]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: Filter dumped entries based on the layer 3 protocol number
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 5 Jan 2006 20:19:23 +0000 (12:19 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Jan 2006 20:19:23 +0000 (12:19 -0800)
Dump entries of a given Layer 3 protocol number.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/nf_conntrack_netlink.c

index 4f2e50952a1289c0fc16a1de9c9028ef3574103a..73ab16bc7d4052d155257686b09cd103da3a960d 100644 (file)
@@ -400,6 +400,8 @@ static int ctnetlink_done(struct netlink_callback *cb)
        return 0;
 }
 
+#define L3PROTO(ct) ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num
+
 static int
 ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
 {
@@ -407,6 +409,8 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
        struct nf_conntrack_tuple_hash *h;
        struct list_head *i;
        u_int32_t *id = (u_int32_t *) &cb->args[1];
+       struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+       u_int8_t l3proto = nfmsg->nfgen_family;
 
        DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__, 
                        cb->args[0], *id);
@@ -418,6 +422,11 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
                        if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
                                continue;
                        ct = nf_ct_tuplehash_to_ctrack(h);
+                       /* Dump entries of a given L3 protocol number.
+                        * If it is not specified, ie. l3proto == 0,
+                        * then dump everything. */
+                       if (l3proto && L3PROTO(ct) != l3proto)
+                               continue;
                        if (ct->id <= *id)
                                continue;
                        if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -444,6 +453,8 @@ ctnetlink_dump_table_w(struct sk_buff *skb, struct netlink_callback *cb)
        struct nf_conntrack_tuple_hash *h;
        struct list_head *i;
        u_int32_t *id = (u_int32_t *) &cb->args[1];
+       struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+       u_int8_t l3proto = nfmsg->nfgen_family; 
 
        DEBUGP("entered %s, last bucket=%u id=%u\n", __FUNCTION__, 
                        cb->args[0], *id);
@@ -455,6 +466,8 @@ ctnetlink_dump_table_w(struct sk_buff *skb, struct netlink_callback *cb)
                        if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
                                continue;
                        ct = nf_ct_tuplehash_to_ctrack(h);
+                       if (l3proto && L3PROTO(ct) != l3proto)
+                               continue;
                        if (ct->id <= *id)
                                continue;
                        if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -750,9 +763,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
        if (nlh->nlmsg_flags & NLM_F_DUMP) {
                u32 rlen;
 
-               if (nfmsg->nfgen_family != AF_INET)
-                       return -EAFNOSUPPORT;
-
                if (NFNL_MSG_TYPE(nlh->nlmsg_type) ==
                                        IPCTNL_MSG_CT_GET_CTRZERO) {
 #ifdef CONFIG_NF_CT_ACCT
@@ -1251,12 +1261,16 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
        struct nf_conntrack_expect *exp = NULL;
        struct list_head *i;
        u_int32_t *id = (u_int32_t *) &cb->args[0];
+       struct nfgenmsg *nfmsg = NLMSG_DATA(cb->nlh);
+       u_int8_t l3proto = nfmsg->nfgen_family;
 
        DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
 
        read_lock_bh(&nf_conntrack_lock);
        list_for_each_prev(i, &nf_conntrack_expect_list) {
                exp = (struct nf_conntrack_expect *) i;
+               if (l3proto && exp->tuple.src.l3num != l3proto)
+                       continue;
                if (exp->id <= *id)
                        continue;
                if (ctnetlink_exp_fill_info(skb, NETLINK_CB(cb->skb).pid,
@@ -1298,9 +1312,6 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
        if (nlh->nlmsg_flags & NLM_F_DUMP) {
                u32 rlen;
 
-               if (nfmsg->nfgen_family != AF_INET)
-                       return -EAFNOSUPPORT;
-
                if ((*errp = netlink_dump_start(ctnl, skb, nlh,
                                                ctnetlink_exp_dump_table,
                                                ctnetlink_done)) != 0)