diff options
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 285 | ||||
| -rw-r--r-- | src/conntrack/build.c | 4 | ||||
| -rw-r--r-- | src/expect/build.c | 4 |
3 files changed, 4 insertions, 289 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 0c8b715..f2b6dbb 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -616,291 +616,6 @@ enum ip_conntrack_status { /* Be liberal in window checking */ #define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 -/* - * Old deprecated API, its use for new applications is *strongly discouraged* - */ - -/* - * In case that the user doesn't want to do some kind - * of action against a conntrack based on its ID - */ -#define NFCT_ANY_ID 0 - -union nfct_l4 { - /* Add other protocols here. */ - u_int16_t all; - struct { - u_int16_t port; - } tcp; - struct { - u_int16_t port; - } udp; - struct { - u_int8_t type, code; - u_int16_t id; - } icmp; - struct { - u_int16_t port; - } sctp; -}; - -union nfct_address { - u_int32_t v4; - u_int32_t v6[4]; -}; - -struct nfct_tuple { - union nfct_address src; - union nfct_address dst; - - u_int8_t l3protonum; - u_int8_t protonum; - union nfct_l4 l4src; - union nfct_l4 l4dst; -}; - -union nfct_protoinfo { - struct { - u_int8_t state; - } tcp; -}; - -struct nfct_counters { - u_int64_t packets; - u_int64_t bytes; -}; - -struct nfct_nat { - u_int32_t min_ip, max_ip; - union nfct_l4 l4min, l4max; -}; - -#define NFCT_DIR_ORIGINAL 0 -#define NFCT_DIR_REPLY 1 -#define NFCT_DIR_MAX NFCT_DIR_REPLY+1 - -struct nfct_conntrack { - struct nfct_tuple tuple[NFCT_DIR_MAX]; - - u_int32_t timeout; - u_int32_t mark; - u_int32_t status; - u_int32_t use; - u_int32_t id; - - union nfct_protoinfo protoinfo; - struct nfct_counters counters[NFCT_DIR_MAX]; - struct nfct_nat nat; -}; - -struct nfct_expect { - struct nfct_tuple master; - struct nfct_tuple tuple; - struct nfct_tuple mask; - u_int32_t timeout; - u_int32_t id; - u_int16_t expectfn_queue_id; -}; - -struct nfct_conntrack_compare { - struct nfct_conntrack *ct; - unsigned int flags; - unsigned int l3flags; - unsigned int l4flags; -}; - -enum { - NFCT_STATUS_BIT = 0, - NFCT_STATUS = (1 << NFCT_STATUS_BIT), - - NFCT_PROTOINFO_BIT = 1, - NFCT_PROTOINFO = (1 << NFCT_PROTOINFO_BIT), - - NFCT_TIMEOUT_BIT = 2, - NFCT_TIMEOUT = (1 << NFCT_TIMEOUT_BIT), - - NFCT_MARK_BIT = 3, - NFCT_MARK = (1 << NFCT_MARK_BIT), - - NFCT_COUNTERS_ORIG_BIT = 4, - NFCT_COUNTERS_ORIG = (1 << NFCT_COUNTERS_ORIG_BIT), - - NFCT_COUNTERS_RPLY_BIT = 5, - NFCT_COUNTERS_RPLY = (1 << NFCT_COUNTERS_RPLY_BIT), - - NFCT_USE_BIT = 6, - NFCT_USE = (1 << NFCT_USE_BIT), - - NFCT_ID_BIT = 7, - NFCT_ID = (1 << NFCT_ID_BIT) -}; - -enum { - NFCT_MSG_UNKNOWN, - NFCT_MSG_NEW, - NFCT_MSG_UPDATE, - NFCT_MSG_DESTROY -}; - -typedef int (*nfct_callback)(void *arg, unsigned int flags, int, void *data); - -/* - * [Allocate|free] a conntrack - */ -extern __attribute__((deprecated)) -struct nfct_conntrack * -nfct_conntrack_alloc(struct nfct_tuple *orig, struct nfct_tuple *reply, - u_int32_t timeout, union nfct_protoinfo *proto, - u_int32_t status, u_int32_t mark, - u_int32_t id, struct nfct_nat *range); -extern __attribute__((deprecated)) -void nfct_conntrack_free(struct nfct_conntrack *ct); - -/* - * [Allocate|free] an expectation - */ -extern __attribute__((deprecated)) -struct nfct_expect * -nfct_expect_alloc(struct nfct_tuple *master, struct nfct_tuple *tuple, - struct nfct_tuple *mask, u_int32_t timeout, - u_int32_t id); - -extern __attribute__((deprecated)) -void nfct_expect_free(struct nfct_expect *exp); - - -/* - * [Register|unregister] callbacks - */ -extern __attribute__((deprecated)) -void nfct_register_callback(struct nfct_handle *cth, - nfct_callback callback, void *data); - -extern __attribute__((deprecated)) -void nfct_unregister_callback(struct nfct_handle *cth); - -/* - * callback displayers - */ -extern __attribute__((deprecated)) -int nfct_default_conntrack_display(void *, unsigned int, int, void *); -extern __attribute__((deprecated)) -int nfct_default_conntrack_display_id(void *, unsigned int, int, void *); -extern __attribute__((deprecated)) -int nfct_default_expect_display(void *, unsigned int, int, void *); -extern __attribute__((deprecated)) -int nfct_default_expect_display_id(void *, unsigned int, int, void *); -extern __attribute__((deprecated)) -int nfct_default_conntrack_event_display(void *, unsigned int, int, void *); - -/* - * [Create|update|get|destroy] conntracks - */ -extern __attribute__((deprecated)) -int nfct_create_conntrack(struct nfct_handle *cth, - struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_update_conntrack(struct nfct_handle *cth, - struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_delete_conntrack(struct nfct_handle *cth, - struct nfct_tuple *tuple, int dir, - u_int32_t id); -extern __attribute__((deprecated)) -int nfct_get_conntrack(struct nfct_handle *cth, - struct nfct_tuple *tuple, int dir, - u_int32_t id); -/* - * Conntrack table dumping & zeroing - */ -extern __attribute__((deprecated)) -int nfct_dump_conntrack_table(struct nfct_handle *cth, int family); -extern __attribute__((deprecated)) -int nfct_dump_conntrack_table_reset_counters(struct nfct_handle *cth, - int family); - -/* - * Conntrack event notification - */ -extern __attribute__((deprecated)) -int nfct_event_conntrack(struct nfct_handle *cth); - -/* - * Conntrack printing functions - */ -extern __attribute__((deprecated)) -int nfct_sprintf_conntrack(char *buf, struct nfct_conntrack *ct, - unsigned int flags); -extern __attribute__((deprecated)) -int nfct_sprintf_conntrack_id(char *buf, struct nfct_conntrack *ct, - unsigned int flags); -extern __attribute__((deprecated)) -int nfct_sprintf_address(char *buf, struct nfct_tuple *t); -extern __attribute__((deprecated)) -int nfct_sprintf_proto(char *buf, struct nfct_tuple *t); -extern __attribute__((deprecated)) -int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_timeout(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_protocol(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_status_assured(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_status_seen_reply(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_counters(char *buf, struct nfct_conntrack *ct, int dir); -extern __attribute__((deprecated)) -int nfct_sprintf_mark(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_use(char *buf, struct nfct_conntrack *ct); -extern __attribute__((deprecated)) -int nfct_sprintf_id(char *buf, u_int32_t id); - -/* - * Conntrack comparison - */ -extern __attribute__((deprecated)) -int nfct_conntrack_compare(struct nfct_conntrack *ct1, - struct nfct_conntrack *ct2, - struct nfct_conntrack_compare *cmp); - -/* - * Expectations - */ -extern __attribute__((deprecated)) -int nfct_dump_expect_list(struct nfct_handle *cth, int family); -extern __attribute__((deprecated)) -int nfct_flush_conntrack_table(struct nfct_handle *cth, int family); -extern __attribute__((deprecated)) -int nfct_get_expectation(struct nfct_handle *cth, - struct nfct_tuple *tuple, - u_int32_t id); -extern __attribute__((deprecated)) -int nfct_create_expectation(struct nfct_handle *cth, struct nfct_expect *); -extern __attribute__((deprecated)) -int nfct_delete_expectation(struct nfct_handle *cth, - struct nfct_tuple *tuple, u_int32_t id); -extern __attribute__((deprecated)) -int nfct_event_expectation(struct nfct_handle *cth); -extern __attribute__((deprecated)) -int nfct_flush_expectation_table(struct nfct_handle *cth, int family); - -/* - * expectation printing functions - */ -extern __attribute__((deprecated)) -int nfct_sprintf_expect(char *buf, struct nfct_expect *exp); -extern __attribute__((deprecated)) -int nfct_sprintf_expect_id(char *buf, struct nfct_expect *exp); - -/* - * low-level functions for libnetfilter_cthelper - */ -extern __attribute__((deprecated)) -void nfct_build_tuple(struct nfnlhdr *req, int size, - struct nfct_tuple *t, int type); - #ifdef __cplusplus } #endif diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 35abe05..9611508 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -194,7 +194,7 @@ void __build_protonat(struct nfnlhdr *req, nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO); - switch (ct->tuple[NFCT_DIR_ORIGINAL].protonum) { + switch (ct->tuple[__DIR_ORIG].protonum) { case IPPROTO_TCP: case IPPROTO_UDP: nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_PORT_MIN, @@ -333,7 +333,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, u_int16_t flags, const struct nf_conntrack *ct) { - u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum; + u_int8_t l3num = ct->tuple[__DIR_ORIG].l3protonum; if (!test_bit(ATTR_ORIG_L3PROTO, ct->set)) { errno = EINVAL; diff --git a/src/expect/build.c b/src/expect/build.c index 2f9cb84..cb9071d 100644 --- a/src/expect/build.c +++ b/src/expect/build.c @@ -24,9 +24,9 @@ int __build_expect(struct nfnl_subsys_handle *ssh, u_int8_t l3num; if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) - l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum; + l3num = exp->master.tuple[__DIR_ORIG].l3protonum; else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set)) - l3num = exp->expected.tuple[NFCT_DIR_ORIGINAL].l3protonum; + l3num = exp->expected.tuple[__DIR_ORIG].l3protonum; else return -1; |