summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am2
-rw-r--r--config.h.in7
-rw-r--r--configure.in2
-rw-r--r--extensions/libct_proto_sctp.c2
-rw-r--r--extensions/libct_proto_tcp.c2
-rw-r--r--extensions/libct_proto_udp.c2
-rw-r--r--src/conntrack.c12
-rw-r--r--src/libct.c79
8 files changed, 48 insertions, 60 deletions
diff --git a/Makefile.am b/Makefile.am
index 888d53e..b114b00 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@ AUTOMAKE_OPTIONS = foreign 1.4
INCLUDES = $(all_includes) -I$(top_srcdir)/include -I${KERNELDIR}
SUBDIRS = src extensions
DIST_SUBDIRS = include src extensions
-LINKOPTS = -ldl -lnfnetlink -lctnetlink
+LINKOPTS = -ldl -lnfnetlink -lnfnetlink_conntrack
AM_CFLAGS = -g
$(OBJECTS): libtool
diff --git a/config.h.in b/config.h.in
index 3921abd..9045dbb 100644
--- a/config.h.in
+++ b/config.h.in
@@ -6,15 +6,16 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
-/* Define to 1 if you have the `ctnetlink' library (-lctnetlink). */
-#undef HAVE_LIBCTNETLINK
-
/* Define to 1 if you have the `dl' library (-ldl). */
#undef HAVE_LIBDL
/* Define to 1 if you have the `nfnetlink' library (-lnfnetlink). */
#undef HAVE_LIBNFNETLINK
+/* Define to 1 if you have the `nfnetlink_conntrack' library
+ (-lnfnetlink_conntrack). */
+#undef HAVE_LIBNFNETLINK_CONNTRACK
+
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
diff --git a/configure.in b/configure.in
index efdacf1..8956e34 100644
--- a/configure.in
+++ b/configure.in
@@ -22,7 +22,7 @@ dnl AC_CHECK_LIB([c], [main])
AC_CHECK_LIB([dl], [dlopen])
AC_CHECK_LIB([nfnetlink], [nfnl_listen])
-AC_CHECK_LIB([ctnetlink], [ctnl_register_handler] ,,,[-lnfnetlink])
+AC_CHECK_LIB([nfnetlink_conntrack], [ctnl_register_handler] ,,,[-lnfnetlink])
# Checks for header files.
dnl AC_HEADER_STDC
diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c
index b519ff1..4dbdf27 100644
--- a/extensions/libct_proto_sctp.c
+++ b/extensions/libct_proto_sctp.c
@@ -14,7 +14,7 @@
#include <netinet/in.h> /* For htons */
#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
-#include "libctnetlink.h"
+#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c
index 65f0fb6..323e4ec 100644
--- a/extensions/libct_proto_tcp.c
+++ b/extensions/libct_proto_tcp.c
@@ -14,7 +14,7 @@
#include <netinet/in.h> /* For htons */
#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
-#include "libctnetlink.h"
+#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c
index 706f113..8a9f0cf 100644
--- a/extensions/libct_proto_udp.c
+++ b/extensions/libct_proto_udp.c
@@ -13,7 +13,7 @@
#include <netinet/in.h> /* For htons */
#include <linux/netfilter/nfnetlink_conntrack.h>
#include "libct_proto.h"
-#include "libctnetlink.h"
+#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>
static struct option opts[] = {
{"orig-port-src", 1, 0, '1'},
diff --git a/src/conntrack.c b/src/conntrack.c
index ccfb71a..12825b4 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -47,7 +47,7 @@
#include "libct_proto.h"
#define PROGNAME "conntrack"
-#define VERSION "0.63"
+#define VERSION "0.80"
#if 0
#define DEBUGP printf
@@ -880,13 +880,11 @@ int main(int argc, char *argv[])
case EXP_CREATE:
if (options & CT_OPT_ORIG)
res = create_expectation(&orig,
- CTA_TUPLE_ORIG,
&exptuple,
&mask,
timeout);
else if (options & CT_OPT_REPL)
res = create_expectation(&reply,
- CTA_TUPLE_REPLY,
&exptuple,
&mask,
timeout);
@@ -917,16 +915,16 @@ int main(int argc, char *argv[])
case EXP_DELETE:
if (options & CT_OPT_ORIG)
- res = delete_expectation(&orig, CTA_TUPLE_ORIG);
+ res = delete_expectation(&orig);
else if (options & CT_OPT_REPL)
- res = delete_expectation(&reply, CTA_TUPLE_REPLY);
+ res = delete_expectation(&reply);
break;
case CT_GET:
if (options & CT_OPT_ORIG)
- res = get_conntrack(&orig, CTA_TUPLE_ORIG, id);
+ res = get_conntrack(&orig, id);
else if (options & CT_OPT_REPL)
- res = get_conntrack(&reply, CTA_TUPLE_REPLY, id);
+ res = get_conntrack(&reply, id);
break;
case EXP_GET:
diff --git a/src/libct.c b/src/libct.c
index cf46b99..e03c02a 100644
--- a/src/libct.c
+++ b/src/libct.c
@@ -162,7 +162,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);
break;
case CTA_STATUS:
- ct.status = ntohl(*(unsigned int *)NFA_DATA(attr));
+ ct.status = *(unsigned int *)NFA_DATA(attr);
flags |= STATUS;
break;
case CTA_PROTOINFO:
@@ -268,25 +268,6 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,
return handler(sock, nlh, arg);
}
-void parse_expect(struct nfattr *attr, struct ctnl_tuple *tuple,
- struct ctnl_tuple *mask, unsigned long *timeout,
- u_int32_t *id)
-{
- struct nfattr *tb[CTA_EXPECT_MAX];
-
- memset(tb, 0, CTA_EXPECT_MAX*sizeof(struct nfattr *));
-
- nfnl_parse_nested(tb, CTA_EXPECT_MAX, attr);
- if (tb[CTA_EXPECT_TUPLE-1])
- parse_tuple(tb[CTA_EXPECT_TUPLE-1], tuple);
- if (tb[CTA_EXPECT_MASK-1])
- parse_tuple(tb[CTA_EXPECT_MASK-1], mask);
- if (tb[CTA_EXPECT_TIMEOUT-1])
- *timeout = htonl(*(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1]));
- if (tb[CTA_EXPECT_ID-1])
- *id = htonl(*(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1]));
-}
-
static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)
{
struct nfgenmsg *nfmsg;
@@ -310,9 +291,19 @@ static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *
while (NFA_OK(attr, attrlen)) {
switch(attr->nfa_type) {
- case CTA_EXPECT:
- parse_expect(attr, &tuple, &mask, &timeout,
- &id);
+
+ case CTA_EXPECT_TUPLE:
+ parse_tuple(attr, &tuple);
+ break;
+ case CTA_EXPECT_MASK:
+ parse_tuple(attr, &mask);
+ break;
+ case CTA_EXPECT_TIMEOUT:
+ timeout = htonl(*(unsigned long *)
+ NFA_DATA(attr));
+ break;
+ case CTA_EXPECT_ID:
+ id = htonl(*(u_int32_t *)NFA_DATA(attr));
break;
}
attr = NFA_NEXT(attr, attrlen);
@@ -348,12 +339,12 @@ int create_conntrack(struct ctnl_tuple *orig,
ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
ct.tuple[CTNL_DIR_REPLY] = *reply;
ct.timeout = htonl(timeout);
- ct.status = htonl(status);
+ ct.status = status;
ct.protoinfo = *proto;
if (range)
ct.nat = *range;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ret = ctnl_new_conntrack(&cth, &ct);
@@ -376,10 +367,10 @@ int update_conntrack(struct ctnl_tuple *orig,
ct.tuple[CTNL_DIR_ORIGINAL] = *orig;
ct.tuple[CTNL_DIR_REPLY] = *reply;
ct.timeout = htonl(timeout);
- ct.status = htonl(status);
+ ct.status = status;
ct.protoinfo = *proto;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ret = ctnl_upd_conntrack(&cth, &ct);
@@ -393,7 +384,7 @@ int delete_conntrack(struct ctnl_tuple *tuple, int dir)
{
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ret = ctnl_del_conntrack(&cth, tuple, dir);
@@ -411,7 +402,7 @@ int get_conntrack(struct ctnl_tuple *tuple, int dir)
};
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ctnl_register_handler(&cth, &h);
@@ -430,7 +421,7 @@ int dump_conntrack_table(int zero)
.handler = handler
};
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ctnl_register_handler(&cth, &h);
@@ -463,7 +454,7 @@ int event_conntrack(unsigned int event_mask)
};
int ret;
- if ((ret = ctnl_open(&cth, event_mask)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, event_mask)) < 0)
return ret;
signal(SIGINT, event_sighandler);
@@ -527,7 +518,7 @@ int dump_expect_list()
};
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)
return ret;
ctnl_register_handler(&cth, &h);
@@ -542,7 +533,7 @@ int flush_conntrack()
{
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)
return ret;
ret = ctnl_flush_conntrack(&cth);
@@ -551,8 +542,7 @@ int flush_conntrack()
return ret;
}
-int get_expect(struct ctnl_tuple *tuple,
- enum ctattr_type t)
+int get_expect(struct ctnl_tuple *tuple)
{
struct ctnl_msg_handler h = {
.type = IPCTNL_MSG_EXP_NEW,
@@ -560,43 +550,42 @@ int get_expect(struct ctnl_tuple *tuple,
};
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)
return 0;
ctnl_register_handler(&cth, &h);
- ret = ctnl_get_expect(&cth, tuple, t);
+ ret = ctnl_get_expect(&cth, tuple);
ctnl_close(&cth);
return ret;
}
int create_expectation(struct ctnl_tuple *tuple,
- enum ctattr_type t,
struct ctnl_tuple *exptuple,
struct ctnl_tuple *mask,
unsigned long timeout)
{
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)
return ret;
- ret = ctnl_new_expect(&cth, tuple, t, exptuple, mask, timeout);
+ ret = ctnl_new_expect(&cth, tuple, exptuple, mask, timeout);
ctnl_close(&cth);
return ret;
}
-int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t)
+int delete_expectation(struct ctnl_tuple *tuple)
{
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)
return ret;
- ret = ctnl_del_expect(&cth, tuple, t);
+ ret = ctnl_del_expect(&cth, tuple);
ctnl_close(&cth);
return ret;
@@ -614,7 +603,7 @@ int event_expectation(unsigned int event_mask)
};
int ret;
- if ((ret = ctnl_open(&cth, event_mask)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, event_mask)) < 0)
return ret;
ctnl_register_handler(&cth, &hnew);
@@ -629,7 +618,7 @@ int flush_expectation()
{
int ret;
- if ((ret = ctnl_open(&cth, 0)) < 0)
+ if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)
return ret;
ret = ctnl_flush_expect(&cth);