Use the new libmnl version, remove duplicated code. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- Something similar for the build path would be good to remove duplicated code, while leaving the libnfnetlink API in place. include/internal/prototypes.h | 5 - src/callback.c | 8 +- src/conntrack/Makefile.am | 2 +- src/conntrack/api.c | 31 ++- src/conntrack/parse.c | 627 ------------------------------------------ src/expect/Makefile.am | 2 +- src/expect/api.c | 30 +- src/expect/parse.c | 120 -------- 8 files changed, 45 insertions(+), 780 deletions(-) delete mode 100644 src/conntrack/parse.c delete mode 100644 src/expect/parse.c diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h index 251e57d4b277..c0047b3b2f01 100644 --- a/include/internal/prototypes.h +++ b/include/internal/prototypes.h @@ -6,9 +6,6 @@ */ int __build_conntrack(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, uint16_t type, uint16_t flags, const struct nf_conntrack *ct); void __build_tuple(struct nfnlhdr *req, size_t size, const struct __nfct_tuple *t, const int type); -int __parse_message_type(const struct nlmsghdr *nlh); -void __parse_conntrack(const struct nlmsghdr *nlh, struct nfattr *cda[], struct nf_conntrack *ct); -void __parse_tuple(const struct nfattr *attr, struct __nfct_tuple *tuple, int dir, uint32_t *set); int __snprintf_conntrack(char *buf, unsigned int len, const struct nf_conntrack *ct, unsigned int type, unsigned int msg_output, unsigned int flags, struct nfct_labelmap *); int __snprintf_address(char *buf, unsigned int len, const struct __nfct_tuple *tuple, const char *src_tag, const char *dst_tag); int __snprintf_protocol(char *buf, unsigned int len, const struct nf_conntrack *ct); @@ -47,8 +44,6 @@ int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int * expectation internal prototypes */ int __build_expect(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, uint16_t type, uint16_t flags, const struct nf_expect *exp); -int __parse_expect_message_type(const struct nlmsghdr *nlh); -void __parse_expect(const struct nlmsghdr *nlh, struct nfattr *cda[], struct nf_expect *exp); int __expect_callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); int __cmp_expect(const struct nf_expect *exp1, const struct nf_expect *exp2, unsigned int flags); int __snprintf_expect(char *buf, unsigned int len, const struct nf_expect *exp, unsigned int type, unsigned int msg_output, unsigned int flags); diff --git a/src/callback.c b/src/callback.c index 69640dacd71d..7671dd64ffe8 100644 --- a/src/callback.c +++ b/src/callback.c @@ -8,6 +8,7 @@ */ #include "internal/internal.h" +#include <libmnl/libmnl.h> static int __parse_message(const struct nlmsghdr *nlh) { @@ -29,6 +30,9 @@ static int __parse_message(const struct nlmsghdr *nlh) return ret; } +/* This function uses libmnl helpers, the nfa[] array is intentionally not used + * since it has a different layout. + */ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data) { int ret = NFNL_CB_STOP; @@ -52,7 +56,7 @@ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data) if (ct == NULL) return NFNL_CB_FAILURE; - __parse_conntrack(nlh, nfa, ct); + nfct_nlmsg_parse(nlh, ct); if (container->h->cb) { ret = container->h->cb(type, ct, container->data); @@ -66,7 +70,7 @@ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data) if (exp == NULL) return NFNL_CB_FAILURE; - __parse_expect(nlh, nfa, exp); + nfexp_nlmsg_parse(nlh, exp); if (container->h->expect_cb) { ret = container->h->expect_cb(type, exp, diff --git a/src/conntrack/Makefile.am b/src/conntrack/Makefile.am index e1d8768b7850..602ed33ffe60 100644 --- a/src/conntrack/Makefile.am +++ b/src/conntrack/Makefile.am @@ -5,7 +5,7 @@ noinst_LTLIBRARIES = libnfconntrack.la libnfconntrack_la_SOURCES = api.c \ getter.c setter.c \ labels.c \ - parse.c build.c \ + build.c \ parse_mnl.c build_mnl.c \ snprintf.c \ snprintf_default.c snprintf_xml.c \ diff --git a/src/conntrack/api.c b/src/conntrack/api.c index bed2e42c8f43..3a1746e4c050 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -12,6 +12,7 @@ #include <string.h> /* for memset */ #include <errno.h> #include <assert.h> +#include <libmnl/libmnl.h> #include "internal/internal.h" @@ -880,6 +881,23 @@ int nfct_build_query(struct nfnl_subsys_handle *ssh, return __build_query_ct(ssh, qt, data, buffer, size); } +static int __parse_message_type(const struct nlmsghdr *nlh) +{ + uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); + uint16_t flags = nlh->nlmsg_flags; + int ret = NFCT_T_UNKNOWN; + + if (type == IPCTNL_MSG_CT_NEW) { + if (flags & (NLM_F_CREATE|NLM_F_EXCL)) + ret = NFCT_T_NEW; + else + ret = NFCT_T_UPDATE; + } else if (type == IPCTNL_MSG_CT_DELETE) + ret = NFCT_T_DESTROY; + + return ret; +} + /** * nfct_parse_conntrack - translate a netlink message to a conntrack object * \param type do the translation iif the message type is of a certain type @@ -909,26 +927,15 @@ int nfct_parse_conntrack(enum nf_conntrack_msg_type type, struct nf_conntrack *ct) { unsigned int flags; - int len = nlh->nlmsg_len; - struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); - struct nfattr *cda[CTA_MAX]; assert(nlh != NULL); assert(ct != NULL); - len -= NLMSG_LENGTH(sizeof(struct nfgenmsg)); - if (len < 0) { - errno = EINVAL; - return NFCT_T_ERROR; - } - flags = __parse_message_type(nlh); if (!(flags & type)) return 0; - nfnl_parse_attr(cda, CTA_MAX, NFA_DATA(nfhdr), len); - - __parse_conntrack(nlh, cda, ct); + nfct_nlmsg_parse(nlh, ct); return flags; } diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c deleted file mode 100644 index 8c1d813bc9fb..000000000000 --- a/src/conntrack/parse.c +++ /dev/null @@ -1,627 +0,0 @@ -/* - * (C) 2005-2011 by Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -#include "internal/internal.h" -#include <limits.h> -#include <libmnl/libmnl.h> - -static void __parse_ip(const struct nfattr *attr, - struct __nfct_tuple *tuple, - const int dir, - uint32_t *set) -{ - struct nfattr *tb[CTA_IP_MAX]; - - nfnl_parse_nested(tb, CTA_IP_MAX, attr); - - if (tb[CTA_IP_V4_SRC-1]) { - tuple->src.v4 = *(uint32_t *)NFA_DATA(tb[CTA_IP_V4_SRC-1]); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_IPV4_SRC, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_IPV4_SRC, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_IPV4_SRC, set); - break; - } - } - - if (tb[CTA_IP_V4_DST-1]) { - tuple->dst.v4 = *(uint32_t *)NFA_DATA(tb[CTA_IP_V4_DST-1]); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_IPV4_DST, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_IPV4_DST, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_IPV4_DST, set); - break; - } - } - - if (tb[CTA_IP_V6_SRC-1]) { - memcpy(&tuple->src.v6, NFA_DATA(tb[CTA_IP_V6_SRC-1]), - sizeof(struct in6_addr)); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_IPV6_SRC, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_IPV6_SRC, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_IPV6_SRC, set); - break; - } - } - - if (tb[CTA_IP_V6_DST-1]) { - memcpy(&tuple->dst.v6, NFA_DATA(tb[CTA_IP_V6_DST-1]), - sizeof(struct in6_addr)); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_IPV6_DST, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_IPV6_DST, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_IPV6_DST, set); - break; - } - } -} - -static void __parse_proto(const struct nfattr *attr, - struct __nfct_tuple *tuple, - const int dir, - uint32_t *set) -{ - struct nfattr *tb[CTA_PROTO_MAX]; - - nfnl_parse_nested(tb, CTA_PROTO_MAX, attr); - - if (tb[CTA_PROTO_NUM-1]) { - tuple->protonum = *(uint8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_L4PROTO, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_L4PROTO, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_L4PROTO, set); - break; - } - } - - if (tb[CTA_PROTO_SRC_PORT-1]) { - tuple->l4src.tcp.port = - *(uint16_t *)NFA_DATA(tb[CTA_PROTO_SRC_PORT-1]); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_PORT_SRC, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_PORT_SRC, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_PORT_SRC, set); - break; - } - } - - if (tb[CTA_PROTO_DST_PORT-1]) { - tuple->l4dst.tcp.port = - *(uint16_t *)NFA_DATA(tb[CTA_PROTO_DST_PORT-1]); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_PORT_DST, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_PORT_DST, set); - break; - case __DIR_MASTER: - set_bit(ATTR_MASTER_PORT_DST, set); - break; - } - } - - if (tb[CTA_PROTO_ICMP_TYPE-1]) { - tuple->l4dst.icmp.type = - *(uint8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]); - set_bit(ATTR_ICMP_TYPE, set); - } - - if (tb[CTA_PROTO_ICMP_CODE-1]) { - tuple->l4dst.icmp.code = - *(uint8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]); - set_bit(ATTR_ICMP_CODE, set); - } - - if (tb[CTA_PROTO_ICMP_ID-1]) { - tuple->l4src.icmp.id = - *(uint16_t *)NFA_DATA(tb[CTA_PROTO_ICMP_ID-1]); - set_bit(ATTR_ICMP_ID, set); - } - - if (tb[CTA_PROTO_ICMPV6_TYPE-1]) { - tuple->l4dst.icmp.type = - *(uint8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_TYPE-1]); - set_bit(ATTR_ICMP_TYPE, set); - } - - if (tb[CTA_PROTO_ICMPV6_CODE-1]) { - tuple->l4dst.icmp.code = - *(uint8_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_CODE-1]); - set_bit(ATTR_ICMP_CODE, set); - } - - if (tb[CTA_PROTO_ICMPV6_ID-1]) { - tuple->l4src.icmp.id = - *(uint16_t *)NFA_DATA(tb[CTA_PROTO_ICMPV6_ID-1]); - set_bit(ATTR_ICMP_ID, set); - } -} - -void __parse_tuple(const struct nfattr *attr, - struct __nfct_tuple *tuple, - int dir, - uint32_t *set) -{ - struct nfattr *tb[CTA_TUPLE_MAX]; - - nfnl_parse_nested(tb, CTA_TUPLE_MAX, attr); - - if (tb[CTA_TUPLE_IP-1]) - __parse_ip(tb[CTA_TUPLE_IP-1], tuple, dir, set); - if (tb[CTA_TUPLE_PROTO-1]) - __parse_proto(tb[CTA_TUPLE_PROTO-1], tuple, dir, set); - - if (tb[CTA_TUPLE_ZONE-1]) { - tuple->zone = ntohs(*(uint16_t *)NFA_DATA(tb[CTA_TUPLE_ZONE-1])); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_ZONE, set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_ZONE, set); - break; - } - } -} - -static void __parse_protoinfo_tcp(const struct nfattr *attr, - struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_PROTOINFO_TCP_MAX]; - - nfnl_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr); - - if (tb[CTA_PROTOINFO_TCP_STATE-1]) { - ct->protoinfo.tcp.state = - *(uint8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); - set_bit(ATTR_TCP_STATE, ct->head.set); - } - - if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]) { - memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG], - NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]), - sizeof(uint8_t)); - set_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set); - } - - if (tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]) { - memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL], - NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]), - sizeof(uint8_t)); - set_bit(ATTR_TCP_WSCALE_REPL, ct->head.set); - } - - if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) { - memcpy(&ct->protoinfo.tcp.flags[0], - NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]), - sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set); - set_bit(ATTR_TCP_MASK_ORIG, ct->head.set); - } - - if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) { - memcpy(&ct->protoinfo.tcp.flags[1], - NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]), - sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_REPL, ct->head.set); - set_bit(ATTR_TCP_MASK_REPL, ct->head.set); - } -} - -static void __parse_protoinfo_sctp(const struct nfattr *attr, - struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_PROTOINFO_SCTP_MAX]; - - nfnl_parse_nested(tb, CTA_PROTOINFO_SCTP_MAX, attr); - - if (tb[CTA_PROTOINFO_SCTP_STATE-1]) { - ct->protoinfo.sctp.state = - *(uint8_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_STATE-1]); - set_bit(ATTR_SCTP_STATE, ct->head.set); - } - - if (tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1]) { - ct->protoinfo.sctp.vtag[__DIR_ORIG] = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1])); - set_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set); - } - - if (tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1]) { - ct->protoinfo.sctp.vtag[__DIR_REPL] = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1])); - set_bit(ATTR_SCTP_VTAG_REPL, ct->head.set); - } - -} - -static void __parse_protoinfo_dccp(const struct nfattr *attr, - struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_PROTOINFO_DCCP_MAX]; - - nfnl_parse_nested(tb, CTA_PROTOINFO_DCCP_MAX, attr); - - if (tb[CTA_PROTOINFO_DCCP_STATE-1]) { - ct->protoinfo.dccp.state = - *(uint8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]); - set_bit(ATTR_DCCP_STATE, ct->head.set); - } - if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) { - ct->protoinfo.dccp.role = - *(uint8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]); - set_bit(ATTR_DCCP_ROLE, ct->head.set); - } - if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]) { - uint64_t tmp; - memcpy(&tmp, - NFA_DATA(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]), - sizeof(tmp)); - ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp); - set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set); - } -} - -static void __parse_protoinfo(const struct nfattr *attr, - struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_PROTOINFO_MAX]; - - nfnl_parse_nested(tb, CTA_PROTOINFO_MAX, attr); - - if (tb[CTA_PROTOINFO_TCP-1]) - __parse_protoinfo_tcp(tb[CTA_PROTOINFO_TCP-1], ct); - - if (tb[CTA_PROTOINFO_SCTP-1]) - __parse_protoinfo_sctp(tb[CTA_PROTOINFO_SCTP-1], ct); - - if (tb[CTA_PROTOINFO_DCCP-1]) - __parse_protoinfo_dccp(tb[CTA_PROTOINFO_DCCP-1], ct); -} - -static void __parse_counters(const struct nfattr *attr, - struct nf_conntrack *ct, - int dir) -{ - struct nfattr *tb[CTA_COUNTERS_MAX]; - - nfnl_parse_nested(tb, CTA_COUNTERS_MAX, attr); - if (tb[CTA_COUNTERS_PACKETS-1] || tb[CTA_COUNTERS32_PACKETS-1]) { - - if (tb[CTA_COUNTERS32_PACKETS-1]) - ct->counters[dir].packets - = ntohl(*(uint32_t *) - NFA_DATA(tb[CTA_COUNTERS32_PACKETS-1])); - - if (tb[CTA_COUNTERS_PACKETS-1]) { - uint64_t tmp; - memcpy(&tmp, - NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]), - sizeof(tmp)); - ct->counters[dir].packets = __be64_to_cpu(tmp); - } - - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set); - break; - } - } - if (tb[CTA_COUNTERS_BYTES-1] || tb[CTA_COUNTERS32_BYTES-1]) { - - if (tb[CTA_COUNTERS32_BYTES-1]) - ct->counters[dir].bytes - = ntohl(*(uint32_t *) - NFA_DATA(tb[CTA_COUNTERS32_BYTES-1])); - - if (tb[CTA_COUNTERS_BYTES-1]) { - uint64_t tmp; - memcpy(&tmp, - NFA_DATA(tb[CTA_COUNTERS_BYTES-1]), - sizeof(tmp)); - ct->counters[dir].bytes = __be64_to_cpu(tmp); - } - - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set); - break; - } - } -} - -static void -__parse_nat_seq(const struct nfattr *attr, struct nf_conntrack *ct, int dir) -{ - struct nfattr *tb[CTA_NAT_SEQ_MAX]; - - nfnl_parse_nested(tb, CTA_NAT_SEQ_MAX, attr); - - if (tb[CTA_NAT_SEQ_CORRECTION_POS-1]) { - ct->natseq[dir].correction_pos = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1])); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set); - break; - } - } - - if (tb[CTA_NAT_SEQ_OFFSET_BEFORE-1]) { - ct->natseq[dir].offset_before = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_BEFORE-1])); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set); - break; - } - } - - if (tb[CTA_NAT_SEQ_OFFSET_AFTER-1]) { - ct->natseq[dir].offset_after = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_AFTER-1])); - switch(dir) { - case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set); - break; - case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set); - break; - } - } -} - -static void __parse_synproxy(const struct nfattr *attr, struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_SYNPROXY_MAX]; - - nfnl_parse_nested(tb, CTA_SYNPROXY_MAX, attr); - - if (tb[CTA_SYNPROXY_ISN - 1]) { - ct->synproxy.isn = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_SYNPROXY_ISN-1])); - set_bit(ATTR_SYNPROXY_ISN, ct->head.set); - } - - if (tb[CTA_SYNPROXY_ITS - 1]) { - ct->synproxy.its = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_SYNPROXY_ITS-1])); - set_bit(ATTR_SYNPROXY_ITS, ct->head.set); - } - - if (tb[CTA_SYNPROXY_TSOFF - 1]) { - ct->synproxy.tsoff = - ntohl(*(uint32_t *)NFA_DATA(tb[CTA_SYNPROXY_TSOFF-1])); - set_bit(ATTR_SYNPROXY_TSOFF, ct->head.set); - } -} - -static void -__parse_helper(const struct nfattr *attr, struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_HELP_MAX]; - - nfnl_parse_nested(tb, CTA_HELP_MAX, attr); - if (!tb[CTA_HELP_NAME-1]) - return; - - strncpy(ct->helper_name, - NFA_DATA(tb[CTA_HELP_NAME-1]), - NFCT_HELPER_NAME_MAX); - ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0'; - set_bit(ATTR_HELPER_NAME, ct->head.set); -} - -static void -__parse_secctx(const struct nfattr *attr, struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_SECCTX_MAX]; - - nfnl_parse_nested(tb, CTA_SECCTX_MAX, attr); - if (!tb[CTA_SECCTX_NAME-1]) - return; - - ct->secctx = strdup(NFA_DATA(tb[CTA_SECCTX_NAME-1])); - if (ct->secctx) - set_bit(ATTR_SECCTX, ct->head.set); -} - -int __parse_message_type(const struct nlmsghdr *nlh) -{ - uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); - uint16_t flags = nlh->nlmsg_flags; - int ret = NFCT_T_UNKNOWN; - - if (type == IPCTNL_MSG_CT_NEW) { - if (flags & (NLM_F_CREATE|NLM_F_EXCL)) - ret = NFCT_T_NEW; - else - ret = NFCT_T_UPDATE; - } else if (type == IPCTNL_MSG_CT_DELETE) - ret = NFCT_T_DESTROY; - - return ret; -} - -static void -__parse_timestamp(const struct nfattr *attr, struct nf_conntrack *ct) -{ - struct nfattr *tb[CTA_TIMESTAMP_MAX]; - - nfnl_parse_nested(tb, CTA_TIMESTAMP_MAX, attr); - if (tb[CTA_TIMESTAMP_START-1]) { - uint64_t tmp; - memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_START-1]), sizeof(tmp)); - ct->timestamp.start = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_START, ct->head.set); - } - if (tb[CTA_TIMESTAMP_STOP-1]) { - uint64_t tmp; - memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_STOP-1]), sizeof(tmp)); - ct->timestamp.stop = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_STOP, ct->head.set); - } -} - -static void -__parse_labels(const struct nfattr *attr, struct nf_conntrack *ct) -{ - struct nfct_bitmask *mask; - uint16_t len; - - len = NFA_PAYLOAD(attr); - if (len) { - mask = nfct_bitmask_new((len * CHAR_BIT) - 1); - if (!mask) - return; - memcpy(mask->bits, NFA_DATA(attr), len); - nfct_set_attr(ct, ATTR_CONNLABELS, mask); - } -} - -void __parse_conntrack(const struct nlmsghdr *nlh, - struct nfattr *cda[], - struct nf_conntrack *ct) -{ - struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); - - if (cda[CTA_TUPLE_ORIG-1]) { - ct->head.orig.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, ct->head.set); - - __parse_tuple(cda[CTA_TUPLE_ORIG-1], - &ct->head.orig, __DIR_ORIG, ct->head.set); - } - - if (cda[CTA_TUPLE_REPLY-1]) { - ct->repl.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_REPL_L3PROTO, ct->head.set); - - __parse_tuple(cda[CTA_TUPLE_REPLY-1], - &ct->repl, __DIR_REPL, ct->head.set); - } - - if (cda[CTA_TUPLE_MASTER-1]) { - ct->master.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_MASTER_L3PROTO, ct->head.set); - - __parse_tuple(cda[CTA_TUPLE_MASTER-1], - &ct->master, __DIR_MASTER, ct->head.set); - } - - if (cda[CTA_NAT_SEQ_ADJ_ORIG-1]) - __parse_nat_seq(cda[CTA_NAT_SEQ_ADJ_ORIG-1], ct, __DIR_ORIG); - - if (cda[CTA_NAT_SEQ_ADJ_REPLY-1]) - __parse_nat_seq(cda[CTA_NAT_SEQ_ADJ_REPLY-1], ct, __DIR_REPL); - - if (cda[CTA_STATUS-1]) { - ct->status = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_STATUS-1])); - set_bit(ATTR_STATUS, ct->head.set); - } - - if (cda[CTA_PROTOINFO-1]) - __parse_protoinfo(cda[CTA_PROTOINFO-1], ct); - - if (cda[CTA_TIMEOUT-1]) { - ct->timeout = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_TIMEOUT-1])); - set_bit(ATTR_TIMEOUT, ct->head.set); - } - - if (cda[CTA_MARK-1]) { - ct->mark = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_MARK-1])); - set_bit(ATTR_MARK, ct->head.set); - } - - if (cda[CTA_SECMARK-1]) { - ct->secmark = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_SECMARK-1])); - set_bit(ATTR_SECMARK, ct->head.set); - } - - if (cda[CTA_COUNTERS_ORIG-1]) - __parse_counters(cda[CTA_COUNTERS_ORIG-1], ct, __DIR_ORIG); - - if (cda[CTA_COUNTERS_REPLY-1]) - __parse_counters(cda[CTA_COUNTERS_REPLY-1], ct, __DIR_REPL); - - if (cda[CTA_USE-1]) { - ct->use = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_USE-1])); - set_bit(ATTR_USE, ct->head.set); - } - - if (cda[CTA_ID-1]) { - ct->id = ntohl(*(uint32_t *)NFA_DATA(cda[CTA_ID-1])); - set_bit(ATTR_ID, ct->head.set); - } - - if (cda[CTA_HELP-1]) - __parse_helper(cda[CTA_HELP-1], ct); - - if (cda[CTA_ZONE-1]) { - ct->zone = ntohs(*(uint16_t *)NFA_DATA(cda[CTA_ZONE-1])); - set_bit(ATTR_ZONE, ct->head.set); - } - - if (cda[CTA_SECCTX-1]) - __parse_secctx(cda[CTA_SECCTX-1], ct); - - if (cda[CTA_TIMESTAMP-1]) - __parse_timestamp(cda[CTA_TIMESTAMP-1], ct); - - if (cda[CTA_LABELS-1]) - __parse_labels(cda[CTA_LABELS-1], ct); - - if (cda[CTA_SYNPROXY-1]) - __parse_synproxy(cda[CTA_SYNPROXY-1], ct); -} diff --git a/src/expect/Makefile.am b/src/expect/Makefile.am index 61d5cbdc709e..8f07daff7758 100644 --- a/src/expect/Makefile.am +++ b/src/expect/Makefile.am @@ -5,7 +5,7 @@ noinst_LTLIBRARIES = libnfexpect.la libnfexpect_la_SOURCES = api.c \ compare.c \ getter.c setter.c \ - parse.c build.c \ + build.c \ snprintf.c \ snprintf_default.c \ snprintf_xml.c \ diff --git a/src/expect/api.c b/src/expect/api.c index 3f1763038ede..b50a47f171c1 100644 --- a/src/expect/api.c +++ b/src/expect/api.c @@ -594,6 +594,23 @@ int nfexp_build_query(struct nfnl_subsys_handle *ssh, return __build_query_exp(ssh, qt, data, buffer, size); } +static int __parse_expect_message_type(const struct nlmsghdr *nlh) +{ + uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); + uint16_t flags = nlh->nlmsg_flags; + int ret = NFCT_T_UNKNOWN; + + if (type == IPCTNL_MSG_EXP_NEW) { + if (flags & (NLM_F_CREATE|NLM_F_EXCL)) + ret = NFCT_T_NEW; + else + ret = NFCT_T_UPDATE; + } else if (type == IPCTNL_MSG_EXP_DELETE) + ret = NFCT_T_DESTROY; + + return ret; +} + /** * nfexp_parse_expect - translate a netlink message to a conntrack object * \param type do the translation iif the message type is of a certain type @@ -623,26 +640,15 @@ int nfexp_parse_expect(enum nf_conntrack_msg_type type, struct nf_expect *exp) { unsigned int flags; - int len = nlh->nlmsg_len; - struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); - struct nfattr *cda[CTA_EXPECT_MAX]; assert(nlh != NULL); assert(exp != NULL); - len -= NLMSG_LENGTH(sizeof(struct nfgenmsg)); - if (len < 0) { - errno = EINVAL; - return NFCT_T_ERROR; - } - flags = __parse_expect_message_type(nlh); if (!(flags & type)) return 0; - nfnl_parse_attr(cda, CTA_EXPECT_MAX, NFA_DATA(nfhdr), len); - - __parse_expect(nlh, cda, exp); + nfexp_nlmsg_parse(nlh, exp); return flags; } diff --git a/src/expect/parse.c b/src/expect/parse.c deleted file mode 100644 index 9b944a6accca..000000000000 --- a/src/expect/parse.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * (C) 2005-2011 by Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -#include "internal/internal.h" - -int __parse_expect_message_type(const struct nlmsghdr *nlh) -{ - uint16_t type = NFNL_MSG_TYPE(nlh->nlmsg_type); - uint16_t flags = nlh->nlmsg_flags; - int ret = NFCT_T_UNKNOWN; - - if (type == IPCTNL_MSG_EXP_NEW) { - if (flags & (NLM_F_CREATE|NLM_F_EXCL)) - ret = NFCT_T_NEW; - else - ret = NFCT_T_UPDATE; - } else if (type == IPCTNL_MSG_EXP_DELETE) - ret = NFCT_T_DESTROY; - - return ret; -} - -void __parse_expect(const struct nlmsghdr *nlh, - struct nfattr *cda[], - struct nf_expect *exp) -{ - struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); - - /* XXX: this is ugly, clean it up, please */ - exp->expected.orig.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, exp->expected.set); - - exp->mask.orig.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, exp->mask.set); - - exp->master.orig.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, exp->master.set); - - if (cda[CTA_EXPECT_MASTER-1]) { - __parse_tuple(cda[CTA_EXPECT_MASTER-1], - &exp->master.orig, - __DIR_ORIG, - exp->master.set); - set_bit(ATTR_EXP_MASTER, exp->set); - } - if (cda[CTA_EXPECT_TUPLE-1]) { - __parse_tuple(cda[CTA_EXPECT_TUPLE-1], - &exp->expected.orig, - __DIR_ORIG, - exp->expected.set); - set_bit(ATTR_EXP_EXPECTED, exp->set); - } - if (cda[CTA_EXPECT_MASK-1]) { - __parse_tuple(cda[CTA_EXPECT_MASK-1], - &exp->mask.orig, - __DIR_ORIG, - exp->mask.set); - set_bit(ATTR_EXP_MASK, exp->set); - } - if (cda[CTA_EXPECT_TIMEOUT-1]) { - exp->timeout = - ntohl(*(uint32_t *)NFA_DATA(cda[CTA_EXPECT_TIMEOUT-1])); - set_bit(ATTR_EXP_TIMEOUT, exp->set); - } - - if (cda[CTA_EXPECT_ZONE-1]) { - exp->zone = - ntohs(*(uint16_t *)NFA_DATA(cda[CTA_EXPECT_ZONE-1])); - set_bit(ATTR_EXP_ZONE, exp->set); - } - if (cda[CTA_EXPECT_FLAGS-1]) { - exp->flags = - ntohl(*(uint32_t *)NFA_DATA(cda[CTA_EXPECT_FLAGS-1])); - set_bit(ATTR_EXP_FLAGS, exp->set); - } - if (cda[CTA_EXPECT_HELP_NAME-1]) { - strncpy(exp->helper_name, NFA_DATA(cda[CTA_EXPECT_HELP_NAME-1]), - NFA_PAYLOAD(cda[CTA_EXPECT_HELP_NAME-1])); - set_bit(ATTR_EXP_HELPER_NAME, exp->set); - } - if (cda[CTA_EXPECT_CLASS-1]) { - exp->class = - ntohl(*(uint32_t *)NFA_DATA(cda[CTA_EXPECT_CLASS-1])); - set_bit(ATTR_EXP_CLASS, exp->set); - } - if (cda[CTA_EXPECT_NAT-1]) { - struct nfattr *tb[CTA_EXPECT_NAT_MAX]; - - exp->nat.orig.l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, exp->nat.set); - - nfnl_parse_nested(tb, CTA_EXPECT_NAT_MAX, - cda[CTA_EXPECT_NAT-1]); - - if (tb[CTA_EXPECT_NAT_TUPLE-1]) { - __parse_tuple(tb[CTA_EXPECT_NAT_TUPLE-1], - &exp->nat.orig, - __DIR_ORIG, - exp->nat.set); - set_bit(ATTR_EXP_NAT_TUPLE, exp->set); - } - if (tb[CTA_EXPECT_NAT_DIR-1]) { - exp->nat_dir = - ntohl(*((uint32_t *) - NFA_DATA(tb[CTA_EXPECT_NAT_DIR-1]))); - set_bit(ATTR_EXP_NAT_DIR, exp->set); - } - } - if (cda[CTA_EXPECT_FN-1]) { - strcpy(exp->expectfn, NFA_DATA(cda[CTA_EXPECT_FN-1])); - exp->expectfn[__NFCT_EXPECTFN_MAX-1] = '\0'; - set_bit(ATTR_EXP_FN, exp->set); - } -} -- 2.11.0