diff options
-rw-r--r-- | include/conntrackd.h | 1 | ||||
-rw-r--r-- | include/netlink.h | 4 | ||||
-rw-r--r-- | src/netlink.c | 25 | ||||
-rw-r--r-- | src/run.c | 8 |
4 files changed, 36 insertions, 2 deletions
diff --git a/include/conntrackd.h b/include/conntrackd.h index 2f0d7e5..60bb2de 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -110,6 +110,7 @@ struct ct_general_state { struct nfct_filter *filter; /* event filter */ struct nfct_handle *dump; /* dump handler */ + struct nfct_handle *request; /* request handler */ struct nfct_handle *overrun; /* overrun handler */ struct alarm_block overrun_alarm; diff --git a/include/netlink.h b/include/netlink.h index a46fe11..a7b7dda 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -10,6 +10,8 @@ int nl_init_event_handler(void); int nl_init_dump_handler(void); +int nl_init_request_handler(void); + int nl_init_overrun_handler(void); int nl_overrun_request_resync(void); @@ -20,6 +22,8 @@ int nl_dump_conntrack_table(void); int nl_exist_conntrack(struct nf_conntrack *ct); +int nl_get_conntrack(struct nf_conntrack *ct); + int nl_create_conntrack(struct nf_conntrack *ct); int nl_update_conntrack(struct nf_conntrack *ct); diff --git a/src/netlink.c b/src/netlink.c index a8a5503..0d9b7db 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -214,6 +214,16 @@ int nl_init_overrun_handler(void) return 0; } +/* no callback, it does not do anything with the output */ +int nl_init_request_handler(void) +{ + STATE(request) = nfct_open(CONNTRACK, 0); + if (!STATE(request)) + return -1; + + return 0; +} + static int warned = 0; void nl_resize_socket_buffer(struct nfct_handle *h) @@ -257,7 +267,7 @@ int nl_overrun_request_resync(void) return nfct_send(STATE(overrun), NFCT_Q_DUMP, &family); } -int nl_exist_conntrack(struct nf_conntrack *ct) +static int __nl_get_conntrack(struct nfct_handle *h, struct nf_conntrack *ct) { int ret; char __tmp[nfct_maxsize()]; @@ -268,13 +278,24 @@ int nl_exist_conntrack(struct nf_conntrack *ct) /* use the original tuple to check if it is there */ nfct_copy(tmp, ct, NFCT_CP_ORIG); - ret = nfct_query(STATE(dump), NFCT_Q_GET, tmp); + ret = nfct_query(h, NFCT_Q_GET, tmp); if (ret == -1) return errno == ENOENT ? 0 : -1; return 1; } +int nl_exist_conntrack(struct nf_conntrack *ct) +{ + return __nl_get_conntrack(STATE(request), ct); +} + +/* get the conntrack and update the cache */ +int nl_get_conntrack(struct nf_conntrack *ct) +{ + return __nl_get_conntrack(STATE(dump), ct); +} + /* This function modifies the conntrack passed as argument! */ int nl_create_conntrack(struct nf_conntrack *ct) { @@ -38,6 +38,7 @@ void killer(int foo) sigprocmask(SIG_BLOCK, &STATE(block), NULL); nfct_close(STATE(event)); + nfct_close(STATE(request)); ct_filter_destroy(STATE(us_filter)); local_server_destroy(&STATE(local)); @@ -144,6 +145,13 @@ init(void) return -1; } + if (nl_init_request_handler() == -1) { + dlog(LOG_ERR, "can't open netlink handler: %s", + strerror(errno)); + dlog(LOG_ERR, "no ctnetlink kernel support?"); + return -1; + } + init_alarm(&STATE(overrun_alarm), NULL, do_overrun_alarm); STATE(fds) = create_fds(); |