From 15c3aa58b5f1011e0116fe4d277c4f8a9c5704c2 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sat, 12 Apr 2008 04:21:33 +0000 Subject: o simplify parameter-handling code o check for missing source/address IP/ports o minor cleanups --- extensions/libct_proto_tcp.c | 33 ++++++++------------------------- extensions/libct_proto_udp.c | 33 ++++++++------------------------- 2 files changed, 16 insertions(+), 50 deletions(-) (limited to 'extensions') diff --git a/extensions/libct_proto_tcp.c b/extensions/libct_proto_tcp.c index a3b1826..b17a931 100644 --- a/extensions/libct_proto_tcp.c +++ b/extensions/libct_proto_tcp.c @@ -44,10 +44,10 @@ static char tcp_commands_v_options[NUMBER_OF_CMD][TCP_NUMBER_OF_OPT] = { /* 1 2 3 4 5 6 7 8 9 */ /*CT_LIST*/ {2,2,2,2,0,0,2,0,0}, -/*CT_CREATE*/ {1,1,1,1,0,0,1,0,0}, -/*CT_UPDATE*/ {1,1,1,1,0,0,2,0,0}, -/*CT_DELETE*/ {1,1,1,1,0,0,0,0,0}, -/*CT_GET*/ {1,1,1,1,0,0,2,0,0}, +/*CT_CREATE*/ {2,2,2,2,0,0,1,0,0}, +/*CT_UPDATE*/ {2,2,2,2,0,0,2,0,0}, +/*CT_DELETE*/ {2,2,2,2,0,0,0,0,0}, +/*CT_GET*/ {2,2,2,2,0,0,2,0,0}, /*CT_FLUSH*/ {0,0,0,0,0,0,0,0,0}, /*CT_EVENT*/ {2,2,2,2,0,0,2,0,0}, /*CT_VERSION*/ {0,0,0,0,0,0,0,0,0}, @@ -200,27 +200,10 @@ static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) { - if ((flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT)) - && !(flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) { - nfct_set_attr_u16(ct, - ATTR_REPL_PORT_SRC, - nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST)); - nfct_set_attr_u16(ct, - ATTR_REPL_PORT_DST, - nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC)); - flags |= TCP_REPL_SPORT; - flags |= TCP_REPL_DPORT; - } else if (!(flags & (TCP_ORIG_SPORT|TCP_ORIG_DPORT)) - && (flags & (TCP_REPL_SPORT|TCP_REPL_DPORT))) { - nfct_set_attr_u16(ct, - ATTR_ORIG_PORT_SRC, - nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST)); - nfct_set_attr_u16(ct, - ATTR_ORIG_PORT_DST, - nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC)); - flags |= TCP_ORIG_SPORT; - flags |= TCP_ORIG_DPORT; - } + if ((1 << cmd) & (CT_CREATE|CT_UPDATE|CT_DELETE|CT_GET) && + !((flags & TCP_ORIG_SPORT && flags & TCP_ORIG_DPORT) || + (flags & TCP_REPL_SPORT && flags & TCP_REPL_DPORT))) + exit_error(PARAMETER_PROBLEM, "missing ports"); generic_opt_check(flags, TCP_NUMBER_OF_OPT, diff --git a/extensions/libct_proto_udp.c b/extensions/libct_proto_udp.c index a72f9cf..cb52c58 100644 --- a/extensions/libct_proto_udp.c +++ b/extensions/libct_proto_udp.c @@ -54,10 +54,10 @@ static char udp_commands_v_options[NUMBER_OF_CMD][UDP_NUMBER_OF_OPT] = { /* 1 2 3 4 5 6 7 8 */ /*CT_LIST*/ {2,2,2,2,0,0,0,0}, -/*CT_CREATE*/ {1,1,1,1,0,0,0,0}, -/*CT_UPDATE*/ {1,1,1,1,0,0,0,0}, -/*CT_DELETE*/ {1,1,1,1,0,0,0,0}, -/*CT_GET*/ {1,1,1,1,0,0,0,0}, +/*CT_CREATE*/ {2,2,2,2,0,0,0,0}, +/*CT_UPDATE*/ {2,2,2,2,0,0,0,0}, +/*CT_DELETE*/ {2,2,2,2,0,0,0,0}, +/*CT_GET*/ {2,2,2,2,0,0,0,0}, /*CT_FLUSH*/ {0,0,0,0,0,0,0,0}, /*CT_EVENT*/ {2,2,2,2,0,0,0,0}, /*CT_VERSION*/ {0,0,0,0,0,0,0,0}, @@ -165,27 +165,10 @@ static void final_check(unsigned int flags, unsigned int cmd, struct nf_conntrack *ct) { - if ((flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT)) - && !(flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) { - nfct_set_attr_u16(ct, - ATTR_REPL_PORT_SRC, - nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST)); - nfct_set_attr_u16(ct, - ATTR_REPL_PORT_DST, - nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC)); - flags |= UDP_REPL_SPORT; - flags |= UDP_REPL_DPORT; - } else if (!(flags & (UDP_ORIG_SPORT|UDP_ORIG_DPORT)) - && (flags & (UDP_REPL_SPORT|UDP_REPL_DPORT))) { - nfct_set_attr_u16(ct, - ATTR_ORIG_PORT_SRC, - nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST)); - nfct_set_attr_u16(ct, - ATTR_ORIG_PORT_DST, - nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC)); - flags |= UDP_ORIG_SPORT; - flags |= UDP_ORIG_DPORT; - } + if ((1 << cmd) & (CT_CREATE|CT_UPDATE|CT_DELETE|CT_GET) && + !((flags & UDP_ORIG_SPORT && flags & UDP_ORIG_DPORT) || + (flags & UDP_REPL_SPORT && flags & UDP_REPL_DPORT))) + exit_error(PARAMETER_PROBLEM, "missing ports"); generic_opt_check(flags, UDP_NUMBER_OF_OPT, -- cgit v1.2.3