DTS Application Library  0.2.3
Application library containing referenced objects and interfaces to common libraries
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Groups Pages
Files | Data Structures | Typedefs | Enumerations | Functions
Connection Tracking
Linux Netfilter

Interface to linux netfilter connection tracking. More...

Files

file  nf_ctrack.c
 linux Netfilter Connection Tracking
 

Data Structures

struct  nfct_struct
 

Typedefs

typedef struct nfct_struct nfct_struct
 Forward decleration of structure. More...
 

Enumerations

enum  NF_CTRACK_FLAGS { NFCTRACK_DONE = 1 << 0 }
 Netfilter Ctrack Flags. More...
 

Functions

uint8_t nf_ctrack_init (void)
 
struct nf_conntrack * nf_ctrack_buildct (uint8_t *pkt)
 
uint8_t nf_ctrack_delete (uint8_t *pkt)
 
uint8_t nf_ctrack_nat (uint8_t *pkt, uint32_t addr, uint16_t port, uint8_t dnat)
 
void nf_ctrack_dump (void)
 
struct nfct_structnf_ctrack_trace (void)
 
void nf_ctrack_endtrace (struct nfct_struct *nfct)
 
void nf_ctrack_close (void)
 

Detailed Description

Interface to linux netfilter connection tracking.

Typedef Documentation

typedef struct nfct_struct nfct_struct

Forward decleration of structure.

Definition at line 205 of file dtsapp.h.

Enumeration Type Documentation

enum NF_CTRACK_FLAGS

Netfilter Ctrack Flags.

Enumerator
NFCTRACK_DONE 

Definition at line 44 of file nf_ctrack.c.

44  {
45  NFCTRACK_DONE = 1 << 0
46 };
NFCTRACK_DONE
Definition: nf_ctrack.c:45

Function Documentation

struct nf_conntrack* nf_ctrack_buildct ( uint8_t *  pkt)

Definition at line 97 of file nf_ctrack.c.

Referenced by nf_ctrack_delete(), and nf_ctrack_nat().

97  {
98  struct nf_conntrack *ct;
99  struct iphdr *ip = (struct iphdr *)pkt;
100  union l4hdr *l4 = (union l4hdr *)(pkt + (ip->ihl * 4));
101 
102  if (!(ct = nfct_new())) {
103  return (NULL);
104  };
105 
106  /*Build tuple*/
107  nfct_set_attr_u8(ct, ATTR_L3PROTO, PF_INET);
108  nfct_set_attr_u32(ct, ATTR_IPV4_SRC, ip->saddr);
109  nfct_set_attr_u32(ct, ATTR_IPV4_DST, ip->daddr);
110  nfct_set_attr_u8(ct, ATTR_L4PROTO, ip->protocol);
111  switch(ip->protocol) {
112  case IPPROTO_TCP:
113  nfct_set_attr_u16(ct, ATTR_PORT_SRC, l4->tcp.source);
114  nfct_set_attr_u16(ct, ATTR_PORT_DST, l4->tcp.dest);
115  break;
116  case IPPROTO_UDP:
117  nfct_set_attr_u16(ct, ATTR_PORT_SRC, l4->udp.source);
118  nfct_set_attr_u16(ct, ATTR_PORT_DST, l4->udp.dest);
119  break;
120  case IPPROTO_ICMP:
121  nfct_set_attr_u8(ct, ATTR_ICMP_TYPE, l4->icmp.type);
122  nfct_set_attr_u8(ct, ATTR_ICMP_CODE, l4->icmp.code);
123  nfct_set_attr_u16(ct, ATTR_ICMP_ID, l4->icmp.un.echo.id);
124  /* no break */
125  default
126  :
127  break;
128  };
129 
130  return (ct);
131 }
void nf_ctrack_close ( void  )

Definition at line 285 of file nf_ctrack.c.

References objunref().

Referenced by nf_ctrack_delete(), nf_ctrack_dump(), and nf_ctrack_nat().

285  {
286  if (ctrack) {
287  objunref(ctrack);
288  }
289  ctrack = NULL;
290 }
objunref
int objunref(void *data)
Drop reference held.
Definition: refobj.c:184
uint8_t nf_ctrack_delete ( uint8_t *  pkt)

Definition at line 133 of file nf_ctrack.c.

References nf_ctrack_buildct(), nf_ctrack_close(), nf_ctrack_init(), objlock(), and objunlock().

133  {
134  struct nf_conntrack *ct;
135  uint8_t unref = 0;
136  uint8_t ret = 0;
137 
138  if (!ctrack) {
139  if (nf_ctrack_init()) {
140  return (-1);
141  }
142  unref = 1;
143  }
144 
145  ct = nf_ctrack_buildct(pkt);
146  objlock(ctrack);
147  if (nfct_query(ctrack->nfct, NFCT_Q_DESTROY, ct) < 0) {
148  ret = -1;
149  }
150  objunlock(ctrack);
151  nfct_destroy(ct);
152 
153  if (unref) {
154  nf_ctrack_close();
155  }
156 
157  return (ret);
158 }
nf_ctrack_buildct
struct nf_conntrack * nf_ctrack_buildct(uint8_t *pkt)
Definition: nf_ctrack.c:97
nf_ctrack_init
uint8_t nf_ctrack_init(void)
Definition: nf_ctrack.c:90
objlock
int objlock(void *data)
Lock the reference.
Definition: refobj.c:269
nf_ctrack_close
void nf_ctrack_close(void)
Definition: nf_ctrack.c:285
objunlock
int objunlock(void *data)
Unlock a reference.
Definition: refobj.c:301
void nf_ctrack_dump ( void  )

Definition at line 204 of file nf_ctrack.c.

References nf_ctrack_close(), nf_ctrack_init(), objlock(), and objunlock().

204  {
205  uint32_t family = PF_INET;
206  uint8_t unref = 0;
207 
208  if (!ctrack) {
209  if (nf_ctrack_init()) {
210  return;
211  }
212  unref = 1;
213  }
214 
215  objlock(ctrack);
216  nfct_callback_register(ctrack->nfct, NFCT_T_ALL, nfct_cb, NULL);
217  nfct_query(ctrack->nfct, NFCT_Q_DUMP, &family);
218  nfct_callback_unregister(ctrack->nfct);
219  objunlock(ctrack);
220 
221  if (unref) {
222  nf_ctrack_close();
223  }
224 }
nf_ctrack_init
uint8_t nf_ctrack_init(void)
Definition: nf_ctrack.c:90
objlock
int objlock(void *data)
Lock the reference.
Definition: refobj.c:269
nf_ctrack_close
void nf_ctrack_close(void)
Definition: nf_ctrack.c:285
objunlock
int objunlock(void *data)
Unlock a reference.
Definition: refobj.c:301
void nf_ctrack_endtrace ( struct nfct_struct nfct)

Definition at line 278 of file nf_ctrack.c.

References NFCTRACK_DONE, objunref(), and setflag.

278  {
279  if (nfct) {
280  setflag(nfct, NFCTRACK_DONE);
281  }
282  objunref(nfct);
283 }
NFCTRACK_DONE
Definition: nf_ctrack.c:45
setflag
#define setflag(obj, flag)
Atomically set a flag in the flags field of a referenced object.
Definition: dtsapp.h:925
objunref
int objunref(void *data)
Drop reference held.
Definition: refobj.c:184
uint8_t nf_ctrack_init ( void  )

Definition at line 90 of file nf_ctrack.c.

Referenced by nf_ctrack_delete(), nf_ctrack_dump(), and nf_ctrack_nat().

90  {
91  if (!ctrack && !(ctrack = nf_ctrack_alloc(CONNTRACK, 0))) {
92  return (-1);
93  }
94  return (0);
95 }
uint8_t nf_ctrack_nat ( uint8_t *  pkt,
uint32_t  addr,
uint16_t  port,
uint8_t  dnat 
)

Definition at line 160 of file nf_ctrack.c.

References nf_ctrack_buildct(), nf_ctrack_close(), nf_ctrack_init(), objlock(), and objunlock().

160  {
161  struct iphdr *ip = (struct iphdr *)pkt;
162  struct nf_conntrack *ct;
163  uint8_t unref = 0;
164  uint8_t ret = 0;
165 
166  if (!ctrack) {
167  if (nf_ctrack_init()) {
168  return (-1);
169  }
170  unref = 1;
171  }
172 
173  ct = nf_ctrack_buildct(pkt);
174  nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
175 
176  nfct_set_attr_u32(ct, ATTR_TIMEOUT, 120);
177  nfct_set_attr_u32(ct, (dnat) ? ATTR_DNAT_IPV4 : ATTR_SNAT_IPV4, addr);
178 
179  switch(ip->protocol) {
180  case IPPROTO_TCP:
181  nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
182  /* no break */
183  case IPPROTO_UDP:
184  if (port) {
185  nfct_set_attr_u16(ct, (dnat) ? ATTR_DNAT_PORT : ATTR_SNAT_PORT, port);
186  }
187  break;
188  }
189 
190  objlock(ctrack);
191  if (nfct_query(ctrack->nfct, NFCT_Q_CREATE_UPDATE, ct) < 0) {
192  ret = -1;
193  }
194  objunlock(ctrack);
195  nfct_destroy(ct);
196 
197  if (unref) {
198  nf_ctrack_close();
199  }
200 
201  return (ret);
202 }
nf_ctrack_buildct
struct nf_conntrack * nf_ctrack_buildct(uint8_t *pkt)
Definition: nf_ctrack.c:97
nf_ctrack_init
uint8_t nf_ctrack_init(void)
Definition: nf_ctrack.c:90
objlock
int objlock(void *data)
Lock the reference.
Definition: refobj.c:269
nf_ctrack_close
void nf_ctrack_close(void)
Definition: nf_ctrack.c:285
objunlock
int objunlock(void *data)
Unlock a reference.
Definition: refobj.c:301
struct nfct_struct* nf_ctrack_trace ( void  )

Definition at line 261 of file nf_ctrack.c.

References framework_mkthread(), objunref(), and THREAD_OPTION_RETURN.

261  {
262  struct nfct_struct *nfct;
263  void *thr;
264 
265  if (!(nfct = nf_ctrack_alloc(CONNTRACK, NFCT_ALL_CT_GROUPS))) {
266  return (NULL);
267  }
268 
269  if (!(thr = framework_mkthread(nf_ctrack_trace_th, NULL, NULL, nfct, THREAD_OPTION_RETURN))) {
270  objunref(nfct);
271  return NULL;
272  }
273  objunref(thr);
274 
275  return (nfct);
276 }
framework_mkthread
struct thread_pvt * framework_mkthread(threadfunc, threadcleanup, threadsighandler, void *data, int flags)
create a thread result must be unreferenced
Definition: thread.c:387
THREAD_OPTION_RETURN
Return reference to thread this must be unreferenced.
Definition: dtsapp.h:124
nfct_struct
struct nfct_struct nfct_struct
Forward decleration of structure.
Definition: dtsapp.h:205
objunref
int objunref(void *data)
Drop reference held.
Definition: refobj.c:184