diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-03 18:29:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-03 18:43:57 +0200 |
commit | 33ba110cc1a12dfe082384d96843cc5fe564cf64 (patch) | |
tree | 7723bc0641d32a1685319824067ad8be2f9b7442 | |
parent | f014449186ec653dfe205d57c1b019ae5c248eea (diff) |
conntrack: api: use libmnl API to build the netlink headers
Replace libnfnetlink's nfnl_fill_hdr() by more modern libmnl code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/conntrack/api.c | 33 | ||||
-rw-r--r-- | src/expect/api.c | 25 |
2 files changed, 51 insertions, 7 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 3a1746e..ffa5216 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -782,6 +782,24 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh, return __build_conntrack(ssh, req, size, type, flags, ct); } +static void nfct_fill_hdr(struct nfnlhdr *req, uint16_t type, uint16_t flags, + uint8_t l3num, uint8_t version) +{ + char *buf = (char *)&req->nlh; + struct nlmsghdr *nlh; + struct nfgenmsg *nfh; + + nlh = mnl_nlmsg_put_header(buf); + nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type; + nlh->nlmsg_flags = NLM_F_REQUEST | flags; + nlh->nlmsg_seq = 0; + + nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); + nfh->nfgen_family = l3num; + nfh->version = version; + nfh->res_id = 0; +} + static int __build_query_ct(struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, @@ -810,23 +828,28 @@ __build_query_ct(struct nfnl_subsys_handle *ssh, __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_ACK, data); break; case NFCT_Q_FLUSH: - nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_DELETE, NLM_F_REQUEST|NLM_F_ACK); + nfct_fill_hdr(req, IPCTNL_MSG_CT_DELETE, NLM_F_ACK, *family, + NFNETLINK_V0); break; case NFCT_Q_DUMP: - nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_DUMP); + nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, *family, + NFNETLINK_V0); break; case NFCT_Q_DUMP_RESET: - nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_REQUEST|NLM_F_DUMP); + nfct_fill_hdr(req, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_DUMP, + *family, NFNETLINK_V0); break; case NFCT_Q_CREATE_UPDATE: __build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK, data); break; case NFCT_Q_DUMP_FILTER: - nfnl_fill_hdr(ssh, &req->nlh, 0, AF_UNSPEC, 0, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_DUMP); + nfct_fill_hdr(req, IPCTNL_MSG_CT_GET, NLM_F_DUMP, AF_UNSPEC, + NFNETLINK_V0); __build_filter_dump(req, size, data); break; case NFCT_Q_DUMP_FILTER_RESET: - nfnl_fill_hdr(ssh, &req->nlh, 0, AF_UNSPEC, 0, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_REQUEST|NLM_F_DUMP); + nfct_fill_hdr(req, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_DUMP, + AF_UNSPEC, NFNETLINK_V0); __build_filter_dump(req, size, data); break; default: diff --git a/src/expect/api.c b/src/expect/api.c index b50a47f..33099d8 100644 --- a/src/expect/api.c +++ b/src/expect/api.c @@ -11,6 +11,7 @@ #include <string.h> /* for memset */ #include <errno.h> #include <assert.h> +#include <libmnl/libmnl.h> #include "internal/internal.h" @@ -515,6 +516,24 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh, return __build_expect(ssh, req, size, type, flags, exp); } +static void nfexp_fill_hdr(struct nfnlhdr *req, uint16_t type, uint16_t flags, + uint8_t l3num, uint8_t version) +{ + char *buf = (char *)&req->nlh; + struct nlmsghdr *nlh; + struct nfgenmsg *nfh; + + nlh = mnl_nlmsg_put_header(buf); + nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type; + nlh->nlmsg_flags = NLM_F_REQUEST | flags; + nlh->nlmsg_seq = 0; + + nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); + nfh->nfgen_family = l3num; + nfh->version = version; + nfh->res_id = 0; +} + static int __build_query_exp(struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, @@ -543,10 +562,12 @@ __build_query_exp(struct nfnl_subsys_handle *ssh, __build_expect(ssh, req, size, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK, data); break; case NFCT_Q_FLUSH: - nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_DELETE, NLM_F_REQUEST|NLM_F_ACK); + nfexp_fill_hdr(req, IPCTNL_MSG_EXP_DELETE, NLM_F_ACK, *family, + NFNETLINK_V0); break; case NFCT_Q_DUMP: - nfnl_fill_hdr(ssh, &req->nlh, 0, *family, 0, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_DUMP); + nfexp_fill_hdr(req, IPCTNL_MSG_EXP_GET, NLM_F_DUMP, *family, + NFNETLINK_V0); break; default: errno = ENOTSUP; |