From 84f120b150d14adb1cefec601e28b2522612a620 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sun, 6 May 2007 17:39:00 +0000 Subject: - add warning note to ctnl_test.c: old API is deprecated - split expect_api_test.c into small example files expect_*.c - introduce alias tags for original tuple attributes - introduce nfexp_sizeof and nfexp_maxsize - build expectation attributes iif they are set - fix l3num setting in expect/build.c --- src/expect/api.c | 29 +++++++++++++++++++++++++++++ src/expect/build.c | 48 +++++++++++++++++++++++++----------------------- 2 files changed, 54 insertions(+), 23 deletions(-) (limited to 'src/expect') diff --git a/src/expect/api.c b/src/expect/api.c index 127846a..5c3868c 100644 --- a/src/expect/api.c +++ b/src/expect/api.c @@ -42,6 +42,35 @@ void nfexp_destroy(struct nf_expect *exp) exp = NULL; /* bugtrap */ } +/** + * nfexp_sizeof - return the size in bytes of a certain expect object + * @exp: pointer to the expect object + */ +size_t nfexp_sizeof(const struct nf_expect *exp) +{ + assert(exp != NULL); + return sizeof(*exp); +} + +/** + * nfexp_maxsize - return the maximum size in bytes of a expect object + * + * Use this function if you want to allocate a expect object in the stack + * instead of the heap. For example: + * + * char buf[nfexp_maxsize()]; + * struct nf_expect *exp = (struct nf_expect *) buf; + * memset(exp, 0, nfexp_maxsize()); + * + * Note: As for now this function returns the same size that nfexp_sizeof(exp) + * does although _this could change in the future_. Therefore, do not assume + * that nfexp_sizeof(exp) == nfexp_maxsize(). + */ +size_t nfexp_maxsize() +{ + return sizeof(struct nf_expect); +} + /** * nfexp_clone - clone a expectation object * @exp: pointer to a valid expectation object diff --git a/src/expect/build.c b/src/expect/build.c index 501263a..0415621 100644 --- a/src/expect/build.c +++ b/src/expect/build.c @@ -21,35 +21,37 @@ int __build_expect(struct nfnl_subsys_handle *ssh, u_int16_t flags, const struct nf_expect *exp) { - u_int8_t l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum; + u_int8_t l3num; - if (!test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) { - errno = EINVAL; - return -1; - } + if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) + l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum; + else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set)) + l3num = exp->expected.tuple[NFCT_DIR_ORIGINAL].l3protonum; memset(req, 0, size); nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags); - __build_tuple(req, - size, - &exp->expected.tuple[__DIR_ORIG], - CTA_EXPECT_TUPLE); - - /* get and delete only require the expectation tuple */ - if (type == IPCTNL_MSG_EXP_GET || type == IPCTNL_MSG_EXP_DELETE) - return 0; - - __build_tuple(req, - size, - &exp->master.tuple[__DIR_ORIG], - CTA_EXPECT_MASTER); - - __build_tuple(req, - size, - &exp->mask.tuple[__DIR_ORIG], - CTA_EXPECT_MASK); + if (test_bit(ATTR_EXP_EXPECTED, exp->set)) { + __build_tuple(req, + size, + &exp->expected.tuple[__DIR_ORIG], + CTA_EXPECT_TUPLE); + } + + if (test_bit(ATTR_EXP_MASTER, exp->set)) { + __build_tuple(req, + size, + &exp->master.tuple[__DIR_ORIG], + CTA_EXPECT_MASTER); + } + + if (test_bit(ATTR_EXP_MASK, exp->set)) { + __build_tuple(req, + size, + &exp->mask.tuple[__DIR_ORIG], + CTA_EXPECT_MASK); + } if (test_bit(ATTR_EXP_TIMEOUT, exp->set)) __build_timeout(req, size, exp); -- cgit v1.2.3