From d22ceae71eaae9f641e002074fb49cd7925a7c2f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 10 Jul 2011 13:13:49 +0200 Subject: libxt_conntrack: move more data into the xt_option_entry Signed-off-by: Jan Engelhardt --- extensions/libxt_conntrack.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 96400a11..8e1777e3 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -93,7 +93,8 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT}, + .flags = XTOPT_INVERT, + XTOPT_POINTER(s, tuple[IP_CT_DIR_ORIGINAL].dst.protonum)}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOST, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOST, @@ -110,13 +111,13 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = { }; #undef s -#define s struct xt_conntrack_mtinfo2 /* for v1-v2 */ -/* We exploit the fact that v1-v2 share the same layout */ +#define s struct xt_conntrack_mtinfo2 +/* We exploit the fact that v1-v2 share the same xt_o_e layout */ static const struct xt_option_entry conntrack2_mt_opts[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT}, + .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK, @@ -148,7 +149,7 @@ static const struct xt_option_entry conntrack3_mt_opts[] = { {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL, - .flags = XTOPT_INVERT}, + .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)}, {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK, .flags = XTOPT_INVERT}, {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK, @@ -337,8 +338,6 @@ static void conntrack_parse(struct xt_option_call *cb) case O_CTPROTO: if (cb->invert) sinfo->invflags |= XT_CONNTRACK_PROTO; - sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol; - if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0 && (sinfo->invflags & XT_INV_PROTO)) xtables_error(PARAMETER_PROBLEM, @@ -401,7 +400,6 @@ static void conntrack_mt_parse(struct xt_option_call *cb, uint8_t rev) info->invert_flags |= XT_CONNTRACK_STATE; break; case O_CTPROTO: - info->l4proto = cb->val.protocol; if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO)) xtables_error(PARAMETER_PROBLEM, "conntrack: rule would " "never match protocol"); -- cgit v1.2.3