diff options
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 6 | ||||
-rw-r--r-- | src/libnetfilter_conntrack.c | 18 |
2 files changed, 14 insertions, 10 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 0c06fa6..f23bb70 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -13,7 +13,7 @@ #include <linux/netfilter/nfnetlink_conntrack.h> #include <libnfnetlink/libnfnetlink.h> -#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3" +#define LIBNETFILTER_CONNTRACK_VERSION "0.2.4" enum { CONNTRACK = NFNL_SUBSYS_CTNETLINK, @@ -27,12 +27,12 @@ enum { #define NFCT_ANY_ID 0 /* - * Subscribe to all possible netlink groups. Use this + * Subscribe to all possible conntrack event groups. Use this * flag in case that you want to catch up all the possible * events. Do not use this flag for dumping or any other * similar operation. */ -#define NFCT_ALL_GROUPS ~0U +#define NFCT_ALL_CT_GROUPS (NF_NETLINK_CONNTRACK_NEW|NF_NETLINK_CONNTRACK_UPDATE|NF_NETLINK_CONNTRACK_DESTROY) union nfct_l4 { /* Add other protocols here. */ diff --git a/src/libnetfilter_conntrack.c b/src/libnetfilter_conntrack.c index d151490..2d25cbf 100644 --- a/src/libnetfilter_conntrack.c +++ b/src/libnetfilter_conntrack.c @@ -391,12 +391,12 @@ static void nfct_parse_counters(struct nfattr *attr, static char *msgtype[] = {"[UNKNOWN]", "[NEW]", "[UPDATE]", "[DESTROY]"}; -static int typemsg2enum(u_int8_t type, u_int8_t flags) +static int typemsg2enum(u_int16_t type, u_int16_t flags) { int ret = NFCT_MSG_UNKNOWN; if (type == IPCTNL_MSG_CT_NEW) { - if (flags & NLM_F_CREATE) + if (flags & (NLM_F_CREATE|NLM_F_EXCL)) ret = NFCT_MSG_NEW; else ret = NFCT_MSG_UPDATE; @@ -707,11 +707,11 @@ static int nfct_expect_netlink_handler(struct nfct_handle *cth, parse_tuple(cda[CTA_EXPECT_MASK-1], &exp.mask); if (cda[CTA_EXPECT_TIMEOUT-1]) - exp.timeout = htonl(*(unsigned long *) + exp.timeout = ntohl(*(unsigned long *) NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1])); if (cda[CTA_EXPECT_ID-1]) - exp.id = htonl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1])); + exp.id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1])); if (cth->callback) ret = cth->callback((void *)&exp, 0, @@ -797,8 +797,8 @@ int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, char buf[NFCT_BUFSIZE]; int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG; - memset(&buf, 0, sizeof(buf)); req = (void *) &buf; + memset(&buf, 0, sizeof(buf)); nfnl_fill_hdr(&cth->nfnlh, &req->nlh, 0, AF_INET, 0, IPCTNL_MSG_CT_DELETE, @@ -806,9 +806,11 @@ int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, nfct_build_tuple(req, sizeof(buf), tuple, type); - if (id != NFCT_ANY_ID) + if (id != NFCT_ANY_ID) { + id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, sizeof(unsigned int)); + } return nfnl_talk(&cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL); } @@ -832,9 +834,11 @@ int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, nfct_build_tuple(req, sizeof(buf), tuple, type); - if (id != NFCT_ANY_ID) + if (id != NFCT_ANY_ID) { + id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, sizeof(unsigned int)); + } err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) |