summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2011-07-10 13:13:49 +0200
committerJan Engelhardt <jengelh@medozas.de>2011-07-10 13:16:41 +0200
commitd22ceae71eaae9f641e002074fb49cd7925a7c2f (patch)
tree2ee720d393869b7fc93a960c8ac768cce88a9407
parent34d9ce1b80618eebcf63e933cf4a15cc5482c0d2 (diff)
libxt_conntrack: move more data into the xt_option_entry
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r--extensions/libxt_conntrack.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 96400a11..8e1777e3 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -93,7 +93,8 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = {
{.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
.flags = XTOPT_INVERT},
{.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT,
+ XTOPT_POINTER(s, tuple[IP_CT_DIR_ORIGINAL].dst.protonum)},
{.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOST,
.flags = XTOPT_INVERT},
{.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOST,
@@ -110,13 +111,13 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = {
};
#undef s
-#define s struct xt_conntrack_mtinfo2 /* for v1-v2 */
-/* We exploit the fact that v1-v2 share the same layout */
+#define s struct xt_conntrack_mtinfo2
+/* We exploit the fact that v1-v2 share the same xt_o_e layout */
static const struct xt_option_entry conntrack2_mt_opts[] = {
{.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
.flags = XTOPT_INVERT},
{.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)},
{.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
.flags = XTOPT_INVERT},
{.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
@@ -148,7 +149,7 @@ static const struct xt_option_entry conntrack3_mt_opts[] = {
{.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
.flags = XTOPT_INVERT},
{.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)},
{.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
.flags = XTOPT_INVERT},
{.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
@@ -337,8 +338,6 @@ static void conntrack_parse(struct xt_option_call *cb)
case O_CTPROTO:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_PROTO;
- sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol;
-
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
@@ -401,7 +400,6 @@ static void conntrack_mt_parse(struct xt_option_call *cb, uint8_t rev)
info->invert_flags |= XT_CONNTRACK_STATE;
break;
case O_CTPROTO:
- info->l4proto = cb->val.protocol;
if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM, "conntrack: rule would "
"never match protocol");