Re: [PATCH lnf-log 3/3] utils: nf-log: attaching a conntrack information

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Mon, 12 Oct 2015 17:26:30 +0200

On Fri, Sep 11, 2015 at 12:15:35PM +0900, Ken-ichirou MATSUZAWA wrote:
> diff --git a/utils/nf-log.c b/utils/nf-log.c
> index 5f2a192..1418af4 100644
> --- a/utils/nf-log.c
> +++ b/utils/nf-log.c
> @@ -3,15 +3,108 @@
>  #include <stdlib.h>
>  #include <arpa/inet.h>
>  
> -#include <linux/netfilter/nfnetlink_log.h>
> +/* #include <linux/netfilter/nfnetlink_log.h> */

Do you remember why you had to comment out this line?

> +#include <libnetfilter_log/linux_nfnetlink_log.h>
>  
>  #include <libmnl/libmnl.h>
>  #include <libnetfilter_log/libnetfilter_log.h>
>  
> +#include "../config.h"
> +#ifdef BUILD_NFCT
> +#include <linux/netfilter/nf_conntrack_common.h>
> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> +#endif
> +
> +#ifdef BUILD_NFCT
> +static int print_ctinfo(const struct nlattr *const attr)
> +{
> +	char *s = NULL;
> +
> +	if (attr == NULL)
> +		return MNL_CB_OK;
> +
> +	switch (ntohl(mnl_attr_get_u32(attr))) {
> +	case IP_CT_ESTABLISHED:
> +		s = "IP_CT_ESTABLISHED";

For this example, you can probably simplify this with.

        case IP_CT_ESTABLISHED:
        case IP_CT_ESTABLISHED_REPLY:
                s = "ESTABLISHED";

> +		break;
> +	case IP_CT_RELATED:
> +		s = "IP_CT_RELATED";
> +		break;
> +	case IP_CT_NEW:
> +		s = "IP_CT_NEW";
> +		break;
> +	case IP_CT_IS_REPLY:
> +		s = "IP_CT_IS_REPLY";
> +		break;

IP_CT_IS_REPLY is never used alone, it's is always combined with NEW,
ESTABLISHED, RELATED states.

> +	/* case IP_CT_ESTABLISHED_REPLY: == IP_CT_IS_REPLY
> +	 *	s = "IP_CT_ESTABLISHED_REPLY";
> +	 *	break;
> +	 */
> +	case IP_CT_RELATED_REPLY:
> +		s = "IP_CT_RELATED_REPLY";
> +		break;
> +	case IP_CT_NEW_REPLY:
> +		s = "IP_CT_NEW_REPLY";
> +		break;
> +	/* case IP_CT_NUMBER: == IP_CT_NEW_REPLY
> +	 *	s ="IP_CT_NUMBER";
> +	 *	break;
> +	 */

IP_CT_NUMBER should never happen. Please remove this code.

Same applied to the libnetfilter_queue example that you posted.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html