summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-02-07 00:27:51 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-02-07 00:50:15 +0100
commit8259e6dca13127e51f81ca7e75e419969417597f (patch)
tree87c73ec7f098ee053a746d0b2eac3574a61c32b2 /src
parentf7824f63ae45c4979abe95fd3e7702eacd63bec1 (diff)
conntrackd: add NAT expectation support
This patch adds the missing bits to support NAT expectation support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/build.c15
-rw-r--r--src/parse.c23
2 files changed, 38 insertions, 0 deletions
diff --git a/src/build.c b/src/build.c
index b845e0b..c07f429 100644
--- a/src/build.c
+++ b/src/build.c
@@ -324,4 +324,19 @@ void exp2msg(const struct nf_expect *exp, struct nethdr *n)
exp_build_u32(exp, ATTR_EXP_FLAGS, n, NTA_EXP_FLAGS);
if (nfexp_attr_is_set(exp, ATTR_EXP_CLASS))
exp_build_u32(exp, ATTR_EXP_CLASS, n, NTA_EXP_CLASS);
+
+ /* include NAT information, if any. */
+ ct = nfexp_get_attr(exp, ATTR_EXP_NAT_TUPLE);
+ if (ct != NULL) {
+ if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) {
+ ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n,
+ NTA_EXP_NAT_IPV4,
+ sizeof(struct nfct_attr_grp_ipv4));
+ }
+ ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_NAT_L4PROTO);
+ if (exp_l4proto_fcn[l4proto].build)
+ exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_NAT_PORT);
+
+ exp_build_u32(exp, ATTR_EXP_NAT_DIR, n, NTA_EXP_NAT_DIR);
+ }
}
diff --git a/src/parse.c b/src/parse.c
index f1fd628..2430001 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -346,6 +346,29 @@ static struct exp_parser {
.exp_attr = ATTR_EXP_CLASS,
.size = NTA_SIZE(sizeof(uint32_t)),
},
+ [NTA_EXP_NAT_IPV4] = {
+ .parse = exp_parse_ct_group,
+ .exp_attr = ATTR_EXP_NAT_TUPLE,
+ .ct_attr = ATTR_GRP_ORIG_IPV4,
+ .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)),
+ },
+ [NTA_EXP_NAT_L4PROTO] = {
+ .parse = exp_parse_ct_u8,
+ .exp_attr = ATTR_EXP_NAT_TUPLE,
+ .ct_attr = ATTR_L4PROTO,
+ .size = NTA_SIZE(sizeof(uint8_t)),
+ },
+ [NTA_EXP_NAT_PORT] = {
+ .parse = exp_parse_ct_group,
+ .exp_attr = ATTR_EXP_NAT_TUPLE,
+ .ct_attr = ATTR_GRP_ORIG_PORT,
+ .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
+ },
+ [NTA_EXP_NAT_DIR] = {
+ .parse = exp_parse_u32,
+ .exp_attr = ATTR_EXP_NAT_DIR,
+ .size = NTA_SIZE(sizeof(uint32_t)),
+ },
};
static void exp_parse_ct_group(void *ct, int attr, void *data)