* [PATCH conntrack 0/4] more updates to use libmnl
@ 2021-12-24 15:43 Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 1/4] conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions Pablo Neira Ayuso
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-24 15:43 UTC (permalink / raw
To: netfilter-devel
Hi Mikhail,
This is a follow up in response to your patch series, this is following
a slightly different approach which is to provide two type of helper
functions:
- to build the netlink messages.
- to send request to kernel and process the reply (transport).
I'm integrating your original 3/6 patch into this series:
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20211201173253.33432-4-mikhail.sennikovskii@ionos.com/
with a few updates.
Thanks.
Mikhail Sennikovsky (1):
conntrack: pass sock to nfct_mnl_*() functions
Pablo Neira Ayuso (3):
conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions
conntrack: add netlink flags to nfct_mnl_nlmsghdr_put()
conntrack: use libmnl to create entry
src/conntrack.c | 175 ++++++++++++++++++++++++++++++------------------
1 file changed, 109 insertions(+), 66 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH conntrack 1/4] conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions
2021-12-24 15:43 [PATCH conntrack 0/4] more updates to use libmnl Pablo Neira Ayuso
@ 2021-12-24 15:43 ` Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 2/4] conntrack: add netlink flags to nfct_mnl_nlmsghdr_put() Pablo Neira Ayuso
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-24 15:43 UTC (permalink / raw
To: netfilter-devel
Add helper function to consolidate nfct_mnl_dump() and nfct_mnl_get().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/conntrack.c | 54 +++++++++++++++++++++++++++++++------------------
1 file changed, 34 insertions(+), 20 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 5bd3cb56b641..067ae4156676 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2440,20 +2440,11 @@ static void nfct_mnl_socket_close(void)
mnl_socket_close(sock.mnl);
}
-static int
-nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
- struct ct_cmd *cmd, const struct nfct_filter_dump *filter_dump)
+static int nfct_mnl_recv(const struct nlmsghdr *nlh, mnl_cb_t cb, void *data)
{
- uint8_t family = cmd ? cmd->family : AF_UNSPEC;
char buf[MNL_SOCKET_BUFFER_SIZE];
- struct nlmsghdr *nlh;
int res;
- nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
-
- if (filter_dump)
- nfct_nlmsg_build_filter(nlh, filter_dump);
-
res = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
if (res < 0)
return res;
@@ -2461,7 +2452,7 @@ nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
res = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
while (res > 0) {
res = mnl_cb_run(buf, res, nlh->nlmsg_seq, sock.portid,
- cb, cmd);
+ cb, data);
if (res <= MNL_CB_STOP)
break;
@@ -2472,23 +2463,46 @@ nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
}
static int
-nfct_mnl_get(uint16_t subsys, uint16_t type, mnl_cb_t cb, uint8_t family)
+nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
+ struct ct_cmd *cmd, const struct nfct_filter_dump *filter_dump)
{
+ uint8_t family = cmd ? cmd->family : AF_UNSPEC;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- int res;
nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
- res = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
- if (res < 0)
- return res;
+ if (filter_dump)
+ nfct_nlmsg_build_filter(nlh, filter_dump);
- res = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
- if (res < 0)
- return res;
+ return nfct_mnl_recv(nlh, cb, cmd);
+}
+
+static int nfct_mnl_talk(const struct nlmsghdr *nlh, mnl_cb_t cb)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ int ret;
+
+ ret = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
+ if (ret < 0)
+ return ret;
+
+ ret = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
+ if (ret < 0)
+ return ret;
+
+ return mnl_cb_run(buf, ret, nlh->nlmsg_seq, sock.portid, cb, NULL);
+}
+
+static int
+nfct_mnl_get(uint16_t subsys, uint16_t type, mnl_cb_t cb, uint8_t family)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct nlmsghdr *nlh;
+
+ nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
- return mnl_cb_run(buf, res, nlh->nlmsg_seq, sock.portid, cb, NULL);
+ return nfct_mnl_talk(nlh, cb);
}
#define UNKNOWN_STATS_NUM 4
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH conntrack 2/4] conntrack: add netlink flags to nfct_mnl_nlmsghdr_put()
2021-12-24 15:43 [PATCH conntrack 0/4] more updates to use libmnl Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 1/4] conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions Pablo Neira Ayuso
@ 2021-12-24 15:43 ` Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 3/4] conntrack: use libmnl to create entry Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 4/4] conntrack: pass sock to nfct_mnl_*() functions Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-24 15:43 UTC (permalink / raw
To: netfilter-devel
Moreover, remove NLM_F_DUMP for IPCTNL_MSG_CT_GET_STATS since ctnetlink
ignores this flag, this is simple netlink get command, not a dump.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/conntrack.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 067ae4156676..3f74fa12fba2 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2417,14 +2417,14 @@ static int nfct_mnl_socket_open(unsigned int events)
static struct nlmsghdr *
nfct_mnl_nlmsghdr_put(char *buf, uint16_t subsys, uint16_t type,
- uint8_t family)
+ uint16_t flags, uint8_t family)
{
struct nlmsghdr *nlh;
struct nfgenmsg *nfh;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (subsys << 8) | type;
- nlh->nlmsg_flags = NLM_F_REQUEST|NLM_F_DUMP;
+ nlh->nlmsg_flags = NLM_F_REQUEST | flags;
nlh->nlmsg_seq = time(NULL);
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
@@ -2470,7 +2470,7 @@ nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
+ nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, NLM_F_DUMP, family);
if (filter_dump)
nfct_nlmsg_build_filter(nlh, filter_dump);
@@ -2500,7 +2500,7 @@ nfct_mnl_get(uint16_t subsys, uint16_t type, mnl_cb_t cb, uint8_t family)
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, family);
+ nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, 0, family);
return nfct_mnl_talk(nlh, cb);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH conntrack 3/4] conntrack: use libmnl to create entry
2021-12-24 15:43 [PATCH conntrack 0/4] more updates to use libmnl Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 1/4] conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 2/4] conntrack: add netlink flags to nfct_mnl_nlmsghdr_put() Pablo Neira Ayuso
@ 2021-12-24 15:43 ` Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 4/4] conntrack: pass sock to nfct_mnl_*() functions Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-24 15:43 UTC (permalink / raw
To: netfilter-devel
Use libmnl to create entries through the new nfct_mnl_create() helper
function.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/conntrack.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index 3f74fa12fba2..fe604ff2efd4 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2505,6 +2505,24 @@ nfct_mnl_get(uint16_t subsys, uint16_t type, mnl_cb_t cb, uint8_t family)
return nfct_mnl_talk(nlh, cb);
}
+static int
+nfct_mnl_create(uint16_t subsys, uint16_t type, const struct nf_conntrack *ct)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type,
+ NLM_F_CREATE | NLM_F_ACK | NLM_F_EXCL,
+ nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO));
+
+ err = nfct_nlmsg_build(nlh, ct);
+ if (err < 0)
+ return err;
+
+ return nfct_mnl_talk(nlh, NULL, NULL);
+}
+
#define UNKNOWN_STATS_NUM 4
static int nfct_stats_attr_cb(const struct nlattr *attr, void *data)
@@ -3322,14 +3340,16 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
nfct_set_attr(cmd->tmpl.ct, ATTR_CONNLABELS,
xnfct_bitmask_clone(cmd->tmpl.label_modify));
- cth = nfct_open(CONNTRACK, 0);
- if (!cth)
- exit_error(OTHER_PROBLEM, "Can't open handler");
+ res = nfct_mnl_socket_open(0);
+ if (res < 0)
+ exit_error(OTHER_PROBLEM, "Can't open netlink socket");
- res = nfct_query(cth, NFCT_Q_CREATE, cmd->tmpl.ct);
- if (res != -1)
+ res = nfct_mnl_create(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_NEW,
+ cmd->tmpl.ct);
+ if (res >= 0)
counter++;
- nfct_close(cth);
+
+ nfct_mnl_socket_close();
break;
case EXP_CREATE:
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH conntrack 4/4] conntrack: pass sock to nfct_mnl_*() functions
2021-12-24 15:43 [PATCH conntrack 0/4] more updates to use libmnl Pablo Neira Ayuso
` (2 preceding siblings ...)
2021-12-24 15:43 ` [PATCH conntrack 3/4] conntrack: use libmnl to create entry Pablo Neira Ayuso
@ 2021-12-24 15:43 ` Pablo Neira Ayuso
3 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-24 15:43 UTC (permalink / raw
To: netfilter-devel
From: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
In preparation for using multiple instances of mnl sockets
required for conntrack entries update and delete support.
Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/conntrack.c | 115 ++++++++++++++++++++++++++----------------------
1 file changed, 62 insertions(+), 53 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index fe604ff2efd4..fe5574d205a6 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -71,7 +71,7 @@
static struct nfct_mnl_socket {
struct mnl_socket *mnl;
uint32_t portid;
-} sock;
+} _sock;
struct u32_mask {
uint32_t value;
@@ -1725,7 +1725,7 @@ event_sighandler(int s)
fprintf(stderr, "%s v%s (conntrack-tools): ", PROGNAME, VERSION);
fprintf(stderr, "%d flow events have been shown.\n", counter);
- mnl_socket_close(sock.mnl);
+ mnl_socket_close(_sock.mnl);
exit(0);
}
@@ -2399,18 +2399,19 @@ out_err:
return ret;
}
-static int nfct_mnl_socket_open(unsigned int events)
+static int nfct_mnl_socket_open(struct nfct_mnl_socket *socket,
+ unsigned int events)
{
- sock.mnl = mnl_socket_open(NETLINK_NETFILTER);
- if (sock.mnl == NULL) {
+ socket->mnl = mnl_socket_open(NETLINK_NETFILTER);
+ if (socket->mnl == NULL) {
perror("mnl_socket_open");
return -1;
}
- if (mnl_socket_bind(sock.mnl, events, MNL_SOCKET_AUTOPID) < 0) {
+ if (mnl_socket_bind(socket->mnl, events, MNL_SOCKET_AUTOPID) < 0) {
perror("mnl_socket_bind");
return -1;
}
- sock.portid = mnl_socket_get_portid(sock.mnl);
+ socket->portid = mnl_socket_get_portid(socket->mnl);
return 0;
}
@@ -2435,36 +2436,38 @@ nfct_mnl_nlmsghdr_put(char *buf, uint16_t subsys, uint16_t type,
return nlh;
}
-static void nfct_mnl_socket_close(void)
+static void nfct_mnl_socket_close(const struct nfct_mnl_socket *sock)
{
- mnl_socket_close(sock.mnl);
+ mnl_socket_close(sock->mnl);
}
-static int nfct_mnl_recv(const struct nlmsghdr *nlh, mnl_cb_t cb, void *data)
+static int nfct_mnl_recv(struct nfct_mnl_socket *sock,
+ const struct nlmsghdr *nlh, mnl_cb_t cb, void *data)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
int res;
- res = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
+ res = mnl_socket_sendto(sock->mnl, nlh, nlh->nlmsg_len);
if (res < 0)
return res;
- res = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
+ res = mnl_socket_recvfrom(sock->mnl, buf, sizeof(buf));
while (res > 0) {
- res = mnl_cb_run(buf, res, nlh->nlmsg_seq, sock.portid,
+ res = mnl_cb_run(buf, res, nlh->nlmsg_seq, sock->portid,
cb, data);
if (res <= MNL_CB_STOP)
break;
- res = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
+ res = mnl_socket_recvfrom(sock->mnl, buf, sizeof(buf));
}
return res;
}
static int
-nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
- struct ct_cmd *cmd, const struct nfct_filter_dump *filter_dump)
+nfct_mnl_dump(struct nfct_mnl_socket *sock, uint16_t subsys, uint16_t type,
+ mnl_cb_t cb, struct ct_cmd *cmd,
+ const struct nfct_filter_dump *filter_dump)
{
uint8_t family = cmd ? cmd->family : AF_UNSPEC;
char buf[MNL_SOCKET_BUFFER_SIZE];
@@ -2475,38 +2478,41 @@ nfct_mnl_dump(uint16_t subsys, uint16_t type, mnl_cb_t cb,
if (filter_dump)
nfct_nlmsg_build_filter(nlh, filter_dump);
- return nfct_mnl_recv(nlh, cb, cmd);
+ return nfct_mnl_recv(sock, nlh, cb, cmd);
}
-static int nfct_mnl_talk(const struct nlmsghdr *nlh, mnl_cb_t cb)
+static int nfct_mnl_talk(struct nfct_mnl_socket *sock,
+ const struct nlmsghdr *nlh, mnl_cb_t cb)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
int ret;
- ret = mnl_socket_sendto(sock.mnl, nlh, nlh->nlmsg_len);
+ ret = mnl_socket_sendto(sock->mnl, nlh, nlh->nlmsg_len);
if (ret < 0)
return ret;
- ret = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
+ ret = mnl_socket_recvfrom(sock->mnl, buf, sizeof(buf));
if (ret < 0)
return ret;
- return mnl_cb_run(buf, ret, nlh->nlmsg_seq, sock.portid, cb, NULL);
+ return mnl_cb_run(buf, ret, nlh->nlmsg_seq, sock->portid, cb, NULL);
}
static int
-nfct_mnl_get(uint16_t subsys, uint16_t type, mnl_cb_t cb, uint8_t family)
+nfct_mnl_get(struct nfct_mnl_socket *sock, uint16_t subsys, uint16_t type,
+ mnl_cb_t cb, uint8_t family)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
nlh = nfct_mnl_nlmsghdr_put(buf, subsys, type, 0, family);
- return nfct_mnl_talk(nlh, cb);
+ return nfct_mnl_talk(sock, nlh, cb);
}
static int
-nfct_mnl_create(uint16_t subsys, uint16_t type, const struct nf_conntrack *ct)
+nfct_mnl_create(struct nfct_mnl_socket *sock, uint16_t subsys, uint16_t type,
+ const struct nf_conntrack *ct)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
@@ -2520,7 +2526,7 @@ nfct_mnl_create(uint16_t subsys, uint16_t type, const struct nf_conntrack *ct)
if (err < 0)
return err;
- return nfct_mnl_talk(nlh, NULL, NULL);
+ return nfct_mnl_talk(sock, nlh, NULL);
}
#define UNKNOWN_STATS_NUM 4
@@ -3246,25 +3252,26 @@ static void do_parse(struct ct_cmd *ct_cmd, int argc, char *argv[])
static int do_command_ct(const char *progname, struct ct_cmd *cmd)
{
+ struct nfct_mnl_socket *sock = &_sock;
struct nfct_filter_dump *filter_dump;
int res = 0;
switch(cmd->command) {
case CT_LIST:
- if (nfct_mnl_socket_open(0) < 0)
+ if (nfct_mnl_socket_open(sock, 0) < 0)
exit_error(OTHER_PROBLEM, "Can't open handler");
if (cmd->type == CT_TABLE_DYING) {
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_DYING,
mnl_nfct_dump_cb, cmd, NULL);
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
break;
} else if (cmd->type == CT_TABLE_UNCONFIRMED) {
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_UNCONFIRMED,
mnl_nfct_dump_cb, cmd, NULL);
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
break;
}
@@ -3293,11 +3300,11 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
&cmd->tmpl.filter_status_kernel);
}
if (cmd->options & CT_OPT_ZERO) {
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_CTRZERO,
mnl_nfct_dump_cb, cmd, filter_dump);
} else {
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET,
mnl_nfct_dump_cb, cmd, filter_dump);
}
@@ -3309,7 +3316,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
fflush(stdout);
}
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
break;
case EXP_LIST:
@@ -3340,16 +3347,16 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
nfct_set_attr(cmd->tmpl.ct, ATTR_CONNLABELS,
xnfct_bitmask_clone(cmd->tmpl.label_modify));
- res = nfct_mnl_socket_open(0);
+ res = nfct_mnl_socket_open(sock, 0);
if (res < 0)
exit_error(OTHER_PROBLEM, "Can't open netlink socket");
- res = nfct_mnl_create(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_NEW,
- cmd->tmpl.ct);
+ res = nfct_mnl_create(sock, NFNL_SUBSYS_CTNETLINK,
+ IPCTNL_MSG_CT_NEW, cmd->tmpl.ct);
if (res >= 0)
counter++;
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
break;
case EXP_CREATE:
@@ -3476,9 +3483,10 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
if (cmd->event_mask & CT_EVENT_F_DEL)
nl_events |= NF_NETLINK_CONNTRACK_DESTROY;
- res = nfct_mnl_socket_open(nl_events);
+ res = nfct_mnl_socket_open(sock, nl_events);
} else {
- res = nfct_mnl_socket_open(NF_NETLINK_CONNTRACK_NEW |
+ res = nfct_mnl_socket_open(sock,
+ NF_NETLINK_CONNTRACK_NEW |
NF_NETLINK_CONNTRACK_UPDATE |
NF_NETLINK_CONNTRACK_DESTROY);
}
@@ -3491,17 +3499,17 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
socklen_t socklen = sizeof(socketbuffersize);
- res = setsockopt(mnl_socket_get_fd(sock.mnl),
+ res = setsockopt(mnl_socket_get_fd(sock->mnl),
SOL_SOCKET, SO_RCVBUFFORCE,
&socketbuffersize,
sizeof(socketbuffersize));
if (res < 0) {
- setsockopt(mnl_socket_get_fd(sock.mnl),
+ setsockopt(mnl_socket_get_fd(sock->mnl),
SOL_SOCKET, SO_RCVBUF,
&socketbuffersize,
sizeof(socketbuffersize));
}
- getsockopt(mnl_socket_get_fd(sock.mnl), SOL_SOCKET,
+ getsockopt(mnl_socket_get_fd(sock->mnl), SOL_SOCKET,
SO_RCVBUF, &socketbuffersize, &socklen);
fprintf(stderr, "NOTICE: Netlink socket buffer size "
"has been set to %zu bytes.\n",
@@ -3516,7 +3524,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
while (1) {
char buf[MNL_SOCKET_BUFFER_SIZE];
- res = mnl_socket_recvfrom(sock.mnl, buf, sizeof(buf));
+ res = mnl_socket_recvfrom(sock->mnl, buf, sizeof(buf));
if (res < 0) {
if (errno == ENOBUFS) {
fprintf(stderr,
@@ -3535,7 +3543,7 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
}
res = mnl_cb_run(buf, res, 0, 0, event_cb, cmd);
}
- mnl_socket_close(sock.mnl);
+ mnl_socket_close(sock->mnl);
break;
case EXP_EVENT:
@@ -3569,14 +3577,15 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd)
/* If we fail with netlink, fall back to /proc to ensure
* backward compatibility.
*/
- if (nfct_mnl_socket_open(0) < 0)
+ if (nfct_mnl_socket_open(sock, 0) < 0)
goto try_proc_count;
- res = nfct_mnl_get(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_get(sock,
+ NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_STATS,
nfct_global_stats_cb, AF_UNSPEC);
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
/* don't look at /proc, we got the information via ctnetlink */
if (res >= 0)
@@ -3614,14 +3623,14 @@ try_proc_count:
/* If we fail with netlink, fall back to /proc to ensure
* backward compatibility.
*/
- if (nfct_mnl_socket_open(0) < 0)
+ if (nfct_mnl_socket_open(sock, 0) < 0)
goto try_proc;
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_STATS_CPU,
nfct_stats_cb, NULL, NULL);
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
/* don't look at /proc, we got the information via ctnetlink */
if (res >= 0)
@@ -3633,14 +3642,14 @@ try_proc_count:
/* If we fail with netlink, fall back to /proc to ensure
* backward compatibility.
*/
- if (nfct_mnl_socket_open(0) < 0)
+ if (nfct_mnl_socket_open(sock, 0) < 0)
goto try_proc;
- res = nfct_mnl_dump(NFNL_SUBSYS_CTNETLINK_EXP,
+ res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK_EXP,
IPCTNL_MSG_EXP_GET_STATS_CPU,
nfexp_stats_cb, NULL, NULL);
- nfct_mnl_socket_close();
+ nfct_mnl_socket_close(sock);
/* don't look at /proc, we got the information via ctnetlink */
if (res >= 0)
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-24 15:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-24 15:43 [PATCH conntrack 0/4] more updates to use libmnl Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 1/4] conntrack: add nfct_mnl_talk() and nfct_mnl_recv() helper functions Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 2/4] conntrack: add netlink flags to nfct_mnl_nlmsghdr_put() Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 3/4] conntrack: use libmnl to create entry Pablo Neira Ayuso
2021-12-24 15:43 ` [PATCH conntrack 4/4] conntrack: pass sock to nfct_mnl_*() functions Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.