summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-03-15 13:12:02 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2021-03-15 17:42:35 +0100
commit90104da9632e80f14bdde7ca5545405a0145c8d9 (patch)
tree552ec409f141b770f507869186a85feb5040d278
parente03843d6d37340102d9f7c9abc86082d16f6b7d0 (diff)
conntrack: pass cmd to nfct_filter()
Pass the command object to the userspace filter routine. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/conntrack.c19
1 files changed, 9 insertions, 10 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index 31630eb..79053b7 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1640,9 +1640,11 @@ filter_network(const struct nf_conntrack *ct)
}
static int
-nfct_filter(struct nf_conntrack *obj, struct nf_conntrack *ct,
+nfct_filter(struct ct_cmd *cmd, struct nf_conntrack *ct,
const struct ct_tmpl *tmpl)
{
+ struct nf_conntrack *obj = cmd->tmpl.ct;
+
if (filter_nat(obj, ct) ||
filter_mark(ct, tmpl) ||
filter_label(ct, tmpl) ||
@@ -1854,9 +1856,8 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
{
struct nfgenmsg *nfh = mnl_nlmsg_get_payload(nlh);
unsigned int op_type = NFCT_O_DEFAULT;
- struct ct_cmd *cmd = data;
- struct nf_conntrack *obj = cmd->tmpl.ct;
enum nf_conntrack_msg_type type;
+ struct ct_cmd *cmd = data;
unsigned int op_flags = 0;
struct nf_conntrack *ct;
char buf[1024];
@@ -1886,7 +1887,7 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
if ((filter_family != AF_UNSPEC &&
filter_family != nfh->nfgen_family) ||
- nfct_filter(obj, ct, cur_tmpl))
+ nfct_filter(cmd, ct, cur_tmpl))
goto out;
if (output_mask & _O_SAVE) {
@@ -1941,13 +1942,12 @@ static int dump_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
{
- struct ct_cmd *cmd = data;
- struct nf_conntrack *obj = cmd->tmpl.ct;
unsigned int op_type = NFCT_O_DEFAULT;
unsigned int op_flags = 0;
+ struct ct_cmd *cmd = data;
char buf[1024];
- if (nfct_filter(obj, ct, cur_tmpl))
+ if (nfct_filter(cmd, ct, cur_tmpl))
return NFCT_CB_CONTINUE;
if (output_mask & _O_SAVE) {
@@ -1983,14 +1983,13 @@ static int delete_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
{
- struct ct_cmd *cmd = data;
- struct nf_conntrack *obj = cmd->tmpl.ct;
unsigned int op_type = NFCT_O_DEFAULT;
unsigned int op_flags = 0;
+ struct ct_cmd *cmd = data;
char buf[1024];
int res;
- if (nfct_filter(obj, ct, cur_tmpl))
+ if (nfct_filter(cmd, ct, cur_tmpl))
return NFCT_CB_CONTINUE;
res = nfct_query(ith, NFCT_Q_DESTROY, ct);