l7-filter-userspace/netfilter-conntrack-0.100.diff

   1 Description: Follow API changes in libnetfilter-conntrack.
   2 Author: Jakub Wilk
   3 Bug: http://sourceforge.net/tracker/?func=detail&aid=2834175&group_id=80085&atid=558668
   4 Bug-Debian: http://bugs.debian.org/547351
   5 Bug-Gentoo: http://bugs.gentoo.org/280747
   6
   7 Index: l7-filter-userspace/l7-conntrack.cpp
   8 ===================================================================
   9 --- l7-filter-userspace.orig/l7-conntrack.cpp   2009-02-26 22:40:28.000000000 +0100
  10 +++ l7-filter-userspace/l7-conntrack.cpp        2009-11-27 12:37:46.000000000 +0100
  11 @@ -22,6 +22,7 @@
  12  #include <signal.h>
  13  #include <map>
  14  #include <cstring>
  15 +#include <sstream>
  16
  17  extern "C" {
  18  #include <linux/types.h>
  19 @@ -121,52 +122,55 @@
  20    return (char *)buffer;
  21  }
  22
  23 -static int sprintf_conntrack_key(char *buf, struct nfct_conntrack *ct,
  24 -                          unsigned int flags)
  25 -{
  26 -  int size = 0;
  27 -
  28 -  size += nfct_sprintf_protocol(buf, ct);
  29 -  size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
  30 -  size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
  31 -
  32 -  /* Delete the last blank space */
  33 -  buf[size-1] = '\0';
  34 -
  35 -  return size;
  36 -}
  37 -
  38 -static string make_key(nfct_conntrack* ct, int flags)
  39 +static string make_key(nf_conntrack* ct)
  40  {
  41    char key[512];
  42 -  int keysize = sprintf_conntrack_key(key, ct, flags);
  43 +  int keysize = nfct_snprintf(key, sizeof key, ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0);
  44 +  char *p = key;
  45 +  stringstream stream;
  46 +  for (int i = 0; i < 2; i++)
  47 +  {
  48 +    while (*p > 0 && *p > ' ')
  49 +      stream << *p++;
  50 +    while (*p > 0 && *p <= ' ')
  51 +      stream << *p++;
  52 +  }
  53 +  while (*p > 0 && *p != 's')
  54 +    p++;
  55 +  for (int i = 0; i < 4; i++)
  56 +  {
  57 +    while (*p > 0 && *p <= ' ')
  58 +      stream << *p++;
  59 +    while (*p > 0 && *p > ' ')
  60 +      stream << *p++;
  61 +  }
  62    if(keysize >= 512){
  63      cerr << "Yike! Overflowed key!\n";
  64      exit(1);
  65    }
  66 -  l7printf(2, "Made key from ct:\t%s\n", key);
  67 -  return key;
  68 +  string result = stream.str();
  69 +  l7printf(2, "Made key from ct:\t%s\n", result.c_str());
  70 +  return result;
  71  }
  72
  73 -static int l7_handle_conntrack_event(void *arg, unsigned int flags, int type,
  74 -                                       void *data)
  75 +static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, nf_conntrack *ct, void *data)
  76  {
  77    l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data;
  78
  79 -  nfct_conntrack* ct = (nfct_conntrack*)arg;
  80 +  u_int8_t protonum = nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO);
  81
  82    // I don't think there is any demand for ICMP. These are enough work for now.
  83 -  if(ct->tuple[0].protonum != IPPROTO_TCP &&
  84 -     ct->tuple[0].protonum != IPPROTO_UDP) return 0;
  85 +  if(protonum != IPPROTO_TCP && protonum != IPPROTO_UDP)
  86 +    return NFCT_CB_CONTINUE;
  87
  88 -  if(type == NFCT_MSG_DESTROY) l7printf(3, "Got event: NFCT_MSG_DESTROY\n");
  89 -  if(type == NFCT_MSG_NEW)     l7printf(3, "Got event: NFCT_MSG_NEW\n");
  90 -  if(type == NFCT_MSG_UPDATE)  l7printf(3, "Got event: NFCT_MSG_UPDATE\n");
  91 -  if(type == NFCT_MSG_UNKNOWN) l7printf(3, "Got event: NFCT_MSG_UNKNOWN\n");
  92 +  if(type == NFCT_T_DESTROY) l7printf(3, "Got event: NFCT_T_DESTROY\n");
  93 +  if(type == NFCT_T_NEW)     l7printf(3, "Got event: NFCT_T_NEW\n");
  94 +  if(type == NFCT_T_UPDATE)  l7printf(3, "Got event: NFCT_T_UPDATE\n");
  95 +  if(type == NFCT_T_UNKNOWN) l7printf(3, "Got event: NFCT_T_UNKNOWN\n");
  96
  97    // On the first packet, create the connection buffer, etc.
  98 -  if(type == NFCT_MSG_NEW){
  99 -    string key = make_key(ct, flags);
 100 +  if(type == NFCT_T_NEW){
 101 +    string key = make_key(ct);
 102      if (l7_conntrack_handler->get_l7_connection(key)){
 103        // this happens sometimes
 104        cerr << "Received NFCT_MSG_NEW but already have a connection. Packets = "
 105 @@ -179,21 +183,20 @@
 106      l7_conntrack_handler->add_l7_connection(thisconnection, key);
 107      thisconnection->key = key;
 108    }
 109 -  else if(type == NFCT_MSG_DESTROY){
 110 +  else if(type == NFCT_T_DESTROY){
 111      // clean up the connection buffer, etc.
 112 -    string key = make_key(ct, flags);
 113 +    string key = make_key(ct);
 114      if(l7_conntrack_handler->get_l7_connection(key)){
 115        l7_conntrack_handler->remove_l7_connection(key);
 116      }
 117    }
 118
 119 -  return 0;
 120 +  return NFCT_CB_CONTINUE;
 121  }
 122
 123
 124  l7_conntrack::~l7_conntrack()
 125  {
 126 -  nfct_conntrack_free(ct);
 127    nfct_close(cth);
 128  }
 129
 130 @@ -230,9 +233,8 @@
 131  {
 132    int ret;
 133
 134 -  nfct_register_callback(cth, l7_handle_conntrack_event, (void *)this);
 135 -  ret = nfct_event_conntrack(cth); // this is the main loop
 136 +  nfct_callback_register(cth, NFCT_T_ALL, l7_handle_conntrack_event, (void *)this);
 137 +  ret = nfct_catch(cth); // this is the main loop
 138
 139    nfct_close(cth);
 140 -  nfct_conntrack_free(ct);
 141  }
 142 Index: l7-filter-userspace/l7-conntrack.h
 143 ===================================================================
 144 --- l7-filter-userspace.orig/l7-conntrack.h     2009-11-10 21:33:44.000000000 +0100
 145 +++ l7-filter-userspace/l7-conntrack.h  2009-11-10 21:35:55.000000000 +0100
 146 @@ -50,7 +50,6 @@
 147  class l7_conntrack {
 148   private:
 149    l7_map l7_connections;
 150 -  struct nfct_conntrack *ct;
 151    struct nfct_handle *cth; // the callback
 152
 153   public: