diff options
Diffstat (limited to 'net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch')
-rw-r--r-- | net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch new file mode 100644 index 000000000000..6cc941ddd1a6 --- /dev/null +++ b/net-misc/l7-filter-userspace/files/l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch @@ -0,0 +1,104 @@ +diff -Naur l7-filter-userspace-0.11-orig/l7-conntrack.cpp l7-filter-userspace-0.11-ptch/l7-conntrack.cpp +--- l7-filter-userspace-0.11-orig/l7-conntrack.cpp 2009-02-26 21:40:28.000000000 +0000 ++++ l7-filter-userspace-0.11-ptch/l7-conntrack.cpp 2009-10-19 17:40:42.000000000 +0000 +@@ -121,25 +121,10 @@ + return (char *)buffer; + } + +-static int sprintf_conntrack_key(char *buf, struct nfct_conntrack *ct, +- unsigned int flags) +-{ +- int size = 0; +- +- size += nfct_sprintf_protocol(buf, ct); +- size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]); +- size += nfct_sprintf_proto(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]); +- +- /* Delete the last blank space */ +- buf[size-1] = '\0'; +- +- return size; +-} +- +-static string make_key(nfct_conntrack* ct, int flags) ++static string make_key(nfct_conntrack* ct, int flags, int type) + { + char key[512]; +- int keysize = sprintf_conntrack_key(key, ct, flags); ++ int keysize = nfct_snprintf(key, sizeof(key), (const nf_conntrack *)ct, type, NFCT_O_DEFAULT, flags); + if(keysize >= 512){ + cerr << "Yike! Overflowed key!\n"; + exit(1); +@@ -148,28 +133,28 @@ + return key; + } + +-static int l7_handle_conntrack_event(void *arg, unsigned int flags, int type, ++static int l7_handle_conntrack_event(enum nf_conntrack_msg_type type, struct nf_conntrack* arg, + void *data) + { + l7_conntrack * l7_conntrack_handler = (l7_conntrack *) data; + + nfct_conntrack* ct = (nfct_conntrack*)arg; ++ u_int8_t protonum = *(u_int8_t *)nfct_get_attr((const nf_conntrack *)ct, ATTR_ORIG_L4PROTO); + + // I don't think there is any demand for ICMP. These are enough work for now. +- if(ct->tuple[0].protonum != IPPROTO_TCP && +- ct->tuple[0].protonum != IPPROTO_UDP) return 0; ++ if(protonum != IPPROTO_TCP && protonum != IPPROTO_UDP) return 0; + +- if(type == NFCT_MSG_DESTROY) l7printf(3, "Got event: NFCT_MSG_DESTROY\n"); +- if(type == NFCT_MSG_NEW) l7printf(3, "Got event: NFCT_MSG_NEW\n"); +- if(type == NFCT_MSG_UPDATE) l7printf(3, "Got event: NFCT_MSG_UPDATE\n"); +- if(type == NFCT_MSG_UNKNOWN) l7printf(3, "Got event: NFCT_MSG_UNKNOWN\n"); ++ if(type == NFCT_T_DESTROY) l7printf(3, "Got event: NFCT_T_DESTROY\n"); ++ if(type == NFCT_T_NEW) l7printf(3, "Got event: NFCT_T_NEW\n"); ++ if(type == NFCT_T_UPDATE) l7printf(3, "Got event: NFCT_T_UPDATE\n"); ++ if(type == NFCT_T_UNKNOWN) l7printf(3, "Got event: NFCT_T_UNKNOWN\n"); + + // On the first packet, create the connection buffer, etc. +- if(type == NFCT_MSG_NEW){ +- string key = make_key(ct, flags); ++ if(type == NFCT_T_NEW){ ++ string key = make_key(ct, 0, NFCT_T_NEW); + if (l7_conntrack_handler->get_l7_connection(key)){ + // this happens sometimes +- cerr << "Received NFCT_MSG_NEW but already have a connection. Packets = " ++ cerr << "Received NFCT_T_NEW but already have a connection. Packets = " + << l7_conntrack_handler->get_l7_connection(key)->get_num_packets() + << endl; + l7_conntrack_handler->remove_l7_connection(key); +@@ -179,9 +164,9 @@ + l7_conntrack_handler->add_l7_connection(thisconnection, key); + thisconnection->key = key; + } +- else if(type == NFCT_MSG_DESTROY){ ++ else if(type == NFCT_T_DESTROY){ + // clean up the connection buffer, etc. +- string key = make_key(ct, flags); ++ string key = make_key(ct, 0, NFCT_T_DESTROY); + if(l7_conntrack_handler->get_l7_connection(key)){ + l7_conntrack_handler->remove_l7_connection(key); + } +@@ -193,7 +178,7 @@ + + l7_conntrack::~l7_conntrack() + { +- nfct_conntrack_free(ct); ++ free(ct); + nfct_close(cth); + } + +@@ -230,9 +215,9 @@ + { + int ret; + +- nfct_register_callback(cth, l7_handle_conntrack_event, (void *)this); +- ret = nfct_event_conntrack(cth); // this is the main loop ++ nfct_callback_register(cth, NFCT_T_NEW, l7_handle_conntrack_event, (void *)this); ++ ret = nfct_catch(cth); // this is the main loop + + nfct_close(cth); +- nfct_conntrack_free(ct); ++ free(ct); + } |