From a4f4647b4b7f32f2d1caab98544802c8cdd7b4d6 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 7 Aug 2008 14:52:41 +0200
Subject: netlink: add getter and check existence functions

This patch adds nl_get_conntrack and it changes the behaviour of
nl_exist_conntrack. Now, nl_get_conntrack requests the kernel for
a conntrack and updates the cached entry. On the other hand,
nl_exist_conntrack only inquiries for the existence of the
entry.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink.c | 25 +++++++++++++++++++++++--
 src/run.c     |  8 ++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/netlink.c b/src/netlink.c
index a8a5503..0d9b7db 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -214,6 +214,16 @@ int nl_init_overrun_handler(void)
 	return 0;
 }
 
+/* no callback, it does not do anything with the output */
+int nl_init_request_handler(void)
+{
+	STATE(request) = nfct_open(CONNTRACK, 0);
+	if (!STATE(request))
+		return -1;
+
+	return 0;
+}
+
 static int warned = 0;
 
 void nl_resize_socket_buffer(struct nfct_handle *h)
@@ -257,7 +267,7 @@ int nl_overrun_request_resync(void)
 	return nfct_send(STATE(overrun), NFCT_Q_DUMP, &family);
 }
 
-int nl_exist_conntrack(struct nf_conntrack *ct)
+static int __nl_get_conntrack(struct nfct_handle *h, struct nf_conntrack *ct)
 {
 	int ret;
 	char __tmp[nfct_maxsize()];
@@ -268,13 +278,24 @@ int nl_exist_conntrack(struct nf_conntrack *ct)
 	/* use the original tuple to check if it is there */
 	nfct_copy(tmp, ct, NFCT_CP_ORIG);
 
-	ret = nfct_query(STATE(dump), NFCT_Q_GET, tmp);
+	ret = nfct_query(h, NFCT_Q_GET, tmp);
 	if (ret == -1)
 		return errno == ENOENT ? 0 : -1;
 
 	return 1;
 }
 
+int nl_exist_conntrack(struct nf_conntrack *ct)
+{
+	return __nl_get_conntrack(STATE(request), ct);
+}
+
+/* get the conntrack and update the cache */
+int nl_get_conntrack(struct nf_conntrack *ct)
+{
+	return __nl_get_conntrack(STATE(dump), ct);
+}
+
 /* This function modifies the conntrack passed as argument! */
 int nl_create_conntrack(struct nf_conntrack *ct)
 {
diff --git a/src/run.c b/src/run.c
index cf570d8..b7da18c 100644
--- a/src/run.c
+++ b/src/run.c
@@ -38,6 +38,7 @@ void killer(int foo)
 	sigprocmask(SIG_BLOCK, &STATE(block), NULL);
 
 	nfct_close(STATE(event));
+	nfct_close(STATE(request));
 
 	ct_filter_destroy(STATE(us_filter));
 	local_server_destroy(&STATE(local));
@@ -144,6 +145,13 @@ init(void)
 		return -1;
 	}
 
+	if (nl_init_request_handler() == -1) {
+		dlog(LOG_ERR, "can't open netlink handler: %s",
+		     strerror(errno));
+		dlog(LOG_ERR, "no ctnetlink kernel support?");
+		return -1;
+	}
+
 	init_alarm(&STATE(overrun_alarm), NULL, do_overrun_alarm);
 
 	STATE(fds) = create_fds();
-- 
cgit v1.2.3