From 8a1642dc19b2199ec06542e6b24aeddd5cf593f2 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Tue, 1 Nov 2005 00:28:14 +0000 Subject: o Bumped version to 0.2.4 o Redefine NFCT_ALL_CT_GROUPS o Fix typemsg2enum prototype, flags and type are 16 bits long, not 8 bits o Fix wrong expectation timeout and ID output o Fix getting and killing conntracks by ID --- .../libnetfilter_conntrack/libnetfilter_conntrack.h | 6 +++--- src/libnetfilter_conntrack.c | 18 +++++++++++------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 0c06fa6..f23bb70 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -13,7 +13,7 @@ #include #include -#define LIBNETFILTER_CONNTRACK_VERSION "0.2.3" +#define LIBNETFILTER_CONNTRACK_VERSION "0.2.4" enum { CONNTRACK = NFNL_SUBSYS_CTNETLINK, @@ -27,12 +27,12 @@ enum { #define NFCT_ANY_ID 0 /* - * Subscribe to all possible netlink groups. Use this + * Subscribe to all possible conntrack event groups. Use this * flag in case that you want to catch up all the possible * events. Do not use this flag for dumping or any other * similar operation. */ -#define NFCT_ALL_GROUPS ~0U +#define NFCT_ALL_CT_GROUPS (NF_NETLINK_CONNTRACK_NEW|NF_NETLINK_CONNTRACK_UPDATE|NF_NETLINK_CONNTRACK_DESTROY) union nfct_l4 { /* Add other protocols here. */ diff --git a/src/libnetfilter_conntrack.c b/src/libnetfilter_conntrack.c index d151490..2d25cbf 100644 --- a/src/libnetfilter_conntrack.c +++ b/src/libnetfilter_conntrack.c @@ -391,12 +391,12 @@ static void nfct_parse_counters(struct nfattr *attr, static char *msgtype[] = {"[UNKNOWN]", "[NEW]", "[UPDATE]", "[DESTROY]"}; -static int typemsg2enum(u_int8_t type, u_int8_t flags) +static int typemsg2enum(u_int16_t type, u_int16_t flags) { int ret = NFCT_MSG_UNKNOWN; if (type == IPCTNL_MSG_CT_NEW) { - if (flags & NLM_F_CREATE) + if (flags & (NLM_F_CREATE|NLM_F_EXCL)) ret = NFCT_MSG_NEW; else ret = NFCT_MSG_UPDATE; @@ -707,11 +707,11 @@ static int nfct_expect_netlink_handler(struct nfct_handle *cth, parse_tuple(cda[CTA_EXPECT_MASK-1], &exp.mask); if (cda[CTA_EXPECT_TIMEOUT-1]) - exp.timeout = htonl(*(unsigned long *) + exp.timeout = ntohl(*(unsigned long *) NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1])); if (cda[CTA_EXPECT_ID-1]) - exp.id = htonl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1])); + exp.id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1])); if (cth->callback) ret = cth->callback((void *)&exp, 0, @@ -797,8 +797,8 @@ int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, char buf[NFCT_BUFSIZE]; int type = dir ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG; - memset(&buf, 0, sizeof(buf)); req = (void *) &buf; + memset(&buf, 0, sizeof(buf)); nfnl_fill_hdr(&cth->nfnlh, &req->nlh, 0, AF_INET, 0, IPCTNL_MSG_CT_DELETE, @@ -806,9 +806,11 @@ int nfct_delete_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, nfct_build_tuple(req, sizeof(buf), tuple, type); - if (id != NFCT_ANY_ID) + if (id != NFCT_ANY_ID) { + id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, sizeof(unsigned int)); + } return nfnl_talk(&cth->nfnlh, &req->nlh, 0, 0, NULL, NULL, NULL); } @@ -832,9 +834,11 @@ int nfct_get_conntrack(struct nfct_handle *cth, struct nfct_tuple *tuple, nfct_build_tuple(req, sizeof(buf), tuple, type); - if (id != NFCT_ANY_ID) + if (id != NFCT_ANY_ID) { + id = htonl(id); /* to network byte order */ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_ID, &id, sizeof(unsigned int)); + } err = nfnl_send(&cth->nfnlh, &req->nlh); if (err < 0) -- cgit v1.2.3