diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-08 23:05:39 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-09 14:00:55 +0100 |
| commit | dc454a657f57a5cf143fddc5c1dd87a510c1790a (patch) | |
| tree | bdf8c613a56d5b7661054bf4576c761e01d333c2 /include/helpers | |
| parent | 75b3c6a15178a44c6ccff68b79c2bc3a05f7aa28 (diff) | |
nfct: remove lazy binding
Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
daemon starts"), userspace conntrack helpers do not depend on a previous
invocation of nfct to set up the userspace helpers.
Move helper definitions to nfct-extensions/helper.c since existing
deployments might still invoke nfct, even if not required anymore.
This patch was motivated by the removal of the lazy binding.
Phil Sutter says:
"For security purposes, distributions might want to pass -Wl,-z,now
linker flags to all builds, thereby disabling lazy binding globally.
In the past, nfct relied upon lazy binding: It uses the helper objects'
parsing functions without but doesn't provide all symbols the objects
use."
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/helpers')
| -rw-r--r-- | include/helpers/Makefile.am | 1 | ||||
| -rw-r--r-- | include/helpers/ftp.h | 14 | ||||
| -rw-r--r-- | include/helpers/rpc.h | 15 | ||||
| -rw-r--r-- | include/helpers/sane.h | 13 | ||||
| -rw-r--r-- | include/helpers/tns.h | 9 |
5 files changed, 52 insertions, 0 deletions
diff --git a/include/helpers/Makefile.am b/include/helpers/Makefile.am new file mode 100644 index 0000000..99a4257 --- /dev/null +++ b/include/helpers/Makefile.am @@ -0,0 +1 @@ +noinst_HEADERS = ftp.h rpc.h sane.h tns.h diff --git a/include/helpers/ftp.h b/include/helpers/ftp.h new file mode 100644 index 0000000..50e2d0c --- /dev/null +++ b/include/helpers/ftp.h @@ -0,0 +1,14 @@ +#ifndef _CTD_FTP_H +#define _CTD_FTP_H + +#define NUM_SEQ_TO_REMEMBER 2 + +/* This structure exists only once per master */ +struct ftp_info { + /* Valid seq positions for cmd matching after newline */ + uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER]; + /* 0 means seq_match_aft_nl not set */ + int seq_aft_nl_num[MYCT_DIR_MAX]; +}; + +#endif diff --git a/include/helpers/rpc.h b/include/helpers/rpc.h new file mode 100644 index 0000000..b0b8d17 --- /dev/null +++ b/include/helpers/rpc.h @@ -0,0 +1,15 @@ +#ifndef _CTD_RPC_H +#define _CTD_RPC_H + +struct rpc_info { + /* XID */ + uint32_t xid; + /* program */ + uint32_t pm_prog; + /* program version */ + uint32_t pm_vers; + /* transport protocol: TCP|UDP */ + uint32_t pm_prot; +}; + +#endif diff --git a/include/helpers/sane.h b/include/helpers/sane.h new file mode 100644 index 0000000..1e70ff6 --- /dev/null +++ b/include/helpers/sane.h @@ -0,0 +1,13 @@ +#ifndef _CTD_SANE_H +#define _CTD_SANE_H + +enum sane_state { + SANE_STATE_NORMAL, + SANE_STATE_START_REQUESTED, +}; + +struct nf_ct_sane_master { + enum sane_state state; +}; + +#endif diff --git a/include/helpers/tns.h b/include/helpers/tns.h new file mode 100644 index 0000000..60dcf25 --- /dev/null +++ b/include/helpers/tns.h @@ -0,0 +1,9 @@ +#ifndef _CTD_TNS_H +#define _CTD_TNS_H + +struct tns_info { + /* Scan next DATA|REDIRECT packet */ + bool parse; +}; + +#endif |