From 4db878d6f81fd64029c48003f4e1ae57069a7c65 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Tue, 1 May 2007 18:30:03 +0000 Subject: introduce the new expectation API --- include/internal.h | 29 ++++++++ .../libnetfilter_conntrack.h | 83 ++++++++++++++++++++++ 2 files changed, 112 insertions(+) (limited to 'include') diff --git a/include/internal.h b/include/internal.h index 78020f3..a51e8b2 100644 --- a/include/internal.h +++ b/include/internal.h @@ -50,6 +50,9 @@ struct nfct_handle { int(*cb)(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data); + int(*expect_cb)(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data); }; union __nfct_l4 { @@ -122,6 +125,17 @@ struct nf_conntrack { u_int32_t set[2]; }; +struct nf_expect { + struct nf_conntrack master; + struct nf_conntrack expected; + struct nf_conntrack mask; + u_int32_t timeout; + u_int32_t id; + u_int16_t expectfn_queue_id; + + u_int32_t set[1]; +}; + /* container used to pass data to nfnl callbacks */ struct __data_container { struct nfct_handle *h; @@ -145,9 +159,13 @@ static inline int test_bit(int nr, const u_int32_t *addr) } int __build_conntrack(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_conntrack *ct); +void __build_tuple(struct nfnlhdr *req, size_t size, const struct __nfct_tuple *t, const int type); int __parse_message_type(const struct nlmsghdr *nlh); void __parse_conntrack(const struct nlmsghdr *nlh, const struct nfattr *cda[], struct nf_conntrack *ct); +void __parse_tuple(const struct nfattr *attr, struct __nfct_tuple *tuple, int dir, u_int32_t *set); int __snprintf_conntrack(char *buf, unsigned int len, const struct nf_conntrack *ct, unsigned int type, unsigned int msg_output, unsigned int flags); +int __snprintf_address(char *buf, unsigned int len, const struct __nfct_tuple *tuple); +int __snprintf_protocol(char *buf, unsigned int len, const struct nf_conntrack *ct); int __snprintf_conntrack_default(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags); int __snprintf_conntrack_xml(char *buf, unsigned int len, const struct nf_conntrack *ct, const unsigned int msg_type, const unsigned int flags); @@ -158,4 +176,15 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option); int __getobjopt(const struct nf_conntrack *ct, unsigned int option); int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2); +typedef void (*set_exp_attr)(struct nf_expect *exp, const void *value); +typedef const void *(*get_exp_attr)(const struct nf_expect *exp); + +extern set_exp_attr set_exp_attr_array[]; +extern get_exp_attr get_exp_attr_array[]; + +int __build_expect(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_expect *exp); +int __parse_expect_message_type(const struct nlmsghdr *nlh); +void __parse_expect(const struct nlmsghdr *nlh, const struct nfattr *cda[], struct nf_expect *exp); +int __expect_callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); + #endif diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index e35e626..3beeef6 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -559,6 +559,89 @@ extern int nfct_build_query(struct nfnl_subsys_handle *ssh, void *req, unsigned int size); +/* expectation object */ +struct nf_expect; + +/* expect attributes */ +enum nf_expect_attr { + ATTR_EXP_MASTER = 0, /* pointer to conntrack object */ + ATTR_EXP_EXPECTED, /* pointer to conntrack object */ + ATTR_EXP_MASK, /* pointer to conntrack object */ + ATTR_EXP_TIMEOUT, /* u32 bits */ + ATTR_EXP_MAX +}; + +/* constructor / destructor */ +extern struct nf_expect *nfexp_new(void); +extern void nfexp_destroy(struct nf_expect *exp); + +/* clone */ +extern struct nf_expect *nfexp_clone(const struct nf_expect *exp); + +/* register / unregister callback */ + +extern int nfexp_callback_register(struct nfct_handle *h, + enum nf_conntrack_msg_type type, + int (*cb)(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data), + void *data); + +extern void nfexp_callback_unregister(struct nfct_handle *h); + +/* setter */ +extern void nfexp_set_attr(struct nf_expect *exp, + const enum nf_expect_attr type, + const void *value); + +extern void nfexp_set_attr_u8(struct nf_expect *exp, + const enum nf_expect_attr type, + u_int8_t value); + +extern void nfexp_set_attr_u16(struct nf_expect *exp, + const enum nf_expect_attr type, + u_int16_t value); + +extern void nfexp_set_attr_u32(struct nf_expect *exp, + const enum nf_expect_attr type, + u_int32_t value); + +/* getter */ +extern const void *nfexp_get_attr(const struct nf_expect *exp, + const enum nf_expect_attr type); + +extern u_int8_t nfexp_get_attr_u8(const struct nf_expect *exp, + const enum nf_expect_attr type); + +extern u_int16_t nfexp_get_attr_u16(const struct nf_expect *exp, + const enum nf_expect_attr type); + +extern u_int32_t nfexp_get_attr_u32(const struct nf_expect *exp, + const enum nf_expect_attr type); + +/* checker */ +extern int nfexp_attr_is_set(const struct nf_expect *exp, + const enum nf_expect_attr type); + +/* unsetter */ +extern int nfexp_attr_unset(struct nf_expect *exp, + const enum nf_expect_attr type); + +/* query */ +extern int nfexp_query(struct nfct_handle *h, + const enum nf_conntrack_query qt, + const void *data); + +/* print */ +extern int nfexp_snprintf(char *buf, + unsigned int size, + const struct nf_expect *exp, + const unsigned int msg_type, + const unsigned int out_type, + const unsigned int out_flags); + +extern int nfexp_catch(struct nfct_handle *h); + #ifdef __cplusplus } #endif -- cgit v1.2.3