From 5df5a11591fb6eff06ff931152d7b7d07e1f3cb3 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org" Date: Thu, 20 Oct 2005 19:10:40 +0000 Subject: Commit libnetfilter_conntrack.h, I missed it :( --- .../libnetfilter_conntrack.h | 183 ++++++++++++++------- 1 file changed, 126 insertions(+), 57 deletions(-) (limited to 'include/libnetfilter_conntrack') diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 954b3e2..33f43a5 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -1,30 +1,25 @@ -/* libctnetlink.h: Header file for the Connection Tracking library. - * - * Jay Schulist , Copyright (c) 2001. - * (C) 2002 by Harald Welte +/* * (C) 2005 by Pablo Neira Ayuso * * This software may be used and distributed according to the terms * of the GNU General Public License, incorporated herein by reference. */ -#ifndef __LIBCTNETLINK_H -#define __LIBCTNETLINK_H +#ifndef _LIBNETFILTER_CONNTRACK_H_ +#define _LIBNETFILTER_CONNTRACK_H_ #include #include #include #include #include - -/* we need this for "enum ip_conntrack_status" */ -#include - #include +#include +#include "linux_list.h" -#define CTNL_BUFFSIZE 4096 +#define LIBNETFILTER_CONNTRACK_VERSION "0.1.1" -union ctnl_l4 { +union nfct_l4 { /* Add other protocols here. */ u_int16_t all; struct { @@ -42,7 +37,7 @@ union ctnl_l4 { } sctp; }; -struct ctnl_tuple { +struct nfct_tuple { union { u_int32_t v4; u_int64_t v6; @@ -54,32 +49,32 @@ struct ctnl_tuple { } dst; u_int8_t protonum; - union ctnl_l4 l4src; - union ctnl_l4 l4dst; + union nfct_l4 l4src; + union nfct_l4 l4dst; }; -union ctnl_protoinfo { +union nfct_protoinfo { struct { u_int8_t state; } tcp; }; -struct ctnl_counters { +struct nfct_counters { u_int64_t packets; u_int64_t bytes; }; -struct ctnl_nat { +struct nfct_nat { u_int32_t min_ip, max_ip; - union ctnl_l4 l4min, l4max; + union nfct_l4 l4min, l4max; }; -#define CTNL_DIR_ORIGINAL 0 -#define CTNL_DIR_REPLY 1 -#define CTNL_DIR_MAX CTNL_DIR_REPLY+1 +#define NFCT_DIR_ORIGINAL 0 +#define NFCT_DIR_REPLY 1 +#define NFCT_DIR_MAX NFCT_DIR_REPLY+1 -struct ctnl_conntrack { - struct ctnl_tuple tuple[CTNL_DIR_MAX]; +struct nfct_conntrack { + struct nfct_tuple tuple[NFCT_DIR_MAX]; unsigned long timeout; unsigned long mark; @@ -87,45 +82,119 @@ struct ctnl_conntrack { unsigned int use; unsigned int id; - union ctnl_protoinfo protoinfo; - struct ctnl_counters counters[CTNL_DIR_MAX]; - struct ctnl_nat nat; + union nfct_protoinfo protoinfo; + struct nfct_counters counters[NFCT_DIR_MAX]; + struct nfct_nat nat; +}; + +struct nfct_expect { + struct nfct_tuple master; + struct nfct_tuple tuple; + struct nfct_tuple mask; + unsigned long timeout; + unsigned int id; +}; + +struct nfct_proto { + struct list_head head; + + char *name; + u_int8_t protonum; + char *version; + + void (*parse_proto)(struct nfattr **, struct nfct_tuple *); + void (*parse_protoinfo)(struct nfattr **, struct nfct_conntrack *); + int (*print_protoinfo)(char *, union nfct_protoinfo *); + int (*print_proto)(char *, struct nfct_tuple *); +}; + +enum { + NFCT_STATUS_BIT = 0, + NFCT_STATUS = (NFCT_STATUS_BIT << 1), + + NFCT_PROTOINFO_BIT = 1, + NFCT_PROTOINFO = (NFCT_PROTOINFO_BIT << 1), + + NFCT_TIMEOUT_BIT = 2, + NFCT_TIMEOUT = (NFCT_TIMEOUT_BIT << 1), + + NFCT_MARK_BIT = 3, + NFCT_MARK = (NFCT_MARK_BIT << 1), + + NFCT_COUNTERS_BIT = 4, + NFCT_COUNTERS = (NFCT_COUNTERS_BIT << 1), + + NFCT_USE_BIT = 5, + NFCT_USE = (NFCT_USE_BIT << 1), + + NFCT_ID_BIT = 6, + NFCT_ID = (NFCT_ID_BIT << 1) }; -struct ctnl_msg_handler { +typedef void (*nfct_callback)(void *arg, unsigned int flags); + +struct nfct_msg_handler { int type; int (*handler)(struct sockaddr_nl *, struct nlmsghdr *, void *arg); }; -struct ctnl_handle { +struct nfct_handle { struct nfnl_handle nfnlh; - struct ctnl_msg_handler *handler[IPCTNL_MSG_MAX]; + nfct_callback callback; + struct nfct_msg_handler *handler[IPCTNL_MSG_MAX]; }; -extern int ctnl_open(struct ctnl_handle *, u_int8_t, unsigned); -extern int ctnl_close(struct ctnl_handle *); -extern int ctnl_unregister_handler(struct ctnl_handle *, int); -extern int ctnl_register_handler(struct ctnl_handle *, - struct ctnl_msg_handler *); -extern int ctnl_new_conntrack(struct ctnl_handle *, struct ctnl_conntrack *); -extern int ctnl_upd_conntrack(struct ctnl_handle *, struct ctnl_conntrack *); -extern int ctnl_get_conntrack(struct ctnl_handle *, struct ctnl_tuple *, int); -extern int ctnl_del_conntrack(struct ctnl_handle *, struct ctnl_tuple *, int); -extern int ctnl_list_conntrack(struct ctnl_handle *, int); -extern int ctnl_list_conntrack_zero_counters(struct ctnl_handle *, int); -extern int ctnl_event_conntrack(struct ctnl_handle *, int); -extern int ctnl_flush_conntrack(struct ctnl_handle *); - -extern int ctnl_new_expect(struct ctnl_handle *, struct ctnl_tuple *, - struct ctnl_tuple *, struct ctnl_tuple *, - unsigned long); -extern int ctnl_del_expect(struct ctnl_handle *,struct ctnl_tuple *); -extern int ctnl_get_expect(struct ctnl_handle *, struct ctnl_tuple *); -extern int ctnl_list_expect(struct ctnl_handle *, int); -extern int ctnl_event_expect(struct ctnl_handle *, int); -extern int ctnl_flush_expect(struct ctnl_handle *); - -extern int ctnl_send(struct ctnl_handle *, struct nlmsghdr *); -extern int ctnl_wilddump_request(struct ctnl_handle *, int , int); - -#endif /* __LIBCTNETLINK_H */ +extern void nfct_register_proto(struct nfct_proto *h); +extern void nfct_unregister_proto(struct nfct_proto *h); + +extern struct nfct_handle *nfct_open(u_int8_t, unsigned); +extern int nfct_close(struct nfct_handle *cth); +extern void nfct_set_callback(struct nfct_handle *cth, nfct_callback callback); + +/* + * callback displayers + */ +extern void nfct_default_conntrack_display(void *arg, unsigned int flags); +extern void nfct_default_expect_display(void *arg, unsigned int flags); + +extern int nfct_create_conntrack(struct nfct_handle *cth, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + unsigned long timeout, + union nfct_protoinfo *proto, + unsigned int status); +extern int nfct_create_conntrack_nat(struct nfct_handle *cth, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + unsigned long timeout, + union nfct_protoinfo *proto, + unsigned int status, + struct nfct_nat *nat); +extern int nfct_update_conntrack(struct nfct_handle *cth, + struct nfct_tuple *orig, + struct nfct_tuple *reply, + unsigned long timeout, + union nfct_protoinfo *proto, + unsigned int status); +extern int nfct_delete_conntrack(struct nfct_handle *cth,struct nfct_tuple *tuple, int dir); +extern int nfct_get_conntrack(struct nfct_handle *cth,struct nfct_tuple *tuple, int dir); +extern int nfct_dump_conntrack_table(struct nfct_handle *cth); +extern int nfct_dump_conntrack_table_zero(struct nfct_handle *cth); +extern int nfct_event_conntrack(struct nfct_handle *cth); + +/* + * Expectations + */ +extern int nfct_dump_expect_list(struct nfct_handle *cth); +extern int nfct_flush_conntrack_table(struct nfct_handle *cth); +extern int nfct_get_expectation(struct nfct_handle *cth,struct nfct_tuple *tuple); +extern int nfct_create_expectation(struct nfct_handle *cth, + struct nfct_tuple *master, + struct nfct_tuple *tuple, + struct nfct_tuple *mask, + unsigned long timeout); +extern int nfct_delete_expectation(struct nfct_handle *cth,struct nfct_tuple *tuple); +extern int nfct_event_expectation(struct nfct_handle *cth); +extern int nfct_flush_expectation_table(struct nfct_handle *cth); + +#endif /* _LIBNETFILTER_CONNTRACK_H_ */ -- cgit v1.2.3