diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-27 23:40:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-27 23:40:13 +0100 |
commit | 9aba3974d60bfbc773ac366ad6b8859a5c000377 (patch) | |
tree | 39296ebf1ff288495f1e411281bcad7ffe0f8acd /src | |
parent | e6832ed088eac06fee6316dd2ecb8003aa635f17 (diff) | |
download | conntrack-tools-9aba3974d60bfbc773ac366ad6b8859a5c000377.tar.gz conntrack-tools-9aba3974d60bfbc773ac366ad6b8859a5c000377.zip |
src: move callbacks to run.c for better readability
This patch is a cleanup. It moves the callbacks from netlink.c to
run.c where they are actually invoked. This is better for code
readability as I usually have to switch from run.c to netlink.c
to remember what the callbacks actually do.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/filter.c | 49 | ||||
-rw-r--r-- | src/netlink.c | 166 | ||||
-rw-r--r-- | src/run.c | 72 | ||||
-rw-r--r-- | src/stats-mode.c | 2 | ||||
-rw-r--r-- | src/sync-mode.c | 2 |
5 files changed, 149 insertions, 142 deletions
diff --git a/src/filter.c b/src/filter.c index 905d10f..5a8b5d8 100644 --- a/src/filter.c +++ b/src/filter.c @@ -279,7 +279,7 @@ static int __ct_filter_test_state(struct ct_filter *f, struct nf_conntrack *ct) return test_bit_u16(val, &f->statemap[protonum]); } -int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) +static int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) { int ret, protonum = nfct_get_attr_u8(ct, ATTR_L4PROTO); @@ -324,3 +324,50 @@ int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct) return 1; } + +static inline int ct_filter_sanity_check(struct nf_conntrack *ct) +{ + if (!nfct_attr_is_set(ct, ATTR_L3PROTO)) { + dlog(LOG_ERR, "missing layer 3 protocol"); + return 0; + } + + switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { + case AF_INET: + if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) || + !nfct_attr_is_set(ct, ATTR_IPV4_DST) || + !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) || + !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) { + dlog(LOG_ERR, "missing IPv4 address. " + "You forgot to load " + "nf_conntrack_ipv4?"); + return 0; + } + break; + case AF_INET6: + if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) || + !nfct_attr_is_set(ct, ATTR_IPV6_DST) || + !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) || + !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) { + dlog(LOG_ERR, "missing IPv6 address. " + "You forgot to load " + "nf_conntrack_ipv6?"); + return 0; + } + break; + } + return 1; +} + +/* we do user-space filtering for dump and resyncs */ +int ct_filter_conntrack(struct nf_conntrack *ct, int userspace) +{ + /* missing mandatory attributes in object */ + if (!ct_filter_sanity_check(ct)) + return 1; + + if (userspace && !ct_filter_check(STATE(us_filter), ct)) + return 1; + + return 0; +} diff --git a/src/netlink.c b/src/netlink.c index b8a2a02..81ac7a1 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -18,103 +18,27 @@ #include "netlink.h" #include "conntrackd.h" -#include "traffic_stats.h" #include "filter.h" #include "log.h" #include "debug.h" #include <string.h> #include <errno.h> - -static int sanity_check(struct nf_conntrack *ct) -{ - if (!nfct_attr_is_set(ct, ATTR_L3PROTO)) { - dlog(LOG_ERR, "missing layer 3 protocol"); - return 0; - } - - switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) { - case AF_INET: - if (!nfct_attr_is_set(ct, ATTR_IPV4_SRC) || - !nfct_attr_is_set(ct, ATTR_IPV4_DST) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV4_SRC) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV4_DST)) { - dlog(LOG_ERR, "missing IPv4 address. " - "You forgot to load " - "nf_conntrack_ipv4?"); - return 0; - } - break; - case AF_INET6: - if (!nfct_attr_is_set(ct, ATTR_IPV6_SRC) || - !nfct_attr_is_set(ct, ATTR_IPV6_DST) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV6_SRC) || - !nfct_attr_is_set(ct, ATTR_REPL_IPV6_DST)) { - dlog(LOG_ERR, "missing IPv6 address. " - "You forgot to load " - "nf_conntrack_ipv6?"); - return 0; - } - break; - } - return 1; -} - -/* we do user-space filtering for dump and resyncs */ -int ignore_conntrack(struct nf_conntrack *ct, int userspace) -{ - /* missing mandatory attributes in object */ - if (!sanity_check(ct)) - return 1; - - if (userspace && !ct_filter_check(STATE(us_filter), ct)) { - debug_ct(ct, "ignore traffic"); - return 1; - } - - return 0; -} - -static int event_handler(enum nf_conntrack_msg_type type, - struct nf_conntrack *ct, - void *data) -{ - /* skip user-space filtering if already do it in the kernel */ - if (ignore_conntrack(ct, !CONFIG(filter_from_kernelspace))) - return NFCT_CB_STOP; - - switch(type) { - case NFCT_T_NEW: - STATE(mode)->event_new(ct); - break; - case NFCT_T_UPDATE: - STATE(mode)->event_upd(ct); - break; - case NFCT_T_DESTROY: - if (STATE(mode)->event_dst(ct)) - update_traffic_stats(ct); - break; - default: - dlog(LOG_WARNING, "unknown msg from ctnetlink\n"); - break; - } - - return NFCT_CB_CONTINUE; -} - #include <sys/types.h> #include <sys/socket.h> #include <sys/fcntl.h> -int nl_init_event_handler(void) +struct nfct_handle *nl_init_event_handler(void) { - STATE(event) = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS); - if (!STATE(event)) - return -1; + struct nfct_handle *h; + + h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS); + if (h == NULL) + return NULL; if (STATE(filter)) { if (CONFIG(filter_from_kernelspace)) { - if (nfct_filter_attach(nfct_fd(STATE(event)), + if (nfct_filter_attach(nfct_fd(h), STATE(filter)) == -1) { dlog(LOG_ERR, "cannot set event filtering: %s", strerror(errno)); @@ -126,18 +50,18 @@ int nl_init_event_handler(void) nfct_filter_destroy(STATE(filter)); } - fcntl(nfct_fd(STATE(event)), F_SETFL, O_NONBLOCK); + fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK); /* set up socket buffer size */ if (CONFIG(netlink_buffer_size)) - nfnl_rcvbufsiz(nfct_nfnlh(STATE(event)), + nfnl_rcvbufsiz(nfct_nfnlh(h), CONFIG(netlink_buffer_size)); else { socklen_t socklen = sizeof(unsigned int); unsigned int read_size; /* get current buffer size */ - getsockopt(nfct_fd(STATE(event)), SOL_SOCKET, + getsockopt(nfct_fd(h), SOL_SOCKET, SO_RCVBUF, &read_size, &socklen); CONFIG(netlink_buffer_size) = read_size; @@ -148,69 +72,43 @@ int nl_init_event_handler(void) CONFIG(netlink_buffer_size_max_grown) = CONFIG(netlink_buffer_size); - /* register callback for events */ - nfct_callback_register(STATE(event), NFCT_T_ALL, event_handler, NULL); - - return 0; + return h; } -static int dump_handler(enum nf_conntrack_msg_type type, - struct nf_conntrack *ct, - void *data) +struct nfct_handle *nl_init_dump_handler(void) { - if (ignore_conntrack(ct, 1)) - return NFCT_CB_CONTINUE; - - switch(type) { - case NFCT_T_UPDATE: - STATE(mode)->dump(ct); - break; - default: - dlog(LOG_WARNING, "unknown msg from ctnetlink"); - break; - } - return NFCT_CB_CONTINUE; -} + struct nfct_handle *h; -int nl_init_dump_handler(void) -{ /* open dump netlink socket */ - STATE(dump) = nfct_open(CONNTRACK, 0); - if (!STATE(dump)) - return -1; - - /* register callback for dumped entries */ - nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL); + h = nfct_open(CONNTRACK, 0); + if (h == NULL) + return NULL; - if (nl_dump_conntrack_table() == -1) - return -1; - - return 0; + return h; } -int nl_init_overrun_handler(void) +struct nfct_handle *nl_init_overrun_handler(void) { - STATE(overrun) = nfct_open(CONNTRACK, 0); - if (!STATE(overrun)) - return -1; + struct nfct_handle *h; + + h = nfct_open(CONNTRACK, 0); + if (h == NULL) + return NULL; - fcntl(nfct_fd(STATE(overrun)), F_SETFL, O_NONBLOCK); + fcntl(nfct_fd(h), F_SETFL, O_NONBLOCK); - nfct_callback_register(STATE(overrun), - NFCT_T_ALL, - STATE(mode)->overrun, - NULL); - return 0; + return h; } -/* no callback, it does not do anything with the output */ -int nl_init_request_handler(void) +struct nfct_handle *nl_init_request_handler(void) { - STATE(request) = nfct_open(CONNTRACK, 0); - if (!STATE(request)) - return -1; + struct nfct_handle *h; + + h = nfct_open(CONNTRACK, 0); + if (h == NULL) + return NULL; - return 0; + return h; } static int warned = 0; @@ -24,6 +24,7 @@ #include "log.h" #include "alarm.h" #include "fds.h" +#include "traffic_stats.h" #include <errno.h> #include <signal.h> @@ -100,6 +101,51 @@ static void do_overrun_alarm(struct alarm_block *a, void *data) add_alarm(&STATE(overrun_alarm), 2, 0); } +static int event_handler(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + /* skip user-space filtering if already do it in the kernel */ + if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace))) + return NFCT_CB_STOP; + + switch(type) { + case NFCT_T_NEW: + STATE(mode)->event_new(ct); + break; + case NFCT_T_UPDATE: + STATE(mode)->event_upd(ct); + break; + case NFCT_T_DESTROY: + if (STATE(mode)->event_dst(ct)) + update_traffic_stats(ct); + break; + default: + dlog(LOG_WARNING, "unknown msg from ctnetlink\n"); + break; + } + + return NFCT_CB_CONTINUE; +} + +static int dump_handler(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + if (ct_filter_conntrack(ct, 1)) + return NFCT_CB_CONTINUE; + + switch(type) { + case NFCT_T_UPDATE: + STATE(mode)->dump(ct); + break; + default: + dlog(LOG_WARNING, "unknown msg from ctnetlink"); + break; + } + return NFCT_CB_CONTINUE; +} + int init(void) { @@ -126,28 +172,44 @@ init(void) return -1; } - if (nl_init_event_handler() == -1) { + STATE(event) = nl_init_event_handler(); + if (STATE(event) == NULL) { dlog(LOG_ERR, "can't open netlink handler: %s", strerror(errno)); dlog(LOG_ERR, "no ctnetlink kernel support?"); return -1; } + nfct_callback_register(STATE(event), NFCT_T_ALL, event_handler, NULL); - if (nl_init_dump_handler() == -1) { + STATE(dump) = nl_init_dump_handler(); + if (STATE(dump) == NULL) { dlog(LOG_ERR, "can't open netlink handler: %s", strerror(errno)); dlog(LOG_ERR, "no ctnetlink kernel support?"); return -1; } + nfct_callback_register(STATE(dump), NFCT_T_ALL, dump_handler, NULL); - if (nl_init_overrun_handler() == -1) { + if (nl_dump_conntrack_table() == -1) { + dlog(LOG_ERR, "can't get kernel conntrack table"); + return -1; + } + + STATE(overrun) = nl_init_overrun_handler(); + if (STATE(overrun)== NULL) { dlog(LOG_ERR, "can't open netlink handler: %s", strerror(errno)); dlog(LOG_ERR, "no ctnetlink kernel support?"); return -1; } - - if (nl_init_request_handler() == -1) { + nfct_callback_register(STATE(overrun), + NFCT_T_ALL, + STATE(mode)->overrun, + NULL); + + /* no callback, it does not do anything with the output */ + STATE(request) = nl_init_request_handler(); + if (STATE(request) == NULL) { dlog(LOG_ERR, "can't open netlink handler: %s", strerror(errno)); dlog(LOG_ERR, "no ctnetlink kernel support?"); diff --git a/src/stats-mode.c b/src/stats-mode.c index 763afe0..ad28008 100644 --- a/src/stats-mode.c +++ b/src/stats-mode.c @@ -104,7 +104,7 @@ static int overrun_stats(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) { - if (ignore_conntrack(ct, 1)) + if (ct_filter_conntrack(ct, 1)) return NFCT_CB_CONTINUE; /* This is required by kernels < 2.6.20 */ diff --git a/src/sync-mode.c b/src/sync-mode.c index 152a8e2..e613111 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -438,7 +438,7 @@ static int overrun_sync(enum nf_conntrack_msg_type type, { struct us_conntrack *u; - if (ignore_conntrack(ct, 1)) + if (ct_filter_conntrack(ct, 1)) return NFCT_CB_CONTINUE; /* This is required by kernels < 2.6.20 */ |