diff options
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | config.h.in | 7 | ||||
| -rw-r--r-- | configure.in | 2 | ||||
| -rw-r--r-- | extensions/libct_proto_sctp.c | 2 | ||||
| -rw-r--r-- | extensions/libct_proto_tcp.c | 2 | ||||
| -rw-r--r-- | extensions/libct_proto_udp.c | 2 | ||||
| -rw-r--r-- | src/conntrack.c | 10 | ||||
| -rw-r--r-- | src/libct.c | 79 | 
8 files changed, 47 insertions, 59 deletions
| diff --git a/Makefile.am b/Makefile.am index 888d53e..b114b00 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ AUTOMAKE_OPTIONS = foreign 1.4  INCLUDES  = $(all_includes) -I$(top_srcdir)/include -I${KERNELDIR}  SUBDIRS   = src extensions  DIST_SUBDIRS = include src extensions -LINKOPTS  = -ldl -lnfnetlink -lctnetlink +LINKOPTS  = -ldl -lnfnetlink -lnfnetlink_conntrack  AM_CFLAGS = -g  $(OBJECTS): libtool diff --git a/config.h.in b/config.h.in index 3921abd..9045dbb 100644 --- a/config.h.in +++ b/config.h.in @@ -6,15 +6,16 @@  /* Define to 1 if you have the <inttypes.h> header file. */  #undef HAVE_INTTYPES_H -/* Define to 1 if you have the `ctnetlink' library (-lctnetlink). */ -#undef HAVE_LIBCTNETLINK -  /* Define to 1 if you have the `dl' library (-ldl). */  #undef HAVE_LIBDL  /* Define to 1 if you have the `nfnetlink' library (-lnfnetlink). */  #undef HAVE_LIBNFNETLINK +/* Define to 1 if you have the `nfnetlink_conntrack' library +   (-lnfnetlink_conntrack). */ +#undef HAVE_LIBNFNETLINK_CONNTRACK +  /* Define to 1 if you have the <memory.h> header file. */  #undef HAVE_MEMORY_H diff --git a/configure.in b/configure.in index efdacf1..8956e34 100644 --- a/configure.in +++ b/configure.in @@ -22,7 +22,7 @@ dnl AC_CHECK_LIB([c], [main])  AC_CHECK_LIB([dl], [dlopen])  AC_CHECK_LIB([nfnetlink], [nfnl_listen]) -AC_CHECK_LIB([ctnetlink], [ctnl_register_handler] ,,,[-lnfnetlink]) +AC_CHECK_LIB([nfnetlink_conntrack], [ctnl_register_handler] ,,,[-lnfnetlink])  # Checks for header files.  dnl AC_HEADER_STDC diff --git a/extensions/libct_proto_sctp.c b/extensions/libct_proto_sctp.c index b519ff1..4dbdf27 100644 --- a/extensions/libct_proto_sctp.c +++ b/extensions/libct_proto_sctp.c @@ -14,7 +14,7 @@  #include <netinet/in.h> /* For htons */  #include <linux/netfilter/nfnetlink_conntrack.h>  #include "libct_proto.h" -#include "libctnetlink.h" +#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>  static struct option opts[] = {  	{"orig-port-src", 1, 0, '1'}, diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index 65f0fb6..323e4ec 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -14,7 +14,7 @@  #include <netinet/in.h> /* For htons */  #include <linux/netfilter/nfnetlink_conntrack.h>  #include "libct_proto.h" -#include "libctnetlink.h" +#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>  static struct option opts[] = {  	{"orig-port-src", 1, 0, '1'}, diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index 706f113..8a9f0cf 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -13,7 +13,7 @@  #include <netinet/in.h> /* For htons */  #include <linux/netfilter/nfnetlink_conntrack.h>  #include "libct_proto.h" -#include "libctnetlink.h" +#include <libnfnetlink_conntrack/libnfnetlink_conntrack.h>  static struct option opts[] = {  	{"orig-port-src", 1, 0, '1'}, diff --git a/src/conntrack.c b/src/conntrack.c index ccfb71a..22c6115 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -880,13 +880,11 @@ int main(int argc, char *argv[])  		case EXP_CREATE:  			if (options & CT_OPT_ORIG)  				res = create_expectation(&orig,  -							 CTA_TUPLE_ORIG,  							 &exptuple,  							 &mask,  							 timeout);  			else if (options & CT_OPT_REPL)  				res = create_expectation(&reply, -							 CTA_TUPLE_REPLY,  							 &exptuple,  							 &mask,  							 timeout); @@ -917,16 +915,16 @@ int main(int argc, char *argv[])  		case EXP_DELETE:  			if (options & CT_OPT_ORIG) -				res = delete_expectation(&orig, CTA_TUPLE_ORIG); +				res = delete_expectation(&orig);  			else if (options & CT_OPT_REPL) -				res = delete_expectation(&reply, CTA_TUPLE_REPLY); +				res = delete_expectation(&reply);  			break;  		case CT_GET:  			if (options & CT_OPT_ORIG) -				res = get_conntrack(&orig, CTA_TUPLE_ORIG, id); +				res = get_conntrack(&orig, id);  			else if (options & CT_OPT_REPL) -				res = get_conntrack(&reply, CTA_TUPLE_REPLY, id); +				res = get_conntrack(&reply, id);  			break;  		case EXP_GET: diff --git a/src/libct.c b/src/libct.c index cf46b99..e03c02a 100644 --- a/src/libct.c +++ b/src/libct.c @@ -162,7 +162,7 @@ static int handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)  			parse_tuple(attr, &ct.tuple[CTNL_DIR_REPLY]);  			break;  		case CTA_STATUS: -			ct.status = ntohl(*(unsigned int *)NFA_DATA(attr)); +			ct.status = *(unsigned int *)NFA_DATA(attr);  			flags |= STATUS;  			break;  		case CTA_PROTOINFO: @@ -268,25 +268,6 @@ static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,  	return handler(sock, nlh, arg);  } -void parse_expect(struct nfattr *attr, struct ctnl_tuple *tuple,  -		  struct ctnl_tuple *mask, unsigned long *timeout, -		  u_int32_t *id) -{ -	struct nfattr *tb[CTA_EXPECT_MAX]; - -	memset(tb, 0, CTA_EXPECT_MAX*sizeof(struct nfattr *)); - -	nfnl_parse_nested(tb, CTA_EXPECT_MAX, attr); -	if (tb[CTA_EXPECT_TUPLE-1]) -		parse_tuple(tb[CTA_EXPECT_TUPLE-1], tuple); -	if (tb[CTA_EXPECT_MASK-1]) -		parse_tuple(tb[CTA_EXPECT_MASK-1], mask); -	if (tb[CTA_EXPECT_TIMEOUT-1]) -		*timeout = htonl(*(unsigned long *)NFA_DATA(tb[CTA_EXPECT_TIMEOUT-1])); -	if (tb[CTA_EXPECT_ID-1]) -		*id = htonl(*(u_int32_t *)NFA_DATA(tb[CTA_EXPECT_ID-1])); -} -  static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *arg)  {  	struct nfgenmsg *nfmsg; @@ -310,9 +291,19 @@ static int expect_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh, void *  	while (NFA_OK(attr, attrlen)) {  		switch(attr->nfa_type) { -			case CTA_EXPECT: -				parse_expect(attr, &tuple, &mask, &timeout, -					     &id); + +			case CTA_EXPECT_TUPLE: +				parse_tuple(attr, &tuple); +				break; +			case CTA_EXPECT_MASK: +				parse_tuple(attr, &mask); +				break; +			case CTA_EXPECT_TIMEOUT: +				timeout = htonl(*(unsigned long *) +						NFA_DATA(attr)); +				break; +			case CTA_EXPECT_ID: +				id = htonl(*(u_int32_t *)NFA_DATA(attr));	  				break;  		}  		attr = NFA_NEXT(attr, attrlen); @@ -348,12 +339,12 @@ int create_conntrack(struct ctnl_tuple *orig,  	ct.tuple[CTNL_DIR_ORIGINAL] = *orig;  	ct.tuple[CTNL_DIR_REPLY] = *reply;  	ct.timeout = htonl(timeout); -	ct.status = htonl(status); +	ct.status = status;  	ct.protoinfo = *proto;  	if (range)  		ct.nat = *range; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)  		return ret;  	ret = ctnl_new_conntrack(&cth, &ct); @@ -376,10 +367,10 @@ int update_conntrack(struct ctnl_tuple *orig,  	ct.tuple[CTNL_DIR_ORIGINAL] = *orig;  	ct.tuple[CTNL_DIR_REPLY] = *reply;  	ct.timeout = htonl(timeout); -	ct.status = htonl(status); +	ct.status = status;  	ct.protoinfo = *proto; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)  		return ret;  	ret = ctnl_upd_conntrack(&cth, &ct); @@ -393,7 +384,7 @@ int delete_conntrack(struct ctnl_tuple *tuple, int dir)  {  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)  		return ret;  	ret = ctnl_del_conntrack(&cth, tuple, dir); @@ -411,7 +402,7 @@ int get_conntrack(struct ctnl_tuple *tuple, int dir)  	};  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)  		return ret;  	ctnl_register_handler(&cth, &h); @@ -430,7 +421,7 @@ int dump_conntrack_table(int zero)  		.handler = handler  	}; -	if ((ret = ctnl_open(&cth, 0)) < 0)  +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)   		return ret;  	ctnl_register_handler(&cth, &h); @@ -463,7 +454,7 @@ int event_conntrack(unsigned int event_mask)  	};  	int ret; -	if ((ret = ctnl_open(&cth, event_mask)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, event_mask)) < 0)  		return ret;  	signal(SIGINT, event_sighandler); @@ -527,7 +518,7 @@ int dump_expect_list()  	};  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)  		return ret;  	ctnl_register_handler(&cth, &h); @@ -542,7 +533,7 @@ int flush_conntrack()  {  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK, 0)) < 0)  		return ret;  	ret = ctnl_flush_conntrack(&cth); @@ -551,8 +542,7 @@ int flush_conntrack()  	return ret;  } -int get_expect(struct ctnl_tuple *tuple, -	       enum ctattr_type t) +int get_expect(struct ctnl_tuple *tuple)  {  	struct ctnl_msg_handler h = {  		.type = IPCTNL_MSG_EXP_NEW, @@ -560,43 +550,42 @@ int get_expect(struct ctnl_tuple *tuple,  	};  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)  		return 0;  	ctnl_register_handler(&cth, &h); -	ret = ctnl_get_expect(&cth, tuple, t); +	ret = ctnl_get_expect(&cth, tuple);  	ctnl_close(&cth);  	return ret;  }  int create_expectation(struct ctnl_tuple *tuple, -		       enum ctattr_type t,  		       struct ctnl_tuple *exptuple,  		       struct ctnl_tuple *mask,  		       unsigned long timeout)  {  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)  		return ret; -	ret = ctnl_new_expect(&cth, tuple, t, exptuple, mask, timeout); +	ret = ctnl_new_expect(&cth, tuple, exptuple, mask, timeout);  	ctnl_close(&cth);  	return ret;  } -int delete_expectation(struct ctnl_tuple *tuple, enum ctattr_type t) +int delete_expectation(struct ctnl_tuple *tuple)  {  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)  		return ret; -	ret = ctnl_del_expect(&cth, tuple, t); +	ret = ctnl_del_expect(&cth, tuple);  	ctnl_close(&cth);  	return ret; @@ -614,7 +603,7 @@ int event_expectation(unsigned int event_mask)  	};  	int ret; -	if ((ret = ctnl_open(&cth, event_mask)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, event_mask)) < 0)  		return ret;  	ctnl_register_handler(&cth, &hnew); @@ -629,7 +618,7 @@ int flush_expectation()  {  	int ret; -	if ((ret = ctnl_open(&cth, 0)) < 0) +	if ((ret = ctnl_open(&cth, NFNL_SUBSYS_CTNETLINK_EXP, 0)) < 0)  		return ret;  	ret = ctnl_flush_expect(&cth); | 
