From 7107f4493e9a4a7fb92fe4133c8a108eef0a82f7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 2 Jul 2008 15:31:57 +0200
Subject: remove slip through change in conntrack_event.c

---
 utils/conntrack_events.c | 250 +----------------------------------------------
 1 file changed, 1 insertion(+), 249 deletions(-)

(limited to 'utils')

diff --git a/utils/conntrack_events.c b/utils/conntrack_events.c
index 747cbdd..4be5d48 100644
--- a/utils/conntrack_events.c
+++ b/utils/conntrack_events.c
@@ -2,237 +2,7 @@
 #include <stdlib.h>
 #include <errno.h>
 
-#include <string.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <linux/netfilter/nfnetlink_conntrack.h>
-#include <linux/netfilter/nf_conntrack_tcp.h>
-#include <linux/filter.h>
-
-#define SKF_AD_NLATTR	12
-
-#define FILTER_REJECT	0x0000
-#define FILTER_ACCEPT	0xFFFF
-
-static int sk_set_filter(int fd)
-{
-	struct sock_filter filt[] = {
-		{
-			/* A=sizeof(struct nlmsghdr)+sizeof(struct nfgenmsg) */
-			.code	= BPF_LD|BPF_IMM,
-			.k	= sizeof(struct nlmsghdr) + sizeof(struct nfgenmsg),
-		},
-		{
-			/* X = CTA_PROTOINFO */
-			.code	= BPF_LDX|BPF_IMM,
-			.k	= CTA_PROTOINFO,
-		},
-		{
-			/* A = netlink attribute offset */
-			.code	= BPF_LD|BPF_B|BPF_ABS,
-			.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-		},
-		{
-			/* Reject if not found (A == 0) */
-			.code	= BPF_JMP|BPF_JEQ|BPF_K,
-			.k	= 0,
-			.jt	= 20 - 3 - 1,
-		},
-
-		{
-			/* A += sizeof(struct nlattr) */
-			.code	= BPF_ALU|BPF_ADD|BPF_K,
-			.k	= sizeof(struct nlattr),
-		},
-		{
-			/* X = CTA_PROTOINFO_TCP */
-			.code	= BPF_LDX|BPF_IMM,
-			.k	= CTA_PROTOINFO_TCP,
-		},
-		{
-			/* A = netlink attribute offset */
-			.code	= BPF_LD|BPF_B|BPF_ABS,
-			.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-		},
-		{
-			/* Reject if not found (A == 0) */
-			.code	= BPF_JMP|BPF_JEQ|BPF_K,
-			.k	= 0,
-			.jt	= 20 - 7 - 1,
-		},
-
-		{
-			/* A += sizeof(struct nlattr) */
-			.code	= BPF_ALU|BPF_ADD|BPF_K,
-			.k	= sizeof(struct nlattr),
-		},
-		{
-			/* X = CTA_PROTOINFO_TCP_STATE */
-			.code	= BPF_LDX|BPF_IMM,
-			.k	= CTA_PROTOINFO_TCP_STATE,
-		},
-		{
-			/* A = netlink attribute offset */
-			.code	= BPF_LD|BPF_B|BPF_ABS,
-			.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-		},
-		{
-			/* Reject if not found (A == 0) */
-			.code	= BPF_JMP|BPF_JEQ|BPF_K,
-			.k	= 0,
-			.jt	= 20 - 11 - 1,
-		},
-
-		{
-			/* X = A */
-			.code	= BPF_MISC|BPF_TAX,
-		},
-		{
-			/* A = skb->data[X + k] */
-			.code	= BPF_LD|BPF_B|BPF_IND,
-			.k	= sizeof(struct nlattr),
-		},
-		{
-			/* Reject if A != TCA_CONNTRACK_ESTABLISHED */
-			.code	= BPF_JMP|BPF_JEQ|BPF_K,
-			.k	= TCP_CONNTRACK_ESTABLISHED,
-			.jt	= 20 - 14 - 1,
-		},
-
-		{
-			/* Reject */
-			.code	= BPF_RET|BPF_K,
-			.k	= 0,
-		},
-		[20]	= {
-			/* Accept */
-			.code	= BPF_RET|BPF_K,
-			.k	= 0xFFFF,
-		},
-	};
-	struct sock_fprog fprog = {
-		.len		= sizeof(filt) / sizeof(filt[0]),
-		.filter		= filt,
-	};
-
-	return setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
-			  &fprog, sizeof(fprog));
-}
-
-#define LABEL_REJECT	29
-#define LABEL_ACCEPT	30
-
-struct sock_filter filter[] = {
-	[0] = {
-		/* A = sizeof(struct nlmsghdr) + sizeof(struct nfgenmsg) */
-		.code	= BPF_LD|BPF_IMM,
-		.k	= sizeof(struct nlmsghdr) + sizeof(struct nfgenmsg),
-	},
-	[1] = {
-		/* X = CTA_PROTOINFO */
-		.code	= BPF_LDX|BPF_IMM,
-		.k	= CTA_PROTOINFO,
-	},
-	[2] = {
-		/* A = netlink attribute offset */
-		.code	= BPF_LD|BPF_B|BPF_ABS,
-		.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-	},
-	[3] = {
-		/* Reject if not found (A == 0) */
-		.code	= BPF_JMP|BPF_JEQ|BPF_K,
-		.k	= 0,
-		.jt	= LABEL_REJECT - 3 - 1,
-	},
-	[4] = {
-		/* A += sizeof(struct nlattr) */
-		.code	= BPF_ALU|BPF_ADD|BPF_K,
-		.k	= sizeof(struct nlattr),
-	},
-	[5] = {
-		/* X = CTA_PROTOINFO_TCP */
-		.code	= BPF_LDX|BPF_IMM,
-		.k	= CTA_PROTOINFO_TCP,
-	},
-	[6] = {
-		/* A = netlink attribute offset */
-		.code	= BPF_LD|BPF_B|BPF_ABS,
-		.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-	},
-	[7] = {
-		/* Reject if not found (A == 0) */
-		.code	= BPF_JMP|BPF_JEQ|BPF_K,
-		.k	= 0,
-		.jt	= LABEL_REJECT - 7 - 1,
-	},
-	[8] = {
-		/* A += sizeof(struct nlattr) */
-		.code	= BPF_ALU|BPF_ADD|BPF_K,
-		.k	= sizeof(struct nlattr),
-	},
-	[9] = {
-		/* X = CTA_PROTOINFO_TCP_STATE */
-		.code	= BPF_LDX|BPF_IMM,
-		.k	= CTA_PROTOINFO_TCP_STATE,
-	},
-	[10] = {
-		/* A = netlink attribute offset */
-		.code	= BPF_LD|BPF_B|BPF_ABS,
-		.k	= SKF_AD_OFF + SKF_AD_NLATTR,
-	},
-	[11] = {
-		/* Reject if not found (A == 0) */
-		.code	= BPF_JMP|BPF_JEQ|BPF_K,
-		.k	= 0,
-		.jt	= LABEL_REJECT - 11 - 1,
-	},
-	[12] = {
-		/* X = A */
-		.code	= BPF_MISC|BPF_TAX,
-	},
-	[13] = {
-		/* A = skb->data[X + k] */
-		.code	= BPF_LD|BPF_B|BPF_IND,
-		.k	= sizeof(struct nlattr),
-	},
-#define FILTER_LINE 	14
-	/* 
-	 *
-	 * We add TCP states matching code here
-	 *
-	 */
-	[LABEL_REJECT] = {
-		/* Reject */
-		.code	= BPF_RET|BPF_K,
-		.k	= FILTER_REJECT,
-	},
-	[LABEL_ACCEPT] = {
-		/* Accept */
-		.code	= BPF_RET|BPF_K,
-		.k	= FILTER_ACCEPT,
-	},
-};
-
-static void build_bsf_netlink(int *tcp_state_array, int len)
-{
-	struct sock_filter reject = {
-		/* Reject */
-		.code	= BPF_RET|BPF_K,
-		.k	= 0,
-	};
-	int i;
-
-	for (i=0; i<len; i++) {
-		struct sock_filter cmp = {
-			.code	= BPF_JMP|BPF_JEQ|BPF_K,
-			.k	= tcp_state_array[i],
-			.jt	= LABEL_ACCEPT - (i + FILTER_LINE) - 1,
-		};
-
-		memcpy(&filter[i+FILTER_LINE],&cmp,sizeof(struct sock_filter));
-	}
-
-//	memcpy(&filter[i+FILTER_LINE],&reject,sizeof(struct sock_filter));
-}
 
 static int event_cb(enum nf_conntrack_msg_type type,
 		    struct nf_conntrack *ct,
@@ -241,7 +11,7 @@ static int event_cb(enum nf_conntrack_msg_type type,
 	static int n = 0;
 	char buf[1024];
 
-	nfct_snprintf(buf, 1024, ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
+	nfct_snprintf(buf, 1024, ct, type, NFCT_O_XML, NFCT_OF_TIME);
 	printf("%s\n", buf);
 
 	if (++n == 10)
@@ -258,30 +28,12 @@ int main()
 	struct nf_conntrack *ct;
 	char buf[1024];
 
-	struct sock_fprog fprog = {
-		.len		= sizeof(filter) / sizeof(filter[0]),
-		.filter		= filter,
-	};
-
-	int i;
-	int state[] = { TCP_CONNTRACK_ESTABLISHED, 
-			TCP_CONNTRACK_FIN_WAIT };
-
-	build_bsf_netlink(state, sizeof(state)/sizeof(int));
-
 	h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
 	if (!h) {
 		perror("nfct_open");
 		return 0;
 	}
 
-	if (setsockopt(nfct_fd(h), SOL_SOCKET, SO_ATTACH_FILTER, 
-		       &fprog, sizeof(fprog)) < 0) {
-//	if (sk_set_filter(nfct_fd(h)) < 0) {
-		perror("setsockopt");
-		return -1;
-	}
-
 	nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
 
 	printf("TEST: waiting for 10 events...\n");
-- 
cgit v1.2.3