summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/internal/object.h9
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h6
-rw-r--r--src/conntrack/copy.c4
-rw-r--r--src/conntrack/parse.c4
-rw-r--r--src/conntrack/setter.c4
-rw-r--r--src/expect/build.c9
-rw-r--r--src/expect/getter.c6
-rw-r--r--src/expect/parse.c5
-rw-r--r--src/expect/setter.c7
-rw-r--r--src/expect/snprintf_default.c39
-rw-r--r--utils/expect_get.c4
11 files changed, 67 insertions, 30 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 5dce9d0..880f7c1 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -6,6 +6,8 @@
#ifndef _NFCT_OBJECT_H_
#define _NFCT_OBJECT_H_
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
/*
* nfct callback handler object
*/
@@ -161,11 +163,7 @@ struct nf_conntrack {
u_int32_t id;
u_int16_t zone;
-/* xt_helper uses a length size of 30 bytes, however, no helper name in
- * the tree has exceeded 16 bytes length. Since 2.6.29, the maximum
- * length accepted is 16 bytes, this limit is enforced during module load. */
-#define __NFCT_HELPER_NAMELEN 16
- char helper_name[__NFCT_HELPER_NAMELEN];
+ char helper_name[NFCT_HELPER_NAME_MAX];
/* According to Eric Paris <eparis@redhat.com> this field can be up to 4096
* bytes long. For that reason, we allocate this dynamically. */
char *secctx;
@@ -269,6 +267,7 @@ struct nf_expect {
u_int32_t id;
u_int16_t zone;
u_int32_t flags;
+ char helper_name[NFCT_HELPER_NAME_MAX];
u_int32_t set[1];
};
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 94e34be..f5add1a 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -507,6 +507,7 @@ enum nf_expect_attr {
ATTR_EXP_TIMEOUT, /* u32 bits */
ATTR_EXP_ZONE, /* u16 bits */
ATTR_EXP_FLAGS, /* u32 bits */
+ ATTR_EXP_HELPER_NAME, /* string (16 bytes max) */
ATTR_EXP_MAX
};
@@ -715,6 +716,11 @@ enum ip_conntrack_status {
#define NFCT_DIR_REPLY 1
#define NFCT_DIR_MAX NFCT_DIR_REPLY+1
+/* xt_helper uses a length size of 30 bytes, however, no helper name in
+ * the tree has exceeded 16 bytes length. Since 2.6.29, the maximum
+ * length accepted is 16 bytes, this limit is enforced during module load. */
+#define NFCT_HELPER_NAME_MAX 16
+
#ifdef __cplusplus
}
#endif
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index c3a4fcc..cdce0de 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -405,8 +405,8 @@ static void copy_attr_repl_off_aft(struct nf_conntrack *dest,
static void copy_attr_helper_name(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- strncpy(dest->helper_name, orig->helper_name, __NFCT_HELPER_NAMELEN);
- dest->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0';
+ strncpy(dest->helper_name, orig->helper_name, NFCT_HELPER_NAME_MAX);
+ dest->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
}
static void copy_attr_zone(struct nf_conntrack *dest,
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 8f8a01c..ee3074d 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -417,8 +417,8 @@ __parse_helper(const struct nfattr *attr, struct nf_conntrack *ct)
strncpy(ct->helper_name,
NFA_DATA(tb[CTA_HELP_NAME-1]),
- __NFCT_HELPER_NAMELEN);
- ct->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0';
+ NFCT_HELPER_NAME_MAX);
+ ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
set_bit(ATTR_HELPER_NAME, ct->set);
}
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 3282035..df06b04 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -310,8 +310,8 @@ static void set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value)
static void set_attr_helper_name(struct nf_conntrack *ct, const void *value)
{
- strncpy(ct->helper_name, value, __NFCT_HELPER_NAMELEN);
- ct->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0';
+ strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX);
+ ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
}
static void set_attr_dccp_state(struct nf_conntrack *ct, const void *value)
diff --git a/src/expect/build.c b/src/expect/build.c
index c1a5a1d..82aa852 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -26,6 +26,13 @@ static void __build_flags(struct nfnlhdr *req,
nfnl_addattr32(&req->nlh, size, CTA_EXPECT_FLAGS,htonl(exp->flags));
}
+static void __build_helper_name(struct nfnlhdr *req, size_t size,
+ const struct nf_expect *exp)
+{
+ nfnl_addattr_l(&req->nlh, size, CTA_EXPECT_HELP_NAME,
+ exp->helper_name, strlen(exp->helper_name));
+}
+
int __build_expect(struct nfnl_subsys_handle *ssh,
struct nfnlhdr *req,
size_t size,
@@ -73,6 +80,8 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
__build_flags(req, size, exp);
if (test_bit(ATTR_EXP_ZONE, exp->set))
__build_zone(req, size, exp);
+ if (test_bit(ATTR_EXP_HELPER_NAME, exp->set))
+ __build_helper_name(req, size, exp);
return 0;
}
diff --git a/src/expect/getter.c b/src/expect/getter.c
index 9cb6ede..69453c5 100644
--- a/src/expect/getter.c
+++ b/src/expect/getter.c
@@ -37,6 +37,11 @@ static const void *get_exp_attr_flags(const struct nf_expect *exp)
return &exp->flags;
}
+static const void *get_exp_attr_helper_name(const struct nf_expect *exp)
+{
+ return exp->helper_name;
+}
+
const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_MASTER] = get_exp_attr_master,
[ATTR_EXP_EXPECTED] = get_exp_attr_expected,
@@ -44,4 +49,5 @@ const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_TIMEOUT] = get_exp_attr_timeout,
[ATTR_EXP_ZONE] = get_exp_attr_zone,
[ATTR_EXP_FLAGS] = get_exp_attr_flags,
+ [ATTR_EXP_HELPER_NAME] = get_exp_attr_helper_name,
};
diff --git a/src/expect/parse.c b/src/expect/parse.c
index 0581aca..4d9852d 100644
--- a/src/expect/parse.c
+++ b/src/expect/parse.c
@@ -77,4 +77,9 @@ void __parse_expect(const struct nlmsghdr *nlh,
ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_FLAGS-1]));
set_bit(ATTR_EXP_FLAGS, exp->set);
}
+ if (cda[CTA_EXPECT_HELP_NAME-1]) {
+ strncpy(exp->helper_name, NFA_DATA(cda[CTA_EXPECT_HELP_NAME-1]),
+ NFA_PAYLOAD(cda[CTA_EXPECT_HELP_NAME-1]));
+ set_bit(ATTR_EXP_HELPER_NAME, exp->set);
+ }
}
diff --git a/src/expect/setter.c b/src/expect/setter.c
index 040b958..08b3547 100644
--- a/src/expect/setter.c
+++ b/src/expect/setter.c
@@ -37,6 +37,12 @@ static void set_exp_attr_flags(struct nf_expect *exp, const void *value)
exp->flags = *((u_int32_t *) value);
}
+static void set_exp_attr_helper_name(struct nf_expect *exp, const void *value)
+{
+ strncpy(exp->helper_name, value, NFCT_HELPER_NAME_MAX);
+ exp->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
+}
+
const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_MASTER] = set_exp_attr_master,
[ATTR_EXP_EXPECTED] = set_exp_attr_expected,
@@ -44,4 +50,5 @@ const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_TIMEOUT] = set_exp_attr_timeout,
[ATTR_EXP_ZONE] = set_exp_attr_zone,
[ATTR_EXP_FLAGS] = set_exp_attr_flags,
+ [ATTR_EXP_HELPER_NAME] = set_exp_attr_helper_name,
};
diff --git a/src/expect/snprintf_default.c b/src/expect/snprintf_default.c
index c4a19fa..6958552 100644
--- a/src/expect/snprintf_default.c
+++ b/src/expect/snprintf_default.c
@@ -64,6 +64,24 @@ int __snprintf_expect_default(char *buf,
ret = __snprintf_proto(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]);
BUFFER_SIZE(ret, size, len, offset);
+ ret = __snprintf_address(buf+offset, len,
+ &exp->mask.tuple[__DIR_ORIG],
+ "mask-src", "mask-dst");
+ BUFFER_SIZE(ret, size, len, offset);
+
+ ret = __snprintf_proto(buf+offset, len,
+ &exp->mask.tuple[__DIR_ORIG]);
+ BUFFER_SIZE(ret, size, len, offset);
+
+ ret = __snprintf_address(buf+offset, len,
+ &exp->master.tuple[__DIR_ORIG],
+ "master-src", "master-dst");
+ BUFFER_SIZE(ret, size, len, offset);
+
+ ret = __snprintf_proto(buf+offset, len,
+ &exp->master.tuple[__DIR_ORIG]);
+ BUFFER_SIZE(ret, size, len, offset);
+
if (test_bit(ATTR_EXP_ZONE, exp->set)) {
ret = snprintf(buf+offset, len, "zone=%u ", exp->zone);
BUFFER_SIZE(ret, size, len, offset);
@@ -84,23 +102,10 @@ int __snprintf_expect_default(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
- ret = __snprintf_address(buf+offset, len,
- &exp->mask.tuple[__DIR_ORIG],
- "mask-src", "mask-dst");
- BUFFER_SIZE(ret, size, len, offset);
-
- ret = __snprintf_proto(buf+offset, len,
- &exp->mask.tuple[__DIR_ORIG]);
- BUFFER_SIZE(ret, size, len, offset);
-
- ret = __snprintf_address(buf+offset, len,
- &exp->master.tuple[__DIR_ORIG],
- "master-src", "master-dst");
- BUFFER_SIZE(ret, size, len, offset);
-
- ret = __snprintf_proto(buf+offset, len,
- &exp->master.tuple[__DIR_ORIG]);
- BUFFER_SIZE(ret, size, len, offset);
+ if (test_bit(ATTR_EXP_HELPER_NAME, exp->set)) {
+ ret = snprintf(buf+offset, len, "helper=%s", exp->helper_name);
+ BUFFER_SIZE(ret, size, len, offset);
+ }
/* Delete the last blank space if needed */
if (len > 0 && buf[size-1] == ' ')
diff --git a/utils/expect_get.c b/utils/expect_get.c
index e42c845..c426cf3 100644
--- a/utils/expect_get.c
+++ b/utils/expect_get.c
@@ -32,8 +32,8 @@ int main(void)
}
nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
- nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("4.4.4.4"));
- nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("5.5.5.5"));
+ nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+ nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(10240));