summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-02-22 13:09:56 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2011-02-22 13:09:56 +0100
commit6d1b6c378b40dfb29490d397979df329e25089a3 (patch)
tree0f439836edac2a4e42c6bdad01311fc82f5719d4
parentbe4fb61b6e85a218879adda4e41abec8909d5653 (diff)
src: deprecate low level API
This patch deprecates the low level API. This API is not currently used by any known clients (at least, at a quick glance at google). These functions are a problem if we plan to port libnetfilter_conntrack upon libmnl since they contain specific libnfnetlink bits. I have also added __build_query_[ct|exp] to avoid compilation warnings. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h18
-rw-r--r--src/conntrack/api.c92
-rw-r--r--src/expect/api.c70
3 files changed, 101 insertions, 79 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 5fe2bc7..011e344 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -472,18 +472,21 @@ extern int nfct_filter_detach(int fd);
/* low level API: netlink functions */
-extern int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
+extern __attribute__((deprecated)) int
+nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
void *req,
size_t size,
u_int16_t type,
u_int16_t flags,
const struct nf_conntrack *ct);
-extern int nfct_parse_conntrack(enum nf_conntrack_msg_type msg,
+extern __attribute__((deprecated))
+int nfct_parse_conntrack(enum nf_conntrack_msg_type msg,
const struct nlmsghdr *nlh,
struct nf_conntrack *ct);
-extern int nfct_build_query(struct nfnl_subsys_handle *ssh,
+extern __attribute__((deprecated))
+int nfct_build_query(struct nfnl_subsys_handle *ssh,
const enum nf_conntrack_query query,
const void *data,
void *req,
@@ -596,18 +599,21 @@ extern int nfexp_snprintf(char *buf,
extern int nfexp_catch(struct nfct_handle *h);
/* low level API */
-extern int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
+extern __attribute__((deprecated))
+int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
void *req,
size_t size,
u_int16_t type,
u_int16_t flags,
const struct nf_expect *exp);
-extern int nfexp_parse_expect(enum nf_conntrack_msg_type type,
+extern __attribute__((deprecated))
+int nfexp_parse_expect(enum nf_conntrack_msg_type type,
const struct nlmsghdr *nlh,
struct nf_expect *exp);
-extern int nfexp_build_query(struct nfnl_subsys_handle *ssh,
+extern __attribute__((deprecated))
+int nfexp_build_query(struct nfnl_subsys_handle *ssh,
const enum nf_conntrack_query qt,
const void *data,
void *buffer,
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index c0d3deb..a6f1089 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -725,6 +725,53 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
return __build_conntrack(ssh, req, size, type, flags, ct);
}
+static int
+__build_query_ct(struct nfnl_subsys_handle *ssh,
+ const enum nf_conntrack_query qt,
+ const void *data, void *buffer, unsigned int size)
+{
+ struct nfnlhdr *req = buffer;
+ const u_int32_t *family = data;
+
+ assert(ssh != NULL);
+ assert(data != NULL);
+ assert(req != NULL);
+
+ memset(req, 0, size);
+
+ switch(qt) {
+ case NFCT_Q_CREATE:
+ __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL, data);
+ break;
+ case NFCT_Q_UPDATE:
+ __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_ACK, data);
+ break;
+ case NFCT_Q_DESTROY:
+ __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST|NLM_F_ACK, data);
+ break;
+ case NFCT_Q_GET:
+ __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_ACK, data);
+ break;
+ case NFCT_Q_FLUSH:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST|NLM_F_ACK);
+ break;
+ case NFCT_Q_DUMP:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_DUMP);
+ break;
+ case NFCT_Q_DUMP_RESET:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_REQUEST|NLM_F_DUMP);
+ break;
+ case NFCT_Q_CREATE_UPDATE:
+ __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK, data);
+ break;
+
+ default:
+ errno = ENOTSUP;
+ return -1;
+ }
+ return 1;
+}
+
/**
* nfct_build_query - build a query in netlink message format for ctnetlink
* \param ssh nfnetlink subsystem handler
@@ -765,46 +812,7 @@ int nfct_build_query(struct nfnl_subsys_handle *ssh,
void *buffer,
unsigned int size)
{
- struct nfnlhdr *req = buffer;
- const u_int32_t *family = data;
-
- assert(ssh != NULL);
- assert(data != NULL);
- assert(req != NULL);
-
- memset(req, 0, size);
-
- switch(qt) {
- case NFCT_Q_CREATE:
- nfct_build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL, data);
- break;
- case NFCT_Q_UPDATE:
- nfct_build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_ACK, data);
- break;
- case NFCT_Q_DESTROY:
- nfct_build_conntrack(ssh, req, size, IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST|NLM_F_ACK, data);
- break;
- case NFCT_Q_GET:
- nfct_build_conntrack(ssh, req, size, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_ACK, data);
- break;
- case NFCT_Q_FLUSH:
- nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST|NLM_F_ACK);
- break;
- case NFCT_Q_DUMP:
- nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_DUMP);
- break;
- case NFCT_Q_DUMP_RESET:
- nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_REQUEST|NLM_F_DUMP);
- break;
- case NFCT_Q_CREATE_UPDATE:
- nfct_build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK, data);
- break;
-
- default:
- errno = ENOTSUP;
- return -1;
- }
- return 1;
+ return __build_query_ct(ssh, qt, data, buffer, size);
}
/**
@@ -891,7 +899,7 @@ int nfct_query(struct nfct_handle *h,
assert(h != NULL);
assert(data != NULL);
- if (nfct_build_query(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
+ if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
return -1;
return nfnl_query(h->nfnlh, &u.req.nlh);
@@ -923,7 +931,7 @@ int nfct_send(struct nfct_handle *h,
assert(h != NULL);
assert(data != NULL);
- if (nfct_build_query(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
+ if (__build_query_ct(h->nfnlssh_ct, qt, data, &u.req, size) == -1)
return -1;
return nfnl_send(h->nfnlh, &u.req.nlh);
diff --git a/src/expect/api.c b/src/expect/api.c
index 35aaac9..2daa15a 100644
--- a/src/expect/api.c
+++ b/src/expect/api.c
@@ -479,6 +479,43 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
return __build_expect(ssh, req, size, type, flags, exp);
}
+static int
+__build_query_exp(struct nfnl_subsys_handle *ssh,
+ const enum nf_conntrack_query qt,
+ const void *data, void *buffer, unsigned int size)
+{
+ struct nfnlhdr *req = buffer;
+ const u_int8_t *family = data;
+
+ assert(ssh != NULL);
+ assert(data != NULL);
+ assert(req != NULL);
+
+ memset(req, 0, size);
+
+ switch(qt) {
+ case NFCT_Q_CREATE:
+ __build_expect(ssh, req, size, IPCTNL_MSG_EXP_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL, data);
+ break;
+ case NFCT_Q_GET:
+ __build_expect(ssh, req, size, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_ACK, data);
+ break;
+ case NFCT_Q_DESTROY:
+ __build_expect(ssh, req, size, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK, data);
+ break;
+ case NFCT_Q_FLUSH:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK);
+ break;
+ case NFCT_Q_DUMP:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_DUMP);
+ break;
+ default:
+ errno = ENOTSUP;
+ return -1;
+ }
+ return 1;
+}
+
/**
* nfexp_build_query - build a query in netlink message format for ctnetlink
* \param ssh nfnetlink subsystem handler
@@ -515,36 +552,7 @@ int nfexp_build_query(struct nfnl_subsys_handle *ssh,
void *buffer,
unsigned int size)
{
- struct nfnlhdr *req = buffer;
- const u_int8_t *family = data;
-
- assert(ssh != NULL);
- assert(data != NULL);
- assert(req != NULL);
-
- memset(req, 0, size);
-
- switch(qt) {
- case NFCT_Q_CREATE:
- nfexp_build_expect(ssh, req, size, IPCTNL_MSG_EXP_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL, data);
- break;
- case NFCT_Q_GET:
- nfexp_build_expect(ssh, req, size, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_ACK, data);
- break;
- case NFCT_Q_DESTROY:
- nfexp_build_expect(ssh, req, size, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK, data);
- break;
- case NFCT_Q_FLUSH:
- nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK);
- break;
- case NFCT_Q_DUMP:
- nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_DUMP);
- break;
- default:
- errno = ENOTSUP;
- return -1;
- }
- return 1;
+ return __build_query_exp(ssh, qt, data, buffer, size);
}
/**
@@ -631,7 +639,7 @@ int nfexp_query(struct nfct_handle *h,
assert(h != NULL);
assert(data != NULL);
- if (nfexp_build_query(h->nfnlssh_exp, qt, data, &u.req, size) == -1)
+ if (__build_query_exp(h->nfnlssh_exp, qt, data, &u.req, size) == -1)
return -1;
return nfnl_query(h->nfnlh, &u.req.nlh);