From 838b8d1644e4a31b5e515e9eddf69fb844aeafc2 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Wed, 9 Nov 2005 20:24:59 +0000 Subject: o nfct_build_conntrack is too much, the only clients are new_conntrack and update_conntrack, and it doesn't even fit well for both cases. So I decided to kill it and inline the code adapting it when was necessary. o Convert all unsigned int/long to POSIX types u_int32_t. Better now than later :(. --- .../libnetfilter_conntrack.h | 34 +++--- src/libnetfilter_conntrack.c | 120 ++++++++++++--------- 2 files changed, 84 insertions(+), 70 deletions(-) diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index d52c381..db83cf0 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -89,11 +89,11 @@ struct nfct_nat { struct nfct_conntrack { struct nfct_tuple tuple[NFCT_DIR_MAX]; - unsigned long timeout; - unsigned long mark; - unsigned int status; - unsigned int use; - unsigned int id; + u_int32_t timeout; + u_int32_t mark; + u_int32_t status; + u_int32_t use; + u_int32_t id; union nfct_protoinfo protoinfo; struct nfct_counters counters[NFCT_DIR_MAX]; @@ -104,8 +104,8 @@ struct nfct_expect { struct nfct_tuple master; struct nfct_tuple tuple; struct nfct_tuple mask; - unsigned long timeout; - unsigned int id; + u_int32_t timeout; + u_int32_t id; }; @@ -202,9 +202,9 @@ typedef int (*nfct_callback)(void *arg, unsigned int flags, int, void *data); */ extern struct nfct_conntrack * nfct_conntrack_alloc(struct nfct_tuple *orig, struct nfct_tuple *reply, - unsigned long timeout, union nfct_protoinfo *proto, - unsigned int status, unsigned long mark, - unsigned int id, struct nfct_nat *range); + u_int32_t timeout, union nfct_protoinfo *proto, + u_int32_t status, u_int32_t mark, + u_int32_t id, struct nfct_nat *range); extern void nfct_conntrack_free(struct nfct_conntrack *ct); /* @@ -212,8 +212,8 @@ extern void nfct_conntrack_free(struct nfct_conntrack *ct); */ extern struct nfct_expect * nfct_expect_alloc(struct nfct_tuple *master, struct nfct_tuple *tuple, - struct nfct_tuple *mask, unsigned long timeout, - unsigned int id); + struct nfct_tuple *mask, u_int32_t timeout, + u_int32_t id); extern void nfct_expect_free(struct nfct_expect *exp); /* @@ -248,10 +248,10 @@ extern int nfct_update_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct); extern int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, int dir, - unsigned int id); + u_int32_t id); extern int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, int dir, - unsigned int id); + u_int32_t id); /* * Conntrack table dumping & zeroing */ @@ -280,7 +280,7 @@ extern int nfct_sprintf_status_seen_reply(char *buf, struct nfct_conntrack *ct); extern int nfct_sprintf_counters(char *buf, struct nfct_conntrack *ct, int dir); extern int nfct_sprintf_mark(char *buf, struct nfct_conntrack *ct); extern int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct); -extern int nfct_sprintf_id(char *buf, unsigned int id); +extern int nfct_sprintf_id(char *buf, u_int32_t id); /* * Expectations @@ -289,10 +289,10 @@ extern int nfct_dump_expect_list(struct nfct_handle *cth); extern int nfct_flush_conntrack_table(struct nfct_handle *cth); extern int nfct_get_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple, - unsigned int id); + u_int32_t id); extern int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *); extern int nfct_delete_expectation(struct nfct_handle *cth, - struct nfct_tuple *tuple, unsigned int id); + struct nfct_tuple *tuple, u_int32_t id); extern int nfct_event_expectation(struct nfct_handle *cth); extern int nfct_flush_expectation_table(struct nfct_handle *cth); diff --git a/src/libnetfilter_conntrack.c b/src/libnetfilter_conntrack.c index 057b24d..e207a7f 100644 --- a/src/libnetfilter_conntrack.c +++ b/src/libnetfilter_conntrack.c @@ -236,37 +236,6 @@ static void nfct_build_nat(struct nfnlhdr *req, int size, nfnl_nest_end(&req->nlh, nest); } -static void nfct_build_conntrack(struct nfnlhdr *req, int size, - struct nfct_conntrack *ct) -{ - unsigned int status = htonl(ct->status); - unsigned long timeout = htonl(ct->timeout); - unsigned int id = htonl(ct->id); - unsigned int mark = htonl(ct->mark); - - nfct_build_tuple(req, size, &ct->tuple[NFCT_DIR_ORIGINAL], - CTA_TUPLE_ORIG); - nfct_build_tuple(req, size, &ct->tuple[NFCT_DIR_REPLY], - CTA_TUPLE_REPLY); - - nfnl_addattr_l(&req->nlh, size, CTA_STATUS, &status, - sizeof(unsigned int)); - nfnl_addattr_l(&req->nlh, size, CTA_TIMEOUT, &timeout, - sizeof(unsigned long)); - - if (ct->mark != 0) - nfnl_addattr_l(&req->nlh, size, CTA_MARK, &mark, - sizeof(unsigned int)); - - if (ct->id != NFCT_ANY_ID) - nfnl_addattr_l(&req->nlh, size, CTA_ID, &id, - sizeof(unsigned int)); - - nfct_build_protoinfo(req, size, ct); - if (ct->nat.min_ip != 0) - nfct_build_nat(req, size, ct); -} - void nfct_dump_tuple(struct nfct_tuple *tp) { struct in_addr src = { .s_addr = tp->src.v4 }; @@ -512,7 +481,7 @@ int nfct_sprintf_protocol(char *buf, struct nfct_conntrack *ct) int nfct_sprintf_timeout(char *buf, struct nfct_conntrack *ct) { - return sprintf(buf, "%lu ", ct->timeout); + return sprintf(buf, "%u ", ct->timeout); } int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct) @@ -560,7 +529,7 @@ int nfct_sprintf_counters(char *buf, struct nfct_conntrack *ct, int dir) int nfct_sprintf_mark(char *buf, struct nfct_conntrack *ct) { - return (sprintf(buf, "mark=%lu ", ct->mark)); + return (sprintf(buf, "mark=%u ", ct->mark)); } int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct) @@ -568,7 +537,7 @@ int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct) return (sprintf(buf, "use=%u ", ct->use)); } -int nfct_sprintf_id(char *buf, unsigned int id) +int nfct_sprintf_id(char *buf, u_int32_t id) { return (sprintf(buf, "id=%u ", id)); } @@ -660,8 +629,8 @@ int nfct_default_conntrack_display_id(void *arg, unsigned int flags, int type, int nfct_sprintf_expect_proto(char *buf, struct nfct_expect *exp) { - return(sprintf(buf, "%ld proto=%d ", exp->timeout, - exp->tuple.protonum)); + return(sprintf(buf, "%u proto=%d ", exp->timeout, + exp->tuple.protonum)); } int nfct_sprintf_expect(char *buf, struct nfct_expect *exp) @@ -748,7 +717,7 @@ static int nfct_expect_netlink_handler(struct nfct_handle *cth, parse_tuple(cda[CTA_EXPECT_MASK-1], &exp.mask); if (cda[CTA_EXPECT_TIMEOUT-1]) - exp.timeout = ntohl(*(unsigned long *) + exp.timeout = ntohl(*(u_int32_t *) NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1])); if (cda[CTA_EXPECT_ID-1]) @@ -764,9 +733,9 @@ static int nfct_expect_netlink_handler(struct nfct_handle *cth, struct nfct_conntrack * nfct_conntrack_alloc(struct nfct_tuple *orig, struct nfct_tuple *reply, - unsigned long timeout, union nfct_protoinfo *proto, - unsigned int status, unsigned long mark, - unsigned int id, struct nfct_nat *range) + u_int32_t timeout, union nfct_protoinfo *proto, + u_int32_t status, u_int32_t mark, + u_int32_t id, struct nfct_nat *range) { struct nfct_conntrack *ct; @@ -798,6 +767,9 @@ int nfct_create_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct) { struct nfnlhdr *req; char buf[NFCT_BUFSIZE]; + u_int32_t status = htonl(ct->status | IPS_CONFIRMED); + u_int32_t timeout = htonl(ct->timeout); + u_int32_t mark = htonl(ct->mark); req = (void *) buf; @@ -806,7 +778,24 @@ int nfct_create_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct) nfnl_fill_hdr(&cth->nfnlh, &req->nlh, 0, AF_INET, 0, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL); - nfct_build_conntrack(req, sizeof(buf), ct); + nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_ORIGINAL], + CTA_TUPLE_ORIG); + nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_REPLY], + CTA_TUPLE_REPLY); + + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_STATUS, &status, + sizeof(u_int32_t)); + + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout, + sizeof(u_int32_t)); + + if (ct->mark != 0) + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark, + sizeof(u_int32_t)); + + nfct_build_protoinfo(req, sizeof(buf), ct); + if (ct->nat.min_ip != 0) + nfct_build_nat(req, sizeof(buf), ct); return nfnl_talk(&cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL); } @@ -816,6 +805,10 @@ int nfct_update_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct) struct nfnlhdr *req; char buf[NFCT_BUFSIZE]; int err; + u_int32_t status = htonl(ct->status | IPS_CONFIRMED); + u_int32_t timeout = htonl(ct->timeout); + u_int32_t id = htonl(ct->id); + u_int32_t mark = htonl(ct->mark); req = (void *) &buf; memset(&buf, 0, sizeof(buf)); @@ -823,7 +816,28 @@ int nfct_update_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct) nfnl_fill_hdr(&cth->nfnlh, &req->nlh, 0, AF_INET, 0, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_ACK); - nfct_build_conntrack(req, sizeof(buf), ct); + nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_ORIGINAL], + CTA_TUPLE_ORIG); + nfct_build_tuple(req, sizeof(buf), &ct->tuple[NFCT_DIR_REPLY], + CTA_TUPLE_REPLY); + + if (ct->status != 0) + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_STATUS, &status, + sizeof(u_int32_t)); + + if (ct->timeout != 0) + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout, + sizeof(u_int32_t)); + + if (ct->mark != 0) + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark, + sizeof(u_int32_t)); + + if (ct->id != NFCT_ANY_ID) + nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, + sizeof(u_int32_t)); + + nfct_build_protoinfo(req, sizeof(buf), ct); err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) @@ -833,7 +847,7 @@ int nfct_update_conntrack(struct nfct_handle *cth, struct nfct_conntrack *ct) } int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, - int dir, unsigned int id) + int dir, u_int32_t id) { struct nfnlhdr *req; char buf[NFCT_BUFSIZE]; @@ -851,14 +865,14 @@ int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, if (id != NFCT_ANY_ID) { id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, - sizeof(unsigned int)); + sizeof(u_int32_t)); } return nfnl_talk(&cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL); } int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, - int dir, unsigned int id) + int dir, u_int32_t id) { int err; struct nfnlhdr *req; @@ -879,7 +893,7 @@ int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, if (id != NFCT_ANY_ID) { id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, - sizeof(unsigned int)); + sizeof(u_int32_t)); } err = nfnl_send(&cth->nfnlh, &req->nlh); @@ -970,7 +984,7 @@ int nfct_flush_conntrack_table(struct nfct_handle *cth) } int nfct_get_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple, - unsigned int id) + u_int32_t id) { int err; struct nfnlhdr *req; @@ -987,7 +1001,7 @@ int nfct_get_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple, if (id != NFCT_ANY_ID) nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_ID, &id, - sizeof(unsigned int)); + sizeof(u_int32_t)); err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) @@ -998,8 +1012,8 @@ int nfct_get_expectation(struct nfct_handle *cth, struct nfct_tuple *tuple, struct nfct_expect * nfct_expect_alloc(struct nfct_tuple *master, struct nfct_tuple *tuple, - struct nfct_tuple *mask, unsigned long timeout, - unsigned int id) + struct nfct_tuple *mask, u_int32_t timeout, + u_int32_t id) { struct nfct_expect *exp; @@ -1040,7 +1054,7 @@ int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *exp) nfct_build_tuple(req, sizeof(buf), &exp->mask, CTA_EXPECT_MASK); nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_TIMEOUT, - &exp->timeout, sizeof(unsigned long)); + &exp->timeout, sizeof(u_int32_t)); err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) @@ -1050,7 +1064,7 @@ int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *exp) } int nfct_delete_expectation(struct nfct_handle *cth,struct nfct_tuple *tuple, - unsigned int id) + u_int32_t id) { int err; struct nfnlhdr *req; @@ -1067,7 +1081,7 @@ int nfct_delete_expectation(struct nfct_handle *cth,struct nfct_tuple *tuple, if (id != NFCT_ANY_ID) nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_EXPECT_ID, &id, - sizeof(unsigned int)); + sizeof(u_int32_t)); err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) -- cgit v1.2.3