
-
-AUTOMAKE_OPTIONS = no-dependencies foreign
-
-AM_CFLAGS=-fPIC -Wall
-LIBS= @LIBNFCONNTRACK_LIBS@
-
-noinst_LTLIBRARIES = libnfct_proto_tcp.la libnfct_proto_udp.la \
- libnfct_proto_icmp.la libnfct_proto_sctp.la
-
-libnfct_proto_tcp_la_SOURCES = libnetfilter_conntrack_tcp.c
-libnfct_proto_udp_la_SOURCES = libnetfilter_conntrack_udp.c
-libnfct_proto_icmp_la_SOURCES = libnetfilter_conntrack_icmp.c
-libnfct_proto_sctp_la_SOURCES = libnetfilter_conntrack_sctp.c
diff --git a/src/deprecated/extensions/libnetfilter_conntrack_icmp.c b/src/deprecated/extensions/libnetfilter_conntrack_icmp.c
deleted file mode 100644
index d15d7a1..0000000
--- a/src/deprecated/extensions/libnetfilter_conntrack_icmp.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-#include <stdio.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h> /* For htons */
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_icmp.h>
-
-#include "internal/deprecated.h"
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_PROTO_ICMP_TYPE-1])
- tuple->l4dst.icmp.type =
- *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_TYPE-1]);
-
- if (cda[CTA_PROTO_ICMP_CODE-1])
- tuple->l4dst.icmp.code =
- *(u_int8_t *)NFA_DATA(cda[CTA_PROTO_ICMP_CODE-1]);
-
- if (cda[CTA_PROTO_ICMP_ID-1])
- tuple->l4src.icmp.id =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_ICMP_ID-1]);
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_CODE,
- &t->l4dst.icmp.code, sizeof(u_int8_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_TYPE,
- &t->l4dst.icmp.type, sizeof(u_int8_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_ICMP_ID,
- &t->l4src.icmp.id, sizeof(u_int16_t));
-}
-
-static int print_proto(char *buf, struct nfct_tuple *t)
-{
- /* The ID only makes sense some ICMP messages but we want to
- * display the same output that /proc/net/ip_conntrack does */
- return (sprintf(buf, "type=%d code=%d id=%d ",t->l4dst.icmp.type,
- t->l4dst.icmp.code,
- ntohs(t->l4src.icmp.id)));
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & ICMP_TYPE)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.type)
- return 0;
- if (flags & ICMP_CODE)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.icmp.code)
- return 0;
- if (flags & ICMP_ID)
- if (ct1->tuple[NFCT_DIR_REPLY].l4src.icmp.id !=
- ct2->tuple[NFCT_DIR_REPLY].l4src.icmp.id)
- return 0;
-
- return 1;
-}
-
-struct nfct_proto icmp = {
- .name = "icmp",
- .protonum = IPPROTO_ICMP,
- .parse_proto = parse_proto,
- .build_tuple_proto = build_tuple_proto,
- .print_proto = print_proto,
- .compare = compare,
- .version = VERSION
-};
diff --git a/src/deprecated/extensions/libnetfilter_conntrack_sctp.c b/src/deprecated/extensions/libnetfilter_conntrack_sctp.c
deleted file mode 100644
index 1fa63a5..0000000
--- a/src/deprecated/extensions/libnetfilter_conntrack_sctp.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-#include <stdio.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h> /* For htons */
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_sctp.h>
-
-#include "internal/deprecated.h"
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_PROTO_SRC_PORT-1])
- tuple->l4src.sctp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
- if (cda[CTA_PROTO_DST_PORT-1])
- tuple->l4dst.sctp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
-}
-
-static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
-{
-/* if (cda[CTA_PROTOINFO_SCTP_STATE-1])
- ct->protoinfo.sctp.state =
- *(u_int8_t *)NFA_DATA(cda[CTA_PROTOINFO_SCTP_STATE-1]);
-*/
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT,
- &t->l4src.sctp.port, sizeof(u_int16_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT,
- &t->l4dst.sctp.port, sizeof(u_int16_t));
-}
-
-static int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo)
-{
-/* fprintf(stdout, "%s ", states[protoinfo->sctp.state]); */
- return 0;
-}
-
-static int print_proto(char *buf, struct nfct_tuple *tuple)
-{
- return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.sctp.port),
- htons(tuple->l4dst.sctp.port)));
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & SCTP_ORIG_SPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4src.sctp.port)
- return 0;
- if (flags & SCTP_ORIG_DPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.sctp.port)
- return 0;
- if (flags & SCTP_REPL_SPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4src.sctp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4src.sctp.port)
- return 0;
- if (flags & SCTP_REPL_DPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4dst.sctp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4dst.sctp.port)
- return 0;
-
- return 1;
-}
-
-struct nfct_proto sctp = {
- .name = "sctp",
- .protonum = IPPROTO_SCTP,
- .parse_proto = parse_proto,
- .parse_protoinfo = parse_protoinfo,
- .build_tuple_proto = build_tuple_proto,
- .print_proto = print_proto,
- .print_protoinfo = print_protoinfo,
- .compare = compare,
- .version = VERSION
-};
diff --git a/src/deprecated/extensions/libnetfilter_conntrack_tcp.c b/src/deprecated/extensions/libnetfilter_conntrack_tcp.c
deleted file mode 100644
index 60447fe..0000000
--- a/src/deprecated/extensions/libnetfilter_conntrack_tcp.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-#include <stdio.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h> /* For htons */
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
-
-#include "internal/deprecated.h"
-
-static const char *states[] = {
- "NONE",
- "SYN_SENT",
- "SYN_RECV",
- "ESTABLISHED",
- "FIN_WAIT",
- "CLOSE_WAIT",
- "LAST_ACK",
- "TIME_WAIT",
- "CLOSE",
- "LISTEN"
-};
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_PROTO_SRC_PORT-1])
- tuple->l4src.tcp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
- if (cda[CTA_PROTO_DST_PORT-1])
- tuple->l4dst.tcp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
-}
-
-static void parse_protoinfo(struct nfattr *cda[], struct nfct_conntrack *ct)
-{
- struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
-
- /*
- * Listen to me carefully: This is easy to trigger with events ;).
- * The conntrack event messages don't always contain all the
- * information about a conntrack, just those fields that have changed.
- * So you can receive a message about a TCP connection with no bits
- * talking about the private protocol information.
- *
- * --pablo 05/10/31
- */
- if (!cda[CTA_PROTOINFO_TCP-1])
- return;
-
- nfnl_parse_nested(tb,CTA_PROTOINFO_TCP_MAX, cda[CTA_PROTOINFO_TCP-1]);
-
- if (tb[CTA_PROTOINFO_TCP_STATE-1])
- ct->protoinfo.tcp.state =
- *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT,
- &t->l4src.tcp.port, sizeof(u_int16_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT,
- &t->l4dst.tcp.port, sizeof(u_int16_t));
-}
-
-static void build_protoinfo(struct nfnlhdr *req, int size,
- struct nfct_conntrack *ct)
-{
- struct nfattr *nest_proto;
-
- nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
- nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE,
- &ct->protoinfo.tcp.state, sizeof(u_int8_t));
- nfnl_nest_end(&req->nlh, nest_proto);
-}
-
-static int print_protoinfo(char *buf, union nfct_protoinfo *protoinfo)
-{
- return(sprintf(buf, "%s ", states[protoinfo->tcp.state]));
-}
-
-static int print_proto(char *buf, struct nfct_tuple *tuple)
-{
- return(sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.tcp.port),
- htons(tuple->l4dst.tcp.port)));
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & TCP_ORIG_SPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4src.tcp.port)
- return 0;
- if (flags & TCP_ORIG_DPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.tcp.port)
- return 0;
- if (flags & TCP_REPL_SPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4src.tcp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4src.tcp.port)
- return 0;
- if (flags & TCP_REPL_DPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4dst.tcp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4dst.tcp.port)
- return 0;
- if (flags & TCP_STATE)
- if (ct1->protoinfo.tcp.state != ct2->protoinfo.tcp.state)
- return 0;
-
- return 1;
-}
-
-struct nfct_proto tcp = {
- .name = "tcp",
- .protonum = IPPROTO_TCP,
- .parse_protoinfo = parse_protoinfo,
- .parse_proto = parse_proto,
- .build_tuple_proto = build_tuple_proto,
- .build_protoinfo = build_protoinfo,
- .print_protoinfo = print_protoinfo,
- .print_proto = print_proto,
- .compare = compare,
- .version = VERSION
-};
diff --git a/src/deprecated/extensions/libnetfilter_conntrack_udp.c b/src/deprecated/extensions/libnetfilter_conntrack_udp.c
deleted file mode 100644
index 522c0ae..0000000
--- a/src/deprecated/extensions/libnetfilter_conntrack_udp.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- */
-#include <stdio.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h> /* For htons */
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_udp.h>
-
-#include "internal/deprecated.h"
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_PROTO_SRC_PORT-1])
- tuple->l4src.udp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_SRC_PORT-1]);
- if (cda[CTA_PROTO_DST_PORT-1])
- tuple->l4dst.udp.port =
- *(u_int16_t *)NFA_DATA(cda[CTA_PROTO_DST_PORT-1]);
-}
-
-static int print_proto(char *buf, struct nfct_tuple *tuple)
-{
- return (sprintf(buf, "sport=%u dport=%u ", htons(tuple->l4src.udp.port),
- htons(tuple->l4dst.udp.port)));
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT,
- &t->l4src.udp.port, sizeof(u_int16_t));
- nfnl_addattr_l(&req->nlh, size, CTA_PROTO_DST_PORT,
- &t->l4dst.udp.port, sizeof(u_int16_t));
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & UDP_ORIG_SPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4src.udp.port)
- return 0;
- if (flags & UDP_ORIG_DPORT)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l4dst.udp.port)
- return 0;
- if (flags & UDP_REPL_SPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4src.udp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4src.udp.port)
- return 0;
- if (flags & UDP_REPL_DPORT)
- if (ct1->tuple[NFCT_DIR_REPLY].l4dst.udp.port !=
- ct2->tuple[NFCT_DIR_REPLY].l4dst.udp.port)
- return 0;
-
- return 1;
-}
-
-struct nfct_proto udp = {
- .name = "udp",
- .protonum = IPPROTO_UDP,
- .build_tuple_proto = build_tuple_proto,
- .parse_proto = parse_proto,
- .print_proto = print_proto,
- .compare = compare,
- .version = VERSION,
-};
diff --git a/src/deprecated/l3extensions/Makefile.am b/src/deprecated/l3extensions/Makefile.am
deleted file mode 100644
index f8cb0a2..0000000
--- a/src/deprecated/l3extensions/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-include $(top_srcdir)/Make_global.am
-
-AM_CFLAGS=-fPIC -Wall
-LIBS = @LIBNFCONNTRACK_LIBS@
-
-noinst_LTLIBRARIES = libnfct_l3proto_ipv4.la libnfct_l3proto_ipv6.la
-
-libnfct_l3proto_ipv4_la_SOURCES = libnetfilter_conntrack_ipv4.c
-libnfct_l3proto_ipv6_la_SOURCES = libnetfilter_conntrack_ipv6.c
diff --git a/src/deprecated/l3extensions/libnetfilter_conntrack_ipv4.c b/src/deprecated/l3extensions/libnetfilter_conntrack_ipv4.c
deleted file mode 100644
index fb84a6f..0000000
--- a/src/deprecated/l3extensions/libnetfilter_conntrack_ipv4.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-#include <stdio.h>
-#include <arpa/inet.h>
-#include <netinet/in.h> /* For htons */
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_ipv4.h>
-
-#include "internal/deprecated.h"
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_IP_V4_SRC-1])
- tuple->src.v4 = *(u_int32_t *)NFA_DATA(cda[CTA_IP_V4_SRC-1]);
-
- if (cda[CTA_IP_V4_DST-1])
- tuple->dst.v4 = *(u_int32_t *)NFA_DATA(cda[CTA_IP_V4_DST-1]);
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_IP_V4_SRC, &t->src.v4,
- sizeof(u_int32_t));
- nfnl_addattr_l(&req->nlh, size, CTA_IP_V4_DST, &t->dst.v4,
- sizeof(u_int32_t));
-}
-
-static int print_proto(char *buf, struct nfct_tuple *tuple)
-{
- struct in_addr src = { .s_addr = tuple->src.v4 };
- struct in_addr dst = { .s_addr = tuple->dst.v4 };
- int size;
-
- size = sprintf(buf, "src=%s ", inet_ntoa(src));
- size += sprintf(buf+size, "dst=%s ", inet_ntoa(dst));
-
- return size;
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & IPV4_ORIG)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l3protonum !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l3protonum)
- return 0;
- if (flags & IPV4_REPL)
- if (ct1->tuple[NFCT_DIR_REPLY].l3protonum !=
- ct2->tuple[NFCT_DIR_REPLY].l3protonum)
- return 0;
- if (flags & IPV4_ORIG_SRC)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].src.v4 !=
- ct2->tuple[NFCT_DIR_ORIGINAL].src.v4)
- return 0;
- if (flags & IPV4_ORIG_DST)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].dst.v4 !=
- ct2->tuple[NFCT_DIR_ORIGINAL].dst.v4)
- return 0;
- if (flags & IPV4_REPL_SRC)
- if (ct1->tuple[NFCT_DIR_REPLY].src.v4 !=
- ct2->tuple[NFCT_DIR_REPLY].src.v4)
- return 0;
- if (flags & IPV4_REPL_DST)
- if (ct1->tuple[NFCT_DIR_REPLY].dst.v4 !=
- ct2->tuple[NFCT_DIR_REPLY].dst.v4)
- return 0;
-
- return 1;
-}
-
-struct nfct_l3proto ipv4 = {
- .name = "ipv4",
- .protonum = AF_INET,
- .parse_proto = parse_proto,
- .build_tuple_proto = build_tuple_proto,
- .print_proto = print_proto,
- .compare = compare,
- .version = VERSION
-};
diff --git a/src/deprecated/l3extensions/libnetfilter_conntrack_ipv6.c b/src/deprecated/l3extensions/libnetfilter_conntrack_ipv6.c
deleted file mode 100644
index dc13395..0000000
--- a/src/deprecated/l3extensions/libnetfilter_conntrack_ipv6.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * (C) 2005 by Pablo Neira Ayuso <pablo at netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-#include <stdio.h>
-#include <getopt.h>
-#include <stdlib.h>
-#include <string.h>
-#include <netinet/in.h> /* For htons */
-#include <arpa/inet.h>
-#include <libnetfilter_conntrack/linux_nfnetlink_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_ipv6.h>
-
-#include "internal/deprecated.h"
-
-#ifndef HAVE_INET_NTOP_IPV6
-#warning "inet_ntop does not support IPv6"
-#endif
-
-static void parse_proto(struct nfattr *cda[], struct nfct_tuple *tuple)
-{
- if (cda[CTA_IP_V6_SRC-1])
- memcpy(tuple->src.v6, NFA_DATA(cda[CTA_IP_V6_SRC-1]),
- sizeof(u_int32_t)*4);
-
- if (cda[CTA_IP_V6_DST-1])
- memcpy(tuple->dst.v6, NFA_DATA(cda[CTA_IP_V6_DST-1]),
- sizeof(u_int32_t)*4);
-}
-
-static void build_tuple_proto(struct nfnlhdr *req, int size,
- struct nfct_tuple *t)
-{
- nfnl_addattr_l(&req->nlh, size, CTA_IP_V6_SRC, &t->src.v6,
- sizeof(u_int32_t)*4);
- nfnl_addattr_l(&req->nlh, size, CTA_IP_V6_DST, &t->dst.v6,
- sizeof(u_int32_t)*4);
-}
-
-static int print_proto(char *buf, struct nfct_tuple *tuple)
-{
- struct in6_addr src;
- struct in6_addr dst;
- char tmp[INET6_ADDRSTRLEN];
- int size;
-
- memcpy(&src, tuple->src.v6, sizeof(struct in6_addr));
- memcpy(&dst, tuple->dst.v6, sizeof(struct in6_addr));
-
- if (!inet_ntop(AF_INET6, &src, tmp, sizeof(tmp)))
- return 0;
- size = sprintf(buf, "src=%s ", tmp);
- if (!inet_ntop(AF_INET6, &dst, tmp, sizeof(tmp)))
- return 0;
- size += sprintf(buf + size, "dst=%s ", tmp);
-
- return size;
-}
-
-static int compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- unsigned int flags)
-{
- if (flags & IPV6_ORIG)
- if (ct1->tuple[NFCT_DIR_ORIGINAL].l3protonum !=
- ct2->tuple[NFCT_DIR_ORIGINAL].l3protonum)
- return 0;
- if (flags & IPV6_REPL)
- if (ct1->tuple[NFCT_DIR_REPLY].l3protonum !=
- ct2->tuple[NFCT_DIR_REPLY].l3protonum)
- return 0;
- if (flags & IPV6_ORIG_SRC)
- if (memcmp(ct1->tuple[NFCT_DIR_ORIGINAL].src.v6,
- ct2->tuple[NFCT_DIR_ORIGINAL].src.v6,
- sizeof(u_int32_t)*4) == 0)
- return 0;
- if (flags & IPV6_ORIG_DST)
- if (memcmp(ct1->tuple[NFCT_DIR_ORIGINAL].dst.v6,
- ct2->tuple[NFCT_DIR_ORIGINAL].dst.v6,
- sizeof(u_int32_t)*4) == 0)
- return 0;
- if (flags & IPV6_REPL_SRC)
- if (memcmp(ct1->tuple[NFCT_DIR_REPLY].src.v6,
- ct2->tuple[NFCT_DIR_REPLY].src.v6,
- sizeof(u_int32_t)*4) == 0)
- return 0;
- if (flags & IPV6_REPL_DST)
- if (memcmp(ct1->tuple[NFCT_DIR_REPLY].dst.v6,
- ct2->tuple[NFCT_DIR_REPLY].dst.v6,
- sizeof(u_int32_t)*4) == 0)
- return 0;
-
- return 1;
-}
-
-struct nfct_l3proto ipv6 = {
- .name = "ipv6",
- .protonum = AF_INET6,
- .parse_proto = parse_proto,
- .build_tuple_proto = build_tuple_proto,
- .print_proto = print_proto,
- .compare = compare,
- .version = VERSION
-};
diff --git a/src/main.c b/src/main.c
index 41e4f26..d0ed9c0 100644
--- a/src/main.c
+++ b/src/main.c
@@ -18,8 +18,6 @@ struct nfct_handle *nfct_open_nfnl(struct nfnl_handle *nfnlh,
{
struct nfct_handle *cth;
- deprecated_backward_support();
-
cth = (struct nfct_handle *) malloc(sizeof(struct nfct_handle));
if (!cth)
return NULL;
More information about the netfilter-cvslog
mailing list