From 8259e6dca13127e51f81ca7e75e419969417597f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 7 Feb 2012 00:27:51 +0100
Subject: conntrackd: add NAT expectation support

This patch adds the missing bits to support NAT expectation support.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/network.h |  4 ++++
 src/build.c       | 15 +++++++++++++++
 src/parse.c       | 23 +++++++++++++++++++++++
 3 files changed, 42 insertions(+)

diff --git a/include/network.h b/include/network.h
index f3ee9ed..f3b1f8e 100644
--- a/include/network.h
+++ b/include/network.h
@@ -270,6 +270,10 @@ enum nta_exp_attr {
 	NTA_EXP_TIMEOUT,		/* uint32_t */
 	NTA_EXP_FLAGS,			/* uint32_t */
 	NTA_EXP_CLASS,			/* uint32_t */
+	NTA_EXP_NAT_IPV4,		/* struct nfct_attr_grp_ipv4 */
+	NTA_EXP_NAT_PORT,		/* struct nfct_attr_grp_port */
+	NTA_EXP_NAT_L4PROTO,		/* uint8_t */
+	NTA_EXP_NAT_DIR,		/* uint32_t */
 	NTA_EXP_MAX
 };
 
diff --git a/src/build.c b/src/build.c
index b845e0b..c07f429 100644
--- a/src/build.c
+++ b/src/build.c
@@ -324,4 +324,19 @@ void exp2msg(const struct nf_expect *exp, struct nethdr *n)
 	exp_build_u32(exp, ATTR_EXP_FLAGS, n, NTA_EXP_FLAGS);
 	if (nfexp_attr_is_set(exp, ATTR_EXP_CLASS))
 		exp_build_u32(exp, ATTR_EXP_CLASS, n, NTA_EXP_CLASS);
+
+	/* include NAT information, if any. */
+	ct = nfexp_get_attr(exp, ATTR_EXP_NAT_TUPLE);
+	if (ct != NULL) {
+		if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) {
+			ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n,
+					NTA_EXP_NAT_IPV4,
+					sizeof(struct nfct_attr_grp_ipv4));
+		}
+		ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_NAT_L4PROTO);
+		if (exp_l4proto_fcn[l4proto].build)
+			exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_NAT_PORT);
+
+		exp_build_u32(exp, ATTR_EXP_NAT_DIR, n, NTA_EXP_NAT_DIR);
+	}
 }
diff --git a/src/parse.c b/src/parse.c
index f1fd628..2430001 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -346,6 +346,29 @@ static struct exp_parser {
 		.exp_attr	= ATTR_EXP_CLASS,
 		.size		= NTA_SIZE(sizeof(uint32_t)),
 	},
+	[NTA_EXP_NAT_IPV4] = {
+		.parse		= exp_parse_ct_group,
+		.exp_attr	= ATTR_EXP_NAT_TUPLE,
+		.ct_attr	= ATTR_GRP_ORIG_IPV4,
+		.size		= NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)),
+	},
+	[NTA_EXP_NAT_L4PROTO] = {
+		.parse		= exp_parse_ct_u8,
+		.exp_attr	= ATTR_EXP_NAT_TUPLE,
+		.ct_attr	= ATTR_L4PROTO,
+		.size		= NTA_SIZE(sizeof(uint8_t)),
+	},
+	[NTA_EXP_NAT_PORT] = {
+		.parse		= exp_parse_ct_group,
+		.exp_attr	= ATTR_EXP_NAT_TUPLE,
+		.ct_attr	= ATTR_GRP_ORIG_PORT,
+		.size		= NTA_SIZE(sizeof(struct nfct_attr_grp_port)),
+	},
+	[NTA_EXP_NAT_DIR] = {
+		.parse		= exp_parse_u32,
+		.exp_attr	= ATTR_EXP_NAT_DIR,
+		.size		= NTA_SIZE(sizeof(uint32_t)),
+	},
 };
 
 static void exp_parse_ct_group(void *ct, int attr, void *data)
-- 
cgit v1.2.3