1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
diff -Naur l7-filter-userspace-0.11-orig/l7-conntrack.cpp l7-filter-userspace-0.11-ptch/l7-conntrack.cpp
--- l7-filter-userspace-0.11-orig/l7-conntrack.cpp 2009-02-26 21:40:28.000000000 +0000
+++ l7-filter-userspace-0.11-ptch/l7-conntrack.cpp 2009-10-19 17:40:42.000000000 +0000
@@ -121,25 +121,10 @@
return (char *)buffer;
}
-static int sprintf_conntrack_key(char *buf, struct nfct_conntrack *ct,
- unsigned int flags)
-{
- int size = 0;
-
- size += nfct_sprintf_protocol(buf, ct);
- size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
- size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
-
- /* Delete the last blank space */
- buf[size-1] = '\0';
-
- return size;
-}
-
-static string make_key(nfct_conntrack* ct, int flags)
+static string make_key(nfct_conntrack* ct, int flags, int type)
{
char key[512];
- int keysize = sprintf_conntrack_key(key, ct, flags);
+ int keysize = nfct_snprintf(key, sizeof(key), (const nf_conntrack *)ct, type, NFCT_O_DEFAULT, flags);
if(keysize >= 512){
cerr << "Yike! Overflowed key!\n";
exit(1);
@@ -148,28 +133,28 @@
return key;
}
-static int l7_handle_conntrack_event(void *arg, unsigned int flags, int type,
+static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, struct nf_conntrack* arg,
void *data)
{
l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data;
nfct_conntrack* ct = (nfct_conntrack*)arg;
+ u_int8_t protonum = *(u_int8_t *)nfct_get_attr((const nf_conntrack *)ct, ATTR_ORIG_L4PROTO);
// I don't think there is any demand for ICMP. These are enough work for now.
- if(ct->tuple[0].protonum != IPPROTO_TCP &&
- ct->tuple[0].protonum != IPPROTO_UDP) return 0;
+ if(protonum != IPPROTO_TCP && protonum != IPPROTO_UDP) return 0;
- if(type == NFCT_MSG_DESTROY) l7printf(3, "Got event: NFCT_MSG_DESTROY\n");
- if(type == NFCT_MSG_NEW) l7printf(3, "Got event: NFCT_MSG_NEW\n");
- if(type == NFCT_MSG_UPDATE) l7printf(3, "Got event: NFCT_MSG_UPDATE\n");
- if(type == NFCT_MSG_UNKNOWN) l7printf(3, "Got event: NFCT_MSG_UNKNOWN\n");
+ if(type == NFCT_T_DESTROY) l7printf(3, "Got event: NFCT_T_DESTROY\n");
+ if(type == NFCT_T_NEW) l7printf(3, "Got event: NFCT_T_NEW\n");
+ if(type == NFCT_T_UPDATE) l7printf(3, "Got event: NFCT_T_UPDATE\n");
+ if(type == NFCT_T_UNKNOWN) l7printf(3, "Got event: NFCT_T_UNKNOWN\n");
// On the first packet, create the connection buffer, etc.
- if(type == NFCT_MSG_NEW){
- string key = make_key(ct, flags);
+ if(type == NFCT_T_NEW){
+ string key = make_key(ct, 0, NFCT_T_NEW);
if (l7_conntrack_handler->get_l7_connection(key)){
// this happens sometimes
- cerr << "Received NFCT_MSG_NEW but already have a connection. Packets = "
+ cerr << "Received NFCT_T_NEW but already have a connection. Packets = "
<< l7_conntrack_handler->get_l7_connection(key)->get_num_packets()
<< endl;
l7_conntrack_handler->remove_l7_connection(key);
@@ -179,9 +164,9 @@
l7_conntrack_handler->add_l7_connection(thisconnection, key);
thisconnection->key = key;
}
- else if(type == NFCT_MSG_DESTROY){
+ else if(type == NFCT_T_DESTROY){
// clean up the connection buffer, etc.
- string key = make_key(ct, flags);
+ string key = make_key(ct, 0, NFCT_T_DESTROY);
if(l7_conntrack_handler->get_l7_connection(key)){
l7_conntrack_handler->remove_l7_connection(key);
}
@@ -193,7 +178,7 @@
l7_conntrack::~l7_conntrack()
{
- nfct_conntrack_free(ct);
+ free(ct);
nfct_close(cth);
}
@@ -230,9 +215,9 @@
{
int ret;
- nfct_register_callback(cth, l7_handle_conntrack_event, (void *)this);
- ret = nfct_event_conntrack(cth); // this is the main loop
+ nfct_callback_register(cth, NFCT_T_NEW, l7_handle_conntrack_event, (void *)this);
+ ret = nfct_catch(cth); // this is the main loop
nfct_close(cth);
- nfct_conntrack_free(ct);
+ free(ct);
}
|
GitWeb