summaryrefslogtreecommitdiffstats
path: root/src/conntrack/build.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-04-14 10:35:27 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-04-14 10:35:27 +0200
commit7533cca286edee99db29eb1238653a2040738d3e (patch)
tree7ec0f6039c6eed21192851ee3baa14041249222e /src/conntrack/build.c
parent4c29acdd89f15fbc4b70851e3c88387eb6322519 (diff)
src: add initial DCCP support
This patch adds initial DCCP support for libnetfilter_conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/build.c')
-rw-r--r--src/conntrack/build.c38
1 files changed, 29 insertions, 9 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 4b2e292..1738402 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -50,6 +50,7 @@ void __build_tuple_proto(struct nfnlhdr *req,
case IPPROTO_UDP:
case IPPROTO_TCP:
case IPPROTO_SCTP:
+ case IPPROTO_DCCP:
case IPPROTO_GRE:
case IPPROTO_UDPLITE:
nfnl_addattr_l(&req->nlh, size, CTA_PROTO_SRC_PORT,
@@ -98,14 +99,20 @@ void __build_tuple(struct nfnlhdr *req,
nfnl_nest_end(&req->nlh, nest);
}
-void __build_protoinfo(struct nfnlhdr *req,
- size_t size,
- const struct nf_conntrack *ct)
+static void __build_protoinfo(struct nfnlhdr *req, size_t size,
+ const struct nf_conntrack *ct)
{
struct nfattr *nest, *nest_proto;
switch(ct->tuple[__DIR_ORIG].protonum) {
case IPPROTO_TCP:
+ if (!(test_bit(ATTR_TCP_STATE, ct->set) ||
+ (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
+ test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
+ (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
+ test_bit(ATTR_TCP_MASK_REPL, ct->set)))) {
+ break;
+ }
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
if (test_bit(ATTR_TCP_STATE, ct->set))
@@ -129,6 +136,11 @@ void __build_protoinfo(struct nfnlhdr *req,
nfnl_nest_end(&req->nlh, nest);
break;
case IPPROTO_SCTP:
+ if (!(test_bit(ATTR_SCTP_STATE, ct->set) &&
+ (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) &&
+ test_bit(ATTR_SCTP_VTAG_REPL, ct->set)))) {
+ break;
+ }
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP);
if (test_bit(ATTR_SCTP_STATE, ct->set))
@@ -147,6 +159,19 @@ void __build_protoinfo(struct nfnlhdr *req,
nfnl_nest_end(&req->nlh, nest_proto);
nfnl_nest_end(&req->nlh, nest);
break;
+ case IPPROTO_DCCP:
+ if (!(test_bit(ATTR_DCCP_STATE, ct->set)))
+ break;
+
+ nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
+ nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
+ if (test_bit(ATTR_DCCP_STATE, ct->set))
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_STATE,
+ &ct->protoinfo.dccp.state,
+ sizeof(u_int8_t));
+ nfnl_nest_end(&req->nlh, nest_proto);
+ nfnl_nest_end(&req->nlh, nest);
default:
break;
}
@@ -404,12 +429,7 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
if (test_bit(ATTR_SECMARK, ct->set))
__build_secmark(req, size, ct);
- if (test_bit(ATTR_TCP_STATE, ct->set) ||
- (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
- test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
- (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
- test_bit(ATTR_TCP_MASK_REPL, ct->set)))
- __build_protoinfo(req, size, ct);
+ __build_protoinfo(req, size, ct);
if (test_bit(ATTR_SNAT_IPV4, ct->set) &&
test_bit(ATTR_SNAT_PORT, ct->set))