From dc454a657f57a5cf143fddc5c1dd87a510c1790a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 8 Mar 2022 23:05:39 +0100
Subject: nfct: remove lazy binding

Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
daemon starts"), userspace conntrack helpers do not depend on a previous
invocation of nfct to set up the userspace helpers.

Move helper definitions to nfct-extensions/helper.c since existing
deployments might still invoke nfct, even if not required anymore.

This patch was motivated by the removal of the lazy binding.

Phil Sutter says:

"For security purposes, distributions might want to pass -Wl,-z,now
linker flags to all builds, thereby disabling lazy binding globally.

In the past, nfct relied upon lazy binding: It uses the helper objects'
parsing functions without but doesn't provide all symbols the objects
use."

Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/helpers/rpc.c | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'src/helpers/rpc.c')

diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c
index 3b3d0a7..732e9ba 100644
--- a/src/helpers/rpc.c
+++ b/src/helpers/rpc.c
@@ -41,21 +41,12 @@
 #include <libnetfilter_queue/pktbuff.h>
 #include <linux/netfilter.h>
 
+#include "helpers/rpc.h"
+
 /* RFC 1050: RPC: Remote Procedure Call Protocol Specification Version 2 */
 /* RFC 1014: XDR: External Data Representation Standard */
 #define SUPPORTED_RPC_VERSION	2
 
-struct rpc_info {
-	/* XID */
-	uint32_t xid;
-	/* program */
-	uint32_t pm_prog;
-	/* program version */
-	uint32_t pm_vers;
-	/* transport protocol: TCP|UDP */
-	uint32_t pm_prot;
-};
-
 /* So, this packet has hit the connection tracking matching code.
    Mangle it, and change the expectation to match the new version. */
 static unsigned int
-- 
cgit v1.2.3