[libnetfilter_conntrack] src: remove reminiscent of NFCT_DIR_ORIGINAL and old prototypes
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Tue Feb 17 22:13:51 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=752a1af93da1381a5ecb921e7519cd9997eb27bc
commit 752a1af93da1381a5ecb921e7519cd9997eb27bc
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Feb 17 22:12:05 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Feb 17 22:12:05 2009 +0100
src: remove reminiscent of NFCT_DIR_ORIGINAL and old prototypes
This patch removes a reminiscent constant of the old API whose value
is the same of __DIR_ORIG. This patch also removes the prototype
definition from libnetfilter_conntrack.h.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 752a1af93da1381a5ecb921e7519cd9997eb27bc (commit)
from 6fbf883d990947d9f7e3b856e5db7f03d45d3aa6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 752a1af93da1381a5ecb921e7519cd9997eb27bc
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Tue Feb 17 22:12:05 2009 +0100
src: remove reminiscent of NFCT_DIR_ORIGINAL and old prototypes
This patch removes a reminiscent constant of the old API whose value
is the same of __DIR_ORIG. This patch also removes the prototype
definition from libnetfilter_conntrack.h.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
.../libnetfilter_conntrack.h | 285 --------------------
src/conntrack/build.c | 4 +-
src/expect/build.c | 4 +-
3 files changed, 4 insertions(+), 289 deletions(-)
This patch removes a reminiscent constant of the old API whose value
is the same of __DIR_ORIG. This patch also removes the prototype
definition from libnetfilter_conntrack.h.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 0c8b715..f2b6dbb 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -616,291 +616,6 @@ enum ip_conntrack_status {
/* Be liberal in window checking */
#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
-/*
- * Old deprecated API, its use for new applications is *strongly discouraged*
- */
-
-/*
- * In case that the user doesn't want to do some kind
- * of action against a conntrack based on its ID
- */
-#define NFCT_ANY_ID 0
-
-union nfct_l4 {
- /* Add other protocols here. */
- u_int16_t all;
- struct {
- u_int16_t port;
- } tcp;
- struct {
- u_int16_t port;
- } udp;
- struct {
- u_int8_t type, code;
- u_int16_t id;
- } icmp;
- struct {
- u_int16_t port;
- } sctp;
-};
-
-union nfct_address {
- u_int32_t v4;
- u_int32_t v6[4];
-};
-
-struct nfct_tuple {
- union nfct_address src;
- union nfct_address dst;
-
- u_int8_t l3protonum;
- u_int8_t protonum;
- union nfct_l4 l4src;
- union nfct_l4 l4dst;
-};
-
-union nfct_protoinfo {
- struct {
- u_int8_t state;
- } tcp;
-};
-
-struct nfct_counters {
- u_int64_t packets;
- u_int64_t bytes;
-};
-
-struct nfct_nat {
- u_int32_t min_ip, max_ip;
- union nfct_l4 l4min, l4max;
-};
-
-#define NFCT_DIR_ORIGINAL 0
-#define NFCT_DIR_REPLY 1
-#define NFCT_DIR_MAX NFCT_DIR_REPLY+1
-
-struct nfct_conntrack {
- struct nfct_tuple tuple[NFCT_DIR_MAX];
-
- u_int32_t timeout;
- u_int32_t mark;
- u_int32_t status;
- u_int32_t use;
- u_int32_t id;
-
- union nfct_protoinfo protoinfo;
- struct nfct_counters counters[NFCT_DIR_MAX];
- struct nfct_nat nat;
-};
-
-struct nfct_expect {
- struct nfct_tuple master;
- struct nfct_tuple tuple;
- struct nfct_tuple mask;
- u_int32_t timeout;
- u_int32_t id;
- u_int16_t expectfn_queue_id;
-};
-
-struct nfct_conntrack_compare {
- struct nfct_conntrack *ct;
- unsigned int flags;
- unsigned int l3flags;
- unsigned int l4flags;
-};
-
-enum {
- NFCT_STATUS_BIT = 0,
- NFCT_STATUS = (1 << NFCT_STATUS_BIT),
-
- NFCT_PROTOINFO_BIT = 1,
- NFCT_PROTOINFO = (1 << NFCT_PROTOINFO_BIT),
-
- NFCT_TIMEOUT_BIT = 2,
- NFCT_TIMEOUT = (1 << NFCT_TIMEOUT_BIT),
-
- NFCT_MARK_BIT = 3,
- NFCT_MARK = (1 << NFCT_MARK_BIT),
-
- NFCT_COUNTERS_ORIG_BIT = 4,
- NFCT_COUNTERS_ORIG = (1 << NFCT_COUNTERS_ORIG_BIT),
-
- NFCT_COUNTERS_RPLY_BIT = 5,
- NFCT_COUNTERS_RPLY = (1 << NFCT_COUNTERS_RPLY_BIT),
-
- NFCT_USE_BIT = 6,
- NFCT_USE = (1 << NFCT_USE_BIT),
-
- NFCT_ID_BIT = 7,
- NFCT_ID = (1 << NFCT_ID_BIT)
-};
-
-enum {
- NFCT_MSG_UNKNOWN,
- NFCT_MSG_NEW,
- NFCT_MSG_UPDATE,
- NFCT_MSG_DESTROY
-};
-
-typedef int (*nfct_callback)(void *arg, unsigned int flags, int, void *data);
-
-/*
- * [Allocate|free] a conntrack
- */
-extern __attribute__((deprecated))
-struct nfct_conntrack *
-nfct_conntrack_alloc(struct nfct_tuple *orig, struct nfct_tuple *reply,
- u_int32_t timeout, union nfct_protoinfo *proto,
- u_int32_t status, u_int32_t mark,
- u_int32_t id, struct nfct_nat *range);
-extern __attribute__((deprecated))
-void nfct_conntrack_free(struct nfct_conntrack *ct);
-
-/*
- * [Allocate|free] an expectation
- */
-extern __attribute__((deprecated))
-struct nfct_expect *
-nfct_expect_alloc(struct nfct_tuple *master, struct nfct_tuple *tuple,
- struct nfct_tuple *mask, u_int32_t timeout,
- u_int32_t id);
-
-extern __attribute__((deprecated))
-void nfct_expect_free(struct nfct_expect *exp);
-
-
-/*
- * [Register|unregister] callbacks
- */
-extern __attribute__((deprecated))
-void nfct_register_callback(struct nfct_handle *cth,
- nfct_callback callback, void *data);
-
-extern __attribute__((deprecated))
-void nfct_unregister_callback(struct nfct_handle *cth);
-
-/*
- * callback displayers
- */
-extern __attribute__((deprecated))
-int nfct_default_conntrack_display(void *, unsigned int, int, void *);
-extern __attribute__((deprecated))
-int nfct_default_conntrack_display_id(void *, unsigned int, int, void *);
-extern __attribute__((deprecated))
-int nfct_default_expect_display(void *, unsigned int, int, void *);
-extern __attribute__((deprecated))
-int nfct_default_expect_display_id(void *, unsigned int, int, void *);
-extern __attribute__((deprecated))
-int nfct_default_conntrack_event_display(void *, unsigned int, int, void *);
-
-/*
- * [Create|update|get|destroy] conntracks
- */
-extern __attribute__((deprecated))
-int nfct_create_conntrack(struct nfct_handle *cth,
- struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_update_conntrack(struct nfct_handle *cth,
- struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_delete_conntrack(struct nfct_handle *cth,
- struct nfct_tuple *tuple, int dir,
- u_int32_t id);
-extern __attribute__((deprecated))
-int nfct_get_conntrack(struct nfct_handle *cth,
- struct nfct_tuple *tuple, int dir,
- u_int32_t id);
-/*
- * Conntrack table dumping & zeroing
- */
-extern __attribute__((deprecated))
-int nfct_dump_conntrack_table(struct nfct_handle *cth, int family);
-extern __attribute__((deprecated))
-int nfct_dump_conntrack_table_reset_counters(struct nfct_handle *cth,
- int family);
-
-/*
- * Conntrack event notification
- */
-extern __attribute__((deprecated))
-int nfct_event_conntrack(struct nfct_handle *cth);
-
-/*
- * Conntrack printing functions
- */
-extern __attribute__((deprecated))
-int nfct_sprintf_conntrack(char *buf, struct nfct_conntrack *ct,
- unsigned int flags);
-extern __attribute__((deprecated))
-int nfct_sprintf_conntrack_id(char *buf, struct nfct_conntrack *ct,
- unsigned int flags);
-extern __attribute__((deprecated))
-int nfct_sprintf_address(char *buf, struct nfct_tuple *t);
-extern __attribute__((deprecated))
-int nfct_sprintf_proto(char *buf, struct nfct_tuple *t);
-extern __attribute__((deprecated))
-int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_timeout(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_protocol(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_status_assured(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_status_seen_reply(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_counters(char *buf, struct nfct_conntrack *ct, int dir);
-extern __attribute__((deprecated))
-int nfct_sprintf_mark(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct);
-extern __attribute__((deprecated))
-int nfct_sprintf_id(char *buf, u_int32_t id);
-
-/*
- * Conntrack comparison
- */
-extern __attribute__((deprecated))
-int nfct_conntrack_compare(struct nfct_conntrack *ct1,
- struct nfct_conntrack *ct2,
- struct nfct_conntrack_compare *cmp);
-
-/*
- * Expectations
- */
-extern __attribute__((deprecated))
-int nfct_dump_expect_list(struct nfct_handle *cth, int family);
-extern __attribute__((deprecated))
-int nfct_flush_conntrack_table(struct nfct_handle *cth, int family);
-extern __attribute__((deprecated))
-int nfct_get_expectation(struct nfct_handle *cth,
- struct nfct_tuple *tuple,
- u_int32_t id);
-extern __attribute__((deprecated))
-int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *);
-extern __attribute__((deprecated))
-int nfct_delete_expectation(struct nfct_handle *cth,
- struct nfct_tuple *tuple, u_int32_t id);
-extern __attribute__((deprecated))
-int nfct_event_expectation(struct nfct_handle *cth);
-extern __attribute__((deprecated))
-int nfct_flush_expectation_table(struct nfct_handle *cth, int family);
-
-/*
- * expectation printing functions
- */
-extern __attribute__((deprecated))
-int nfct_sprintf_expect(char *buf, struct nfct_expect *exp);
-extern __attribute__((deprecated))
-int nfct_sprintf_expect_id(char *buf, struct nfct_expect *exp);
-
-/*
- * low-level functions for libnetfilter_cthelper
- */
-extern __attribute__((deprecated))
-void nfct_build_tuple(struct nfnlhdr *req, int size,
- struct nfct_tuple *t, int type);
-
#ifdef __cplusplus
}
#endif
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 35abe05..9611508 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -194,7 +194,7 @@ void __build_protonat(struct nfnlhdr *req,
nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO);
- switch (ct->tuple[NFCT_DIR_ORIGINAL].protonum) {
+ switch (ct->tuple[__DIR_ORIG].protonum) {
case IPPROTO_TCP:
case IPPROTO_UDP:
nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_PORT_MIN,
@@ -333,7 +333,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
u_int16_t flags,
const struct nf_conntrack *ct)
{
- u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
+ u_int8_t l3num = ct->tuple[__DIR_ORIG].l3protonum;
if (!test_bit(ATTR_ORIG_L3PROTO, ct->set)) {
errno = EINVAL;
diff --git a/src/expect/build.c b/src/expect/build.c
index 2f9cb84..cb9071d 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -24,9 +24,9 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
u_int8_t l3num;
if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set))
- l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum;
+ l3num = exp->master.tuple[__DIR_ORIG].l3protonum;
else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set))
- l3num = exp->expected.tuple[NFCT_DIR_ORIGINAL].l3protonum;
+ l3num = exp->expected.tuple[__DIR_ORIG].l3protonum;
else
return -1;
More information about the netfilter-cvslog
mailing list