diff options
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | config.h.in | 7 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | extensions/libct_proto_sctp.c | 2 | ||||
-rw-r--r-- | extensions/libct_proto_tcp.c | 2 | ||||
-rw-r--r-- | extensions/libct_proto_udp.c | 2 | ||||
-rw-r--r-- | src/conntrack.c | 10 | ||||
-rw-r--r-- | src/libct.c | 79 |
8 files changed, 59 insertions, 47 deletions
diff --git a/Makefile.am b/Makefile.am index b114b00..888d53e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ AUTOMAKE_OPTIONS = foreign 1.4 INCLUDES = $(all_includes) -I$(top_srcdir)/include -I${KERNELDIR} SUBDIRS = src extensions DIST_SUBDIRS = include src extensions -LINKOPTS = -ldl -lnfnetlink -lnfnetlink_conntrack +LINKOPTS = -ldl -lnfnetlink -lctnetlink AM_CFLAGS = -g $(OBJECTS): libtool diff --git a/config.h.in b/config.h.in index 9045dbb..3921abd 100644 --- a/config.h.in +++ b/config.h.in @@ -6,16 +6,15 @@ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if you have the `ctnetlink' library (-lctnetlink). */ +#undef HAVE_LIBCTNETLINK + /* Define to 1 if you have the `dl' library (-ldl). */ #undef HAVE_LIBDL /* Define to 1 if you have the `nfnetlink' library (-lnfnetlink). */ #undef HAVE_LIBNFNETLINK -/* Define to 1 if you have the `nfnetlink_conntrack' library - (-lnfnetlink_conntrack). */ -#undef HAVE_LIBNFNETLINK_CONNTRACK - /* Define to 1 if you have the <memory.h> header file. */ #undef HAVE_MEMORY_H diff --git a/configure.in b/configure.in index 8956e34..efdacf1 100644 --- a/configure.in +++ b/configure.in @@ -22,7 +22,7 @@ dnl AC_CHECK_LIB([c], [main]) AC_CHECK_LIB([dl], [dlopen]) AC_CHECK_LIB([nfnetlink], [nfnl_listen]) -AC_CHECK_LIB([nfnetlink_conntrack], [ctnl_register_handler] ,,,[-lnfnetlink]) +AC_CHECK_LIB([ctnetlink], [ctnl_register_handler] ,,,[-lnfnetlink]) # Checks for header files. dnl AC_HEADER_STDC diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index 4dbdf27..b519ff1 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -14,7 +14,7 @@ #include <netinet/in.h> /* For htons */ #include <linux/netfilter/nfnetlink_conntrack.h> #include "libct_proto.h" -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include "libctnetlink.h" static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 323e4ec..65f0fb6 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -14,7 +14,7 @@ #include <netinet/in.h> /* For htons */ #include <linux/netfilter/nfnetlink_conntrack.h> #include "libct_proto.h" -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include "libctnetlink.h" static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 8a9f0cf..706f113 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -13,7 +13,7 @@ #include <netinet/in.h> /* For htons */ #include <linux/netfilter/nfnetlink_conntrack.h> #include "libct_proto.h" -#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h> +#include "libctnetlink.h" static struct option opts[] = { {"orig-port-src", 1, 0, '1'}, diff --git a/src/conntrack.c b/src/conntrack.c index 22c6115..ccfb71a 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -880,11 +880,13 @@ int main(int argc, char *argv[]) case EXP_CREATE: if (options & CT_OPT_ORIG) res = create_expectation(&orig, + CTA_TUPLE_ORIG, &exptuple, &mask, timeout); else if (options & CT_OPT_REPL) res = create_expectation(&reply, + CTA_TUPLE_REPLY, &exptuple, &mask, timeout); @@ -915,16 +917,16 @@ int main(int argc, char *argv[]) case EXP_DELETE: if (options & CT_OPT_ORIG) - res = delete_expectation(&orig); + res = delete_expectation(&orig, CTA_TUPLE_ORIG); else if (options & CT_OPT_REPL) - res = delete_expectation(&reply); + res = delete_expectation(&reply, CTA_TUPLE_REPLY); break; case CT_GET: if (options & CT_OPT_ORIG) - res = get_conntrack(&orig, id); + res = get_conntrack(&orig, CTA_TUPLE_ORIG, id); else if (options & CT_OPT_REPL) - res = get_conntrack(&reply, id); + res = get_conntrack(&reply, CTA_TUPLE_REPLY, id); break; case EXP_GET: diff --git a/src/libct.c b/src/libct.c index e03c02a..cf46b99 100644 --- a/src/libct.c +++ b/src/libct.c @@ -162,7 +162,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]); break; case CTA_STATUS: - ct.status = *(unsigned int *)NFA_DATA(attr); + ct.status = ntohl(*(unsigned int *)NFA_DATA(attr)); flags |= STATUS; break; case CTA_PROTOINFO: @@ -268,6 +268,25 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, return handler(sock, nlh, arg); } +void parse_expect(struct nfattr *attr, struct ctnl_tuple *tuple, + struct ctnl_tuple *mask, unsigned long *timeout, + u_int32_t *id) +{ + struct nfattr *tb[CTA_EXPECT_MAX]; + + memset(tb, 0, CTA_EXPECT_MAX*sizeof(struct nfattr *)); + + nfnl_parse_nested(tb, CTA_EXPECT_MAX, attr); + if (tb[CTA_EXPECT_TUPLE-1]) + parse_tuple(tb[CTA_EXPECT_TUPLE-1], tuple); + if (tb[CTA_EXPECT_MASK-1]) + parse_tuple(tb[CTA_EXPECT_MASK-1], mask); + if (tb[CTA_EXPECT_TIMEOUT-1]) + *timeout = htonl(*(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1])); + if (tb[CTA_EXPECT_ID-1]) + *id = htonl(*(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1])); +} + static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg) { struct nfgenmsg *nfmsg; @@ -291,19 +310,9 @@ static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void * while (NFA_OK(attr, attrlen)) { switch(attr->nfa_type) { - - case CTA_EXPECT_TUPLE: - parse_tuple(attr, &tuple); - break; - case CTA_EXPECT_MASK: - parse_tuple(attr, &mask); - break; - case CTA_EXPECT_TIMEOUT: - timeout = htonl(*(unsigned long *) - NFA_DATA(attr)); - break; - case CTA_EXPECT_ID: - id = htonl(*(u_int32_t *)NFA_DATA(attr)); + case CTA_EXPECT: + parse_expect(attr, &tuple, &mask, &timeout, + &id); break; } attr = NFA_NEXT(attr, attrlen); @@ -339,12 +348,12 @@ int create_conntrack(struct ctnl_tuple *orig, ct.tuple[CTNL_DIR_ORIGINAL] = *orig; ct.tuple[CTNL_DIR_REPLY] = *reply; ct.timeout = htonl(timeout); - ct.status = status; + ct.status = htonl(status); ct.protoinfo = *proto; if (range) ct.nat = *range; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ret = ctnl_new_conntrack(&cth, &ct); @@ -367,10 +376,10 @@ int update_conntrack(struct ctnl_tuple *orig, ct.tuple[CTNL_DIR_ORIGINAL] = *orig; ct.tuple[CTNL_DIR_REPLY] = *reply; ct.timeout = htonl(timeout); - ct.status = status; + ct.status = htonl(status); ct.protoinfo = *proto; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ret = ctnl_upd_conntrack(&cth, &ct); @@ -384,7 +393,7 @@ int delete_conntrack(struct ctnl_tuple *tuple, int dir) { int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ret = ctnl_del_conntrack(&cth, tuple, dir); @@ -402,7 +411,7 @@ int get_conntrack(struct ctnl_tuple *tuple, int dir) }; int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ctnl_register_handler(&cth, &h); @@ -421,7 +430,7 @@ int dump_conntrack_table(int zero) .handler = handler }; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ctnl_register_handler(&cth, &h); @@ -454,7 +463,7 @@ int event_conntrack(unsigned int event_mask) }; int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, event_mask)) < 0) + if ((ret = ctnl_open(&cth, event_mask)) < 0) return ret; signal(SIGINT, event_sighandler); @@ -518,7 +527,7 @@ int dump_expect_list() }; int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ctnl_register_handler(&cth, &h); @@ -533,7 +542,7 @@ int flush_conntrack() { int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ret = ctnl_flush_conntrack(&cth); @@ -542,7 +551,8 @@ int flush_conntrack() return ret; } -int get_expect(struct ctnl_tuple *tuple) +int get_expect(struct ctnl_tuple *tuple, + enum ctattr_type t) { struct ctnl_msg_handler h = { .type = IPCTNL_MSG_EXP_NEW, @@ -550,42 +560,43 @@ int get_expect(struct ctnl_tuple *tuple) }; int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return 0; ctnl_register_handler(&cth, &h); - ret = ctnl_get_expect(&cth, tuple); + ret = ctnl_get_expect(&cth, tuple, t); ctnl_close(&cth); return ret; } int create_expectation(struct ctnl_tuple *tuple, + enum ctattr_type t, struct ctnl_tuple *exptuple, struct ctnl_tuple *mask, unsigned long timeout) { int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; - ret = ctnl_new_expect(&cth, tuple, exptuple, mask, timeout); + ret = ctnl_new_expect(&cth, tuple, t, exptuple, mask, timeout); ctnl_close(&cth); return ret; } -int delete_expectation(struct ctnl_tuple *tuple) +int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t) { int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; - ret = ctnl_del_expect(&cth, tuple); + ret = ctnl_del_expect(&cth, tuple, t); ctnl_close(&cth); return ret; @@ -603,7 +614,7 @@ int event_expectation(unsigned int event_mask) }; int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, event_mask)) < 0) + if ((ret = ctnl_open(&cth, event_mask)) < 0) return ret; ctnl_register_handler(&cth, &hnew); @@ -618,7 +629,7 @@ int flush_expectation() { int ret; - if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0) + if ((ret = ctnl_open(&cth, 0)) < 0) return ret; ret = ctnl_flush_expect(&cth); |