aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2006-11-28 20:35:32 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:31:28 -0500
commit7b621c1ea64a54f77b8a841b16dc4c9fee3ecf48 (patch)
treeb9d03862dd609fe128098399d35c0436cca720f8
parentbbb3357d14f6becd156469220992ef7ab0f10e69 (diff)
[NETFILTER]: ctnetlink: rework conntrack fields dumping logic on events
| NEW | UPDATE | DESTROY | ----------------------------------------| tuples | Y | Y | Y | status | Y | Y | N | timeout | Y | Y | N | protoinfo | S | S | N | helper | S | S | N | mark | S | S | N | counters | F | F | Y | Leyend: Y: yes N: no S: iif the field is set F: iif overflow This patch also replace IPCT_HELPINFO by IPCT_HELPER since we want to track the helper assignation process, not the changes in the private information held by the helper. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c49
-rw-r--r--net/netfilter/nf_conntrack_netlink.c49
2 files changed, 54 insertions, 44 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index d5d2efddba57..5fcf91d617cd 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -320,8 +320,6 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
320 } else if (events & (IPCT_NEW | IPCT_RELATED)) { 320 } else if (events & (IPCT_NEW | IPCT_RELATED)) {
321 type = IPCTNL_MSG_CT_NEW; 321 type = IPCTNL_MSG_CT_NEW;
322 flags = NLM_F_CREATE|NLM_F_EXCL; 322 flags = NLM_F_CREATE|NLM_F_EXCL;
323 /* dump everything */
324 events = ~0UL;
325 group = NFNLGRP_CONNTRACK_NEW; 323 group = NFNLGRP_CONNTRACK_NEW;
326 } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { 324 } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) {
327 type = IPCTNL_MSG_CT_NEW; 325 type = IPCTNL_MSG_CT_NEW;
@@ -356,28 +354,35 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
356 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) 354 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
357 goto nfattr_failure; 355 goto nfattr_failure;
358 NFA_NEST_END(skb, nest_parms); 356 NFA_NEST_END(skb, nest_parms);
359
360 /* NAT stuff is now a status flag */
361 if ((events & IPCT_STATUS || events & IPCT_NATINFO)
362 && ctnetlink_dump_status(skb, ct) < 0)
363 goto nfattr_failure;
364 if (events & IPCT_REFRESH
365 && ctnetlink_dump_timeout(skb, ct) < 0)
366 goto nfattr_failure;
367 if (events & IPCT_PROTOINFO
368 && ctnetlink_dump_protoinfo(skb, ct) < 0)
369 goto nfattr_failure;
370 if (events & IPCT_HELPINFO
371 && ctnetlink_dump_helpinfo(skb, ct) < 0)
372 goto nfattr_failure;
373 357
374 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || 358 if (events & IPCT_DESTROY) {
375 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) 359 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
376 goto nfattr_failure; 360 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
361 goto nfattr_failure;
362 } else {
363 if (ctnetlink_dump_status(skb, ct) < 0)
364 goto nfattr_failure;
377 365
378 if (events & IPCT_MARK 366 if (ctnetlink_dump_timeout(skb, ct) < 0)
379 && ctnetlink_dump_mark(skb, ct) < 0) 367 goto nfattr_failure;
380 goto nfattr_failure; 368
369 if (events & IPCT_PROTOINFO
370 && ctnetlink_dump_protoinfo(skb, ct) < 0)
371 goto nfattr_failure;
372
373 if ((events & IPCT_HELPER || ct->helper)
374 && ctnetlink_dump_helpinfo(skb, ct) < 0)
375 goto nfattr_failure;
376
377 if ((events & IPCT_MARK || ct->mark)
378 && ctnetlink_dump_mark(skb, ct) < 0)
379 goto nfattr_failure;
380
381 if (events & IPCT_COUNTER_FILLING &&
382 (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
383 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
384 goto nfattr_failure;
385 }
381 386
382 nlh->nlmsg_len = skb->tail - b; 387 nlh->nlmsg_len = skb->tail - b;
383 nfnetlink_send(skb, 0, group, 0); 388 nfnetlink_send(skb, 0, group, 0);
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ba77183be2f3..e3a720472123 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -331,8 +331,6 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
331 } else if (events & (IPCT_NEW | IPCT_RELATED)) { 331 } else if (events & (IPCT_NEW | IPCT_RELATED)) {
332 type = IPCTNL_MSG_CT_NEW; 332 type = IPCTNL_MSG_CT_NEW;
333 flags = NLM_F_CREATE|NLM_F_EXCL; 333 flags = NLM_F_CREATE|NLM_F_EXCL;
334 /* dump everything */
335 events = ~0UL;
336 group = NFNLGRP_CONNTRACK_NEW; 334 group = NFNLGRP_CONNTRACK_NEW;
337 } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) { 335 } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) {
338 type = IPCTNL_MSG_CT_NEW; 336 type = IPCTNL_MSG_CT_NEW;
@@ -367,28 +365,35 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
367 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0) 365 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
368 goto nfattr_failure; 366 goto nfattr_failure;
369 NFA_NEST_END(skb, nest_parms); 367 NFA_NEST_END(skb, nest_parms);
370
371 /* NAT stuff is now a status flag */
372 if ((events & IPCT_STATUS || events & IPCT_NATINFO)
373 && ctnetlink_dump_status(skb, ct) < 0)
374 goto nfattr_failure;
375 if (events & IPCT_REFRESH
376 && ctnetlink_dump_timeout(skb, ct) < 0)
377 goto nfattr_failure;
378 if (events & IPCT_PROTOINFO
379 && ctnetlink_dump_protoinfo(skb, ct) < 0)
380 goto nfattr_failure;
381 if (events & IPCT_HELPINFO
382 && ctnetlink_dump_helpinfo(skb, ct) < 0)
383 goto nfattr_failure;
384 368
385 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 || 369 if (events & IPCT_DESTROY) {
386 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0) 370 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
387 goto nfattr_failure; 371 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
372 goto nfattr_failure;
373 } else {
374 if (ctnetlink_dump_status(skb, ct) < 0)
375 goto nfattr_failure;
388 376
389 if (events & IPCT_MARK 377 if (ctnetlink_dump_timeout(skb, ct) < 0)
390 && ctnetlink_dump_mark(skb, ct) < 0) 378 goto nfattr_failure;
391 goto nfattr_failure; 379
380 if (events & IPCT_PROTOINFO
381 && ctnetlink_dump_protoinfo(skb, ct) < 0)
382 goto nfattr_failure;
383
384 if ((events & IPCT_HELPER || nfct_help(ct))
385 && ctnetlink_dump_helpinfo(skb, ct) < 0)
386 goto nfattr_failure;
387
388 if ((events & IPCT_MARK || ct->mark)
389 && ctnetlink_dump_mark(skb, ct) < 0)
390 goto nfattr_failure;
391
392 if (events & IPCT_COUNTER_FILLING &&
393 (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
394 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
395 goto nfattr_failure;
396 }
392 397
393 nlh->nlmsg_len = skb->tail - b; 398 nlh->nlmsg_len = skb->tail - b;
394 nfnetlink_send(skb, 0, group, 0); 399 nfnetlink_send(skb, 0, group, 0);