From 596d3bc2e9a55d36667abc9b1339b875abd4e11a Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Fri, 18 Jan 2008 17:55:58 +0100 Subject: [PATCH] [LIBNL]: Support conntrack add/delete/query requests Signed-off-by: Patrick McHardy --- include/netlink/netfilter/ct.h | 9 ++ lib/netfilter/ct.c | 153 +++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) diff --git a/include/netlink/netfilter/ct.h b/include/netlink/netfilter/ct.h index 965b869..f554017 100644 --- a/include/netlink/netfilter/ct.h +++ b/include/netlink/netfilter/ct.h @@ -39,6 +39,15 @@ extern void nfnl_ct_put(struct nfnl_ct *); extern int nfnl_ct_dump_request(struct nl_handle *); +extern struct nl_msg * nfnl_ct_build_add_request(const struct nfnl_ct *, int); +extern int nfnl_ct_add(struct nl_handle *, const struct nfnl_ct *, int); + +extern struct nl_msg * nfnl_ct_build_delete_request(const struct nfnl_ct *, int); +extern int nfnl_ct_delete(struct nl_handle *, const struct nfnl_ct *, int); + +extern struct nl_msg * nfnl_ct_build_query_request(const struct nfnl_ct *, int); +extern int nfnl_ct_query(struct nl_handle *, const struct nfnl_ct *, int); + extern void nfnl_ct_set_family(struct nfnl_ct *, uint8_t); extern uint8_t nfnl_ct_get_family(const struct nfnl_ct *); diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c index e9df924..e16a606 100644 --- a/lib/netfilter/ct.c +++ b/lib/netfilter/ct.c @@ -9,6 +9,7 @@ * Copyright (c) 2003-2006 Thomas Graf * Copyright (c) 2007 Philip Craig * Copyright (c) 2007 Secure Computing Corporation + * Copyright (c= 2008 Patrick McHardy */ /** @@ -388,6 +389,158 @@ static int ct_request_update(struct nl_cache *c, struct nl_handle *h) return nfnl_ct_dump_request(h); } +static int nfnl_ct_build_tuple(struct nl_msg *msg, const struct nfnl_ct *ct, + int repl) +{ + struct nlattr *tuple, *ip, *proto; + struct nl_addr *addr; + int family; + + family = nfnl_ct_get_family(ct); + + tuple = nla_nest_start(msg, repl ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG); + if (!tuple) + goto nla_put_failure; + + ip = nla_nest_start(msg, CTA_TUPLE_IP); + if (!ip) + goto nla_put_failure; + + addr = nfnl_ct_get_src(ct, repl); + if (addr) + NLA_PUT_ADDR(msg, + family == AF_INET ? CTA_IP_V4_SRC : CTA_IP_V6_SRC, + addr); + + addr = nfnl_ct_get_dst(ct, repl); + if (addr) + NLA_PUT_ADDR(msg, + family == AF_INET ? CTA_IP_V4_DST : CTA_IP_V6_DST, + addr); + + nla_nest_end(msg, ip); + + proto = nla_nest_start(msg, CTA_TUPLE_PROTO); + if (!proto) + goto nla_put_failure; + + if (nfnl_ct_test_proto(ct)) + NLA_PUT_U8(msg, CTA_PROTO_NUM, nfnl_ct_get_proto(ct)); + + if (nfnl_ct_test_src_port(ct, repl)) + NLA_PUT_U16(msg, CTA_PROTO_SRC_PORT, + nfnl_ct_get_src_port(ct, repl)); + + if (nfnl_ct_test_dst_port(ct, repl)) + NLA_PUT_U16(msg, CTA_PROTO_DST_PORT, + nfnl_ct_get_dst_port(ct, repl)); + + if (nfnl_ct_test_icmp_id(ct, repl)) + NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID, + nfnl_ct_get_icmp_id(ct, repl)); + + if (nfnl_ct_test_icmp_type(ct, repl)) + NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE, + nfnl_ct_get_icmp_type(ct, repl)); + + if (nfnl_ct_test_icmp_code(ct, repl)) + NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE, + nfnl_ct_get_icmp_code(ct, repl)); + + nla_nest_end(msg, proto); + + nla_nest_end(msg, tuple); + return 0; + +nla_put_failure: + return -1; +} + +static struct nl_msg *nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags) +{ + struct nl_msg *msg; + + msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags, + nfnl_ct_get_family(ct), 0); + if (msg == NULL) + return NULL; + + if (nfnl_ct_build_tuple(msg, ct, 0) < 0) + goto err_out; + + return msg; + +err_out: + nlmsg_free(msg); + return NULL; +} + +struct nl_msg *nfnl_ct_build_add_request(const struct nfnl_ct *ct, int flags) +{ + return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_NEW, flags); +} + +int nfnl_ct_add(struct nl_handle *h, const struct nfnl_ct *ct, int flags) +{ + struct nl_msg *msg; + int err; + + msg = nfnl_ct_build_add_request(ct, flags); + if (msg == NULL) + return nl_errno(ENOMEM); + + err = nl_send_auto_complete(h, msg); + nlmsg_free(msg); + if (err < 0) + return err; + + return nl_wait_for_ack(h); +} + +struct nl_msg *nfnl_ct_build_delete_request(const struct nfnl_ct *ct, int flags) +{ + return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_DELETE, flags); +} + +int nfnl_ct_del(struct nl_handle *h, const struct nfnl_ct *ct, int flags) +{ + struct nl_msg *msg; + int err; + + msg = nfnl_ct_build_delete_request(ct, flags); + if (msg == NULL) + return nl_errno(ENOMEM); + + err = nl_send_auto_complete(h, msg); + nlmsg_free(msg); + if (err < 0) + return err; + + return nl_wait_for_ack(h); +} + +struct nl_msg *nfnl_ct_build_query_request(const struct nfnl_ct *ct, int flags) +{ + return nfnl_ct_build_message(ct, IPCTNL_MSG_CT_GET, flags); +} + +int nfnl_ct_query(struct nl_handle *h, const struct nfnl_ct *ct, int flags) +{ + struct nl_msg *msg; + int err; + + msg = nfnl_ct_build_query_request(ct, flags); + if (msg == NULL) + return nl_errno(ENOMEM); + + err = nl_send_auto_complete(h, msg); + nlmsg_free(msg); + if (err < 0) + return err; + + return nl_wait_for_ack(h); +} + /** * @name Cache Management * @{ -- 2.40.0