diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-11-28 20:35:32 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:28 -0500 |
commit | 7b621c1ea64a54f77b8a841b16dc4c9fee3ecf48 (patch) | |
tree | b9d03862dd609fe128098399d35c0436cca720f8 | |
parent | bbb3357d14f6becd156469220992ef7ab0f10e69 (diff) |
[NETFILTER]: ctnetlink: rework conntrack fields dumping logic on events
| NEW | UPDATE | DESTROY |
----------------------------------------|
tuples | Y | Y | Y |
status | Y | Y | N |
timeout | Y | Y | N |
protoinfo | S | S | N |
helper | S | S | N |
mark | S | S | N |
counters | F | F | Y |
Leyend:
Y: yes
N: no
S: iif the field is set
F: iif overflow
This patch also replace IPCT_HELPINFO by IPCT_HELPER since we want to
track the helper assignation process, not the changes in the private
information held by the helper.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 49 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 49 |
2 files changed, 54 insertions, 44 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index d5d2efddba57..5fcf91d617cd 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
@@ -320,8 +320,6 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
320 | } else if (events & (IPCT_NEW | IPCT_RELATED)) { | 320 | } else if (events & (IPCT_NEW | IPCT_RELATED)) { |
321 | type = IPCTNL_MSG_CT_NEW; | 321 | type = IPCTNL_MSG_CT_NEW; |
322 | flags = NLM_F_CREATE|NLM_F_EXCL; | 322 | flags = NLM_F_CREATE|NLM_F_EXCL; |
323 | /* dump everything */ | ||
324 | events = ~0UL; | ||
325 | group = NFNLGRP_CONNTRACK_NEW; | 323 | group = NFNLGRP_CONNTRACK_NEW; |
326 | } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { | 324 | } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { |
327 | type = IPCTNL_MSG_CT_NEW; | 325 | type = IPCTNL_MSG_CT_NEW; |
@@ -356,28 +354,35 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
356 | if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) | 354 | if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) |
357 | goto nfattr_failure; | 355 | goto nfattr_failure; |
358 | NFA_NEST_END(skb, nest_parms); | 356 | NFA_NEST_END(skb, nest_parms); |
359 | |||
360 | /* NAT stuff is now a status flag */ | ||
361 | if ((events & IPCT_STATUS || events & IPCT_NATINFO) | ||
362 | && ctnetlink_dump_status(skb, ct) < 0) | ||
363 | goto nfattr_failure; | ||
364 | if (events & IPCT_REFRESH | ||
365 | && ctnetlink_dump_timeout(skb, ct) < 0) | ||
366 | goto nfattr_failure; | ||
367 | if (events & IPCT_PROTOINFO | ||
368 | && ctnetlink_dump_protoinfo(skb, ct) < 0) | ||
369 | goto nfattr_failure; | ||
370 | if (events & IPCT_HELPINFO | ||
371 | && ctnetlink_dump_helpinfo(skb, ct) < 0) | ||
372 | goto nfattr_failure; | ||
373 | 357 | ||
374 | if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || | 358 | if (events & IPCT_DESTROY) { |
375 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) | 359 | if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || |
376 | goto nfattr_failure; | 360 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) |
361 | goto nfattr_failure; | ||
362 | } else { | ||
363 | if (ctnetlink_dump_status(skb, ct) < 0) | ||
364 | goto nfattr_failure; | ||
377 | 365 | ||
378 | if (events & IPCT_MARK | 366 | if (ctnetlink_dump_timeout(skb, ct) < 0) |
379 | && ctnetlink_dump_mark(skb, ct) < 0) | 367 | goto nfattr_failure; |
380 | goto nfattr_failure; | 368 | |
369 | if (events & IPCT_PROTOINFO | ||
370 | && ctnetlink_dump_protoinfo(skb, ct) < 0) | ||
371 | goto nfattr_failure; | ||
372 | |||
373 | if ((events & IPCT_HELPER || ct->helper) | ||
374 | && ctnetlink_dump_helpinfo(skb, ct) < 0) | ||
375 | goto nfattr_failure; | ||
376 | |||
377 | if ((events & IPCT_MARK || ct->mark) | ||
378 | && ctnetlink_dump_mark(skb, ct) < 0) | ||
379 | goto nfattr_failure; | ||
380 | |||
381 | if (events & IPCT_COUNTER_FILLING && | ||
382 | (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || | ||
383 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)) | ||
384 | goto nfattr_failure; | ||
385 | } | ||
381 | 386 | ||
382 | nlh->nlmsg_len = skb->tail - b; | 387 | nlh->nlmsg_len = skb->tail - b; |
383 | nfnetlink_send(skb, 0, group, 0); | 388 | nfnetlink_send(skb, 0, group, 0); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index ba77183be2f3..e3a720472123 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -331,8 +331,6 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
331 | } else if (events & (IPCT_NEW | IPCT_RELATED)) { | 331 | } else if (events & (IPCT_NEW | IPCT_RELATED)) { |
332 | type = IPCTNL_MSG_CT_NEW; | 332 | type = IPCTNL_MSG_CT_NEW; |
333 | flags = NLM_F_CREATE|NLM_F_EXCL; | 333 | flags = NLM_F_CREATE|NLM_F_EXCL; |
334 | /* dump everything */ | ||
335 | events = ~0UL; | ||
336 | group = NFNLGRP_CONNTRACK_NEW; | 334 | group = NFNLGRP_CONNTRACK_NEW; |
337 | } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { | 335 | } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { |
338 | type = IPCTNL_MSG_CT_NEW; | 336 | type = IPCTNL_MSG_CT_NEW; |
@@ -367,28 +365,35 @@ static int ctnetlink_conntrack_event(struct notifier_block *this, | |||
367 | if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) | 365 | if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) |
368 | goto nfattr_failure; | 366 | goto nfattr_failure; |
369 | NFA_NEST_END(skb, nest_parms); | 367 | NFA_NEST_END(skb, nest_parms); |
370 | |||
371 | /* NAT stuff is now a status flag */ | ||
372 | if ((events & IPCT_STATUS || events & IPCT_NATINFO) | ||
373 | && ctnetlink_dump_status(skb, ct) < 0) | ||
374 | goto nfattr_failure; | ||
375 | if (events & IPCT_REFRESH | ||
376 | && ctnetlink_dump_timeout(skb, ct) < 0) | ||
377 | goto nfattr_failure; | ||
378 | if (events & IPCT_PROTOINFO | ||
379 | && ctnetlink_dump_protoinfo(skb, ct) < 0) | ||
380 | goto nfattr_failure; | ||
381 | if (events & IPCT_HELPINFO | ||
382 | && ctnetlink_dump_helpinfo(skb, ct) < 0) | ||
383 | goto nfattr_failure; | ||
384 | 368 | ||
385 | if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || | 369 | if (events & IPCT_DESTROY) { |
386 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) | 370 | if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || |
387 | goto nfattr_failure; | 371 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) |
372 | goto nfattr_failure; | ||
373 | } else { | ||
374 | if (ctnetlink_dump_status(skb, ct) < 0) | ||
375 | goto nfattr_failure; | ||
388 | 376 | ||
389 | if (events & IPCT_MARK | 377 | if (ctnetlink_dump_timeout(skb, ct) < 0) |
390 | && ctnetlink_dump_mark(skb, ct) < 0) | 378 | goto nfattr_failure; |
391 | goto nfattr_failure; | 379 | |
380 | if (events & IPCT_PROTOINFO | ||
381 | && ctnetlink_dump_protoinfo(skb, ct) < 0) | ||
382 | goto nfattr_failure; | ||
383 | |||
384 | if ((events & IPCT_HELPER || nfct_help(ct)) | ||
385 | && ctnetlink_dump_helpinfo(skb, ct) < 0) | ||
386 | goto nfattr_failure; | ||
387 | |||
388 | if ((events & IPCT_MARK || ct->mark) | ||
389 | && ctnetlink_dump_mark(skb, ct) < 0) | ||
390 | goto nfattr_failure; | ||
391 | |||
392 | if (events & IPCT_COUNTER_FILLING && | ||
393 | (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || | ||
394 | ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)) | ||
395 | goto nfattr_failure; | ||
396 | } | ||
392 | 397 | ||
393 | nlh->nlmsg_len = skb->tail - b; | 398 | nlh->nlmsg_len = skb->tail - b; |
394 | nfnetlink_send(skb, 0, group, 0); | 399 | nfnetlink_send(skb, 0, group, 0); |