diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-14 11:37:44 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-14 12:56:28 +0100 |
| commit | dbfa07f4abdafca547accab48e14156e4b67d7cc (patch) | |
| tree | 36cbd1ae1a380a69c7c67e3e5c05d10ec52fdb95 | |
| parent | 54b482ce4efd4dad9cc52a8e16b198ce3e2b4908 (diff) | |
conntrack: add nfct_nlmsg_build_filter() helper
This helper function builds the payload of the netlink dump request
including the filtering criteria.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 | ||||
| -rw-r--r-- | src/conntrack/build_mnl.c | 22 | ||||
| -rw-r--r-- | src/conntrack/filter_dump.c | 18 |
3 files changed, 25 insertions, 16 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 6233434..e229472 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -587,6 +587,7 @@ int nfct_build_query(struct nfnl_subsys_handle *ssh, /* New low level API: netlink functions */ extern int nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct); +extern int nfct_nlmsg_build_filter(struct nlmsghdr *nlh, const struct nfct_filter_dump *filter_dump); extern int nfct_nlmsg_parse(const struct nlmsghdr *nlh, struct nf_conntrack *ct); extern int nfct_payload_parse(const void *payload, size_t payload_len, uint16_t l3num, struct nf_conntrack *ct); diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c index 0067a1c..c3198c5 100644 --- a/src/conntrack/build_mnl.c +++ b/src/conntrack/build_mnl.c @@ -595,3 +595,25 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct) return 0; } + +int nfct_nlmsg_build_filter(struct nlmsghdr *nlh, + const struct nfct_filter_dump *filter_dump) +{ + struct nfgenmsg *nfg; + + if (filter_dump->set & (1 << NFCT_FILTER_DUMP_MARK)) { + mnl_attr_put_u32(nlh, CTA_MARK, htonl(filter_dump->mark.val)); + mnl_attr_put_u32(nlh, CTA_MARK_MASK, htonl(filter_dump->mark.mask)); + } + if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM)) { + nfg = mnl_nlmsg_get_payload(nlh); + nfg->nfgen_family = filter_dump->l3num; + } + if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) { + mnl_attr_put_u32(nlh, CTA_STATUS, htonl(filter_dump->status.val)); + mnl_attr_put_u32(nlh, CTA_STATUS_MASK, + htonl(filter_dump->status.mask)); + } + + return 0; +} diff --git a/src/conntrack/filter_dump.c b/src/conntrack/filter_dump.c index 3894d06..9bf9296 100644 --- a/src/conntrack/filter_dump.c +++ b/src/conntrack/filter_dump.c @@ -8,6 +8,7 @@ */ #include "internal/internal.h" +#include <libmnl/libmnl.h> static void set_filter_dump_attr_mark(struct nfct_filter_dump *filter_dump, @@ -45,20 +46,5 @@ const set_filter_dump_attr set_filter_dump_attr_array[NFCT_FILTER_DUMP_MAX] = { void __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump) { - if (filter_dump->set & (1 << NFCT_FILTER_DUMP_MARK)) { - nfnl_addattr32(&req->nlh, size, CTA_MARK, - htonl(filter_dump->mark.val)); - nfnl_addattr32(&req->nlh, size, CTA_MARK_MASK, - htonl(filter_dump->mark.mask)); - } - if (filter_dump->set & (1 << NFCT_FILTER_DUMP_L3NUM)) { - struct nfgenmsg *nfg = NLMSG_DATA(&req->nlh); - nfg->nfgen_family = filter_dump->l3num; - } - if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) { - nfnl_addattr32(&req->nlh, size, CTA_STATUS, - htonl(filter_dump->status.val)); - nfnl_addattr32(&req->nlh, size, CTA_STATUS_MASK, - htonl(filter_dump->status.mask)); - } + nfct_nlmsg_build_filter(&req->nlh, filter_dump); } |