summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.in2
-rw-r--r--include/internal.h2
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h8
-rw-r--r--src/conntrack/api.c94
-rw-r--r--src/conntrack/copy.c429
5 files changed, 484 insertions, 51 deletions
diff --git a/configure.in b/configure.in
index af6f071..0f895d7 100644
--- a/configure.in
+++ b/configure.in
@@ -4,7 +4,7 @@ AC_INIT
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.92)
+AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.93)
AC_PROG_CC
AM_PROG_LIBTOOL
diff --git a/include/internal.h b/include/internal.h
index 9c3b64b..ae1bd9d 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -35,9 +35,11 @@ struct nfct_handle;
typedef void (*set_attr)(struct nf_conntrack *ct, const void *value);
typedef const void *(*get_attr)(const struct nf_conntrack *ct);
+typedef void (*copy_attr)(struct nf_conntrack *d, const struct nf_conntrack *o);
extern set_attr set_attr_array[];
extern get_attr get_attr_array[];
+extern copy_attr copy_attr_array[];
typedef int (*nfct_handler)(struct nfct_handle *cth, struct nlmsghdr *nlh,
void *arg);
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 8d146c4..075ac3a 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -307,14 +307,20 @@ extern int nfct_catch(struct nfct_handle *h);
/* copy */
enum {
+ NFCT_CP_ALL = 0,
NFCT_CP_ORIG = (1 << 0),
- NFCT_CP_REPL = (1 << 1)
+ NFCT_CP_REPL = (1 << 1),
+ NFCT_CP_META = (1 << 2),
};
extern void nfct_copy(struct nf_conntrack *dest,
const struct nf_conntrack *source,
unsigned int flags);
+extern void nfct_copy_attr(struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2,
+ const enum nf_conntrack_attr type);
+
/* low level API: netlink functions */
extern int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 4d5abb7..45b03c0 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -737,21 +737,97 @@ int nfct_cmp(const struct nf_conntrack *ct1,
* 1) You have to pass an already allocated space for the target object
* 2) You can copy only a part of the source object to the target
*
- * The current supported flags are NFCT_CP_ORIG and NFCT_CP_REPL that
- * can be used to copy the information that identifies a flow in the
- * original and the reply direction. This information is usually composed
- * of: source and destination IP address; source and destination ports;
- * layer 3 and 4 protocol number.
+ * The current supported flags are:
+ * - NFCT_CP_ALL that copies the object entirely.
+ * - NFCT_CP_ORIG and NFCT_CP_REPL that can be used to copy the
+ * information that identifies a flow in the original and the reply
+ * direction. This information is usually composed of: source and
+ * destination IP address; source and destination ports; layer 3
+ * and 4 protocol number.
+ * - NFCT_CP_META that copies the metainformation
+ * (all the attributes >= ATTR_TCP_STATE)
*/
void nfct_copy(struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
+ int i;
+
assert(ct1 != NULL);
assert(ct2 != NULL);
- if (flags & NFCT_CP_ORIG)
- __copy_tuple(ct1, ct2, __DIR_ORIG);
- if (flags & NFCT_CP_REPL)
- __copy_tuple(ct1, ct2, __DIR_REPL);
+ if (flags == NFCT_CP_ALL) {
+ for (i=0; i<ATTR_MAX; i++) {
+ if (test_bit(i, ct2->set)) {
+ copy_attr_array[i](ct1, ct2);
+ set_bit(i, ct1->set);
+ }
+ }
+ return;
+ }
+
+ static int cp_orig_mask[] = {
+ ATTR_ORIG_IPV6_SRC, /* this also copies IPv4 */
+ ATTR_ORIG_IPV6_DST,
+ ATTR_ORIG_PORT_SRC, /* this also copies ICMP */
+ ATTR_ORIG_PORT_DST,
+ ATTR_ORIG_L3PROTO,
+ ATTR_ORIG_L4PROTO,
+ };
+ #define __CP_ORIG_MAX sizeof(cp_orig_mask)/sizeof(int)
+
+ if (flags & NFCT_CP_ORIG) {
+ for (i=0; i<__CP_ORIG_MAX; i++) {
+ if (test_bit(i, ct2->set)) {
+ copy_attr_array[cp_orig_mask[i]](ct1, ct2);
+ set_bit(i, ct1->set);
+ }
+ }
+ }
+
+ static int cp_repl_mask[] = {
+ ATTR_REPL_IPV6_SRC, /* this also copies IPv4 */
+ ATTR_REPL_IPV6_DST,
+ ATTR_REPL_PORT_SRC, /* this also copies ICMP */
+ ATTR_REPL_PORT_DST,
+ ATTR_REPL_L3PROTO,
+ ATTR_REPL_L4PROTO,
+ };
+ #define __CP_REPL_MAX sizeof(cp_repl_mask)/sizeof(int)
+
+ if (flags & NFCT_CP_REPL) {
+ for (i=0; i<__CP_REPL_MAX; i++) {
+ if (test_bit(i, ct2->set)) {
+ copy_attr_array[cp_repl_mask[i]](ct1, ct2);
+ set_bit(i, ct1->set);
+ }
+ }
+ }
+
+ if (flags & NFCT_CP_META) {
+ for (i=ATTR_TCP_STATE; i<ATTR_MAX; i++) {
+ if (test_bit(i, ct2->set)) {
+ copy_attr_array[i](ct1, ct2);
+ set_bit(i, ct1->set);
+ }
+ }
+ }
+}
+
+/**
+ * nfct_copy_attr - copy an attribute of one source object to another
+ * @ct1: destination object
+ * @ct2: source object
+ * @flags: flags
+ *
+ * This function copies one attribute (if present) to another object.
+ */
+void nfct_copy_attr(struct nf_conntrack *ct1,
+ const struct nf_conntrack *ct2,
+ const enum nf_conntrack_attr type)
+{
+ if (test_bit(type, ct2->set)) {
+ copy_attr_array[type](ct1, ct2);
+ set_bit(type, ct1->set);
+ }
}
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index e03abc8..142f868 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -7,51 +7,400 @@
#include "internal.h"
-#define TS_ORIG \
-({ \
- ((1 << ATTR_ORIG_IPV4_SRC) | (1 << ATTR_ORIG_IPV4_DST) | \
- (1 << ATTR_ORIG_IPV6_SRC) | (1 << ATTR_ORIG_IPV6_DST) | \
- (1 << ATTR_ORIG_PORT_SRC) | (1 << ATTR_ORIG_PORT_DST) | \
- (1 << ATTR_ORIG_L3PROTO) | (1 << ATTR_ORIG_L4PROTO) | \
- (1 << ATTR_ICMP_TYPE) | (1 << ATTR_ICMP_CODE) | \
- (1 << ATTR_ICMP_ID)); \
-})
-
-#define TS_REPL \
-({ \
- ((1 << ATTR_REPL_IPV4_SRC) | (1 << ATTR_REPL_IPV4_DST) | \
- (1 << ATTR_REPL_IPV6_SRC) | (1 << ATTR_REPL_IPV6_DST) | \
- (1 << ATTR_REPL_PORT_SRC) | (1 << ATTR_REPL_PORT_DST) | \
- (1 << ATTR_REPL_L3PROTO) | (1 << ATTR_REPL_L4PROTO) | \
- (1 << ATTR_ICMP_TYPE) | (1 << ATTR_ICMP_CODE) | \
- (1 << ATTR_ICMP_ID)); \
-})
-
-#define TUPLE_SET(dir) (dir == __DIR_ORIG ? TS_ORIG : TS_REPL)
-
-void __copy_tuple(struct nf_conntrack *ct2,
- const struct nf_conntrack *ct1,
- int dir)
-{
- memcpy(&ct2->tuple[dir].src,
- &ct1->tuple[dir].src,
+static void copy_attr_orig_ipv4_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].src.v4 = orig->tuple[__DIR_ORIG].src.v4;
+}
+
+static void copy_attr_orig_ipv4_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].dst.v4 = orig->tuple[__DIR_ORIG].dst.v4;
+}
+
+static void copy_attr_repl_ipv4_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].src.v4 = orig->tuple[__DIR_REPL].src.v4;
+}
+
+static void copy_attr_repl_ipv4_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].dst.v4 = orig->tuple[__DIR_REPL].dst.v4;
+}
+
+static void copy_attr_orig_ipv6_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_ORIG].src,
+ &orig->tuple[__DIR_ORIG].src,
+ sizeof(union __nfct_address));
+}
+
+static void copy_attr_orig_ipv6_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_ORIG].dst,
+ &orig->tuple[__DIR_ORIG].dst,
+ sizeof(union __nfct_address));
+}
+
+static void copy_attr_repl_ipv6_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_REPL].src,
+ &orig->tuple[__DIR_REPL].src,
+ sizeof(union __nfct_address));
+}
+
+static void copy_attr_repl_ipv6_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_REPL].dst,
+ &orig->tuple[__DIR_REPL].dst,
+ sizeof(union __nfct_address));
+}
+
+static void copy_attr_orig_port_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l4src.all = orig->tuple[__DIR_ORIG].l4src.all;
+}
+
+static void copy_attr_orig_port_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l4dst.all = orig->tuple[__DIR_ORIG].l4dst.all;
+}
+
+static void copy_attr_repl_port_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].l4src.all = orig->tuple[__DIR_REPL].l4src.all;
+}
+
+static void copy_attr_repl_port_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].l4dst.all = orig->tuple[__DIR_REPL].l4dst.all;
+}
+
+static void copy_attr_icmp_type(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l4dst.icmp.type =
+ orig->tuple[__DIR_ORIG].l4dst.icmp.type;
+
+}
+
+static void copy_attr_icmp_code(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l4dst.icmp.code =
+ orig->tuple[__DIR_ORIG].l4dst.icmp.code;
+
+}
+
+static void copy_attr_icmp_id(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l4src.icmp.id =
+ orig->tuple[__DIR_ORIG].l4src.icmp.id;
+}
+
+static void copy_attr_orig_l3proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].l3protonum = orig->tuple[__DIR_ORIG].l3protonum;
+}
+
+static void copy_attr_repl_l3proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].l3protonum = orig->tuple[__DIR_REPL].l3protonum;
+}
+
+static void copy_attr_orig_l4proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].protonum = orig->tuple[__DIR_ORIG].protonum;
+}
+
+static void copy_attr_repl_l4proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].protonum = orig->tuple[__DIR_REPL].protonum;
+}
+
+static void copy_attr_master_ipv4_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].src.v4 = orig->tuple[__DIR_MASTER].src.v4;
+}
+
+static void copy_attr_master_ipv4_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].dst.v4 = orig->tuple[__DIR_MASTER].dst.v4;
+}
+
+static void copy_attr_master_ipv6_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_MASTER].src,
+ &orig->tuple[__DIR_MASTER].src,
sizeof(union __nfct_address));
+}
- memcpy(&ct2->tuple[dir].dst,
- &ct1->tuple[dir].dst,
+static void copy_attr_master_ipv6_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ memcpy(&dest->tuple[__DIR_MASTER].dst,
+ &orig->tuple[__DIR_MASTER].dst,
sizeof(union __nfct_address));
+}
+
+static void copy_attr_master_port_src(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].l4src.all =
+ orig->tuple[__DIR_MASTER].l4src.all;
+}
+
+static void copy_attr_master_port_dst(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].l4dst.all =
+ orig->tuple[__DIR_MASTER].l4dst.all;
+}
+
+static void copy_attr_master_l3proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].l3protonum =
+ orig->tuple[__DIR_MASTER].l3protonum;
+}
+
+static void copy_attr_master_l4proto(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_MASTER].protonum =
+ orig->tuple[__DIR_MASTER].protonum;
+}
+
+static void copy_attr_tcp_state(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.tcp.state = orig->protoinfo.tcp.state;
+}
+
+static void copy_attr_tcp_flags_orig(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.tcp.flags[__DIR_ORIG].value =
+ orig->protoinfo.tcp.flags[__DIR_ORIG].value;
+}
+
+static void copy_attr_tcp_flags_repl(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.tcp.flags[__DIR_REPL].value =
+ orig->protoinfo.tcp.flags[__DIR_REPL].value;
+}
+
+static void copy_attr_tcp_mask_orig(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.tcp.flags[__DIR_ORIG].mask =
+ orig->protoinfo.tcp.flags[__DIR_ORIG].mask;
+}
+
+static void copy_attr_tcp_mask_repl(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.tcp.flags[__DIR_REPL].mask =
+ orig->protoinfo.tcp.flags[__DIR_REPL].mask;
+}
+
+static void copy_attr_snat_ipv4(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->snat.min_ip = orig->snat.min_ip;
+}
+
+static void copy_attr_dnat_ipv4(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->dnat.min_ip = orig->dnat.min_ip;
+}
+
+static void copy_attr_snat_port(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->snat.l4min.all = orig->snat.l4min.all;
+}
+
+static void copy_attr_dnat_port(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->dnat.l4min.all = orig->dnat.l4min.all;
+}
+
+static void copy_attr_timeout(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->timeout = orig->timeout;
+}
+
+static void copy_attr_mark(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->mark = orig->mark;
+}
+
+static void copy_attr_secmark(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->secmark = orig->secmark;
+}
+
+static void copy_attr_orig_counter_packets(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->counters[__DIR_ORIG].packets = orig->counters[__DIR_ORIG].packets;
+}
+
+static void copy_attr_repl_counter_packets(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->counters[__DIR_REPL].packets = orig->counters[__DIR_REPL].packets;
+}
- ct2->tuple[dir].l3protonum = ct1->tuple[dir].l3protonum;
- ct2->tuple[dir].protonum = ct1->tuple[dir].protonum;
+static void copy_attr_orig_counter_bytes(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->counters[__DIR_ORIG].bytes = orig->counters[__DIR_ORIG].bytes;
+}
+
+static void copy_attr_repl_counter_bytes(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->counters[__DIR_REPL].bytes = orig->counters[__DIR_REPL].bytes;
+}
- memcpy(&ct2->tuple[dir].l4src,
- &ct1->tuple[dir].l4src,
- sizeof(union __nfct_l4));
+static void copy_attr_status(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->status = orig->status;
+}
- memcpy(&ct2->tuple[dir].l4dst,
- &ct1->tuple[dir].l4dst,
- sizeof(union __nfct_l4));
+static void copy_attr_use(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->use = orig->use;
+}
- /* XXX: this is safe but better convert bitset to uint64_t */
- ct2->set[0] |= ct1->set[0] & TUPLE_SET(__DIR_ORIG);
+static void copy_attr_id(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->id = orig->id;
}
+
+static void copy_attr_orig_cor_pos(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].natseq.correction_pos =
+ orig->tuple[__DIR_ORIG].natseq.correction_pos;
+}
+
+static void copy_attr_orig_off_bfr(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].natseq.offset_before =
+ orig->tuple[__DIR_ORIG].natseq.offset_before;
+}
+
+static void copy_attr_orig_off_aft(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_ORIG].natseq.offset_after =
+ orig->tuple[__DIR_ORIG].natseq.offset_after;
+}
+
+static void copy_attr_repl_cor_pos(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].natseq.correction_pos =
+ orig->tuple[__DIR_REPL].natseq.correction_pos;
+}
+
+static void copy_attr_repl_off_bfr(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].natseq.offset_before =
+ orig->tuple[__DIR_REPL].natseq.offset_before;
+}
+
+static void copy_attr_repl_off_aft(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->tuple[__DIR_REPL].natseq.offset_after =
+ orig->tuple[__DIR_REPL].natseq.offset_after;
+}
+
+copy_attr copy_attr_array[] = {
+ [ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src,
+ [ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst,
+ [ATTR_REPL_IPV4_SRC] = copy_attr_repl_ipv4_src,
+ [ATTR_REPL_IPV4_DST] = copy_attr_repl_ipv4_dst,
+ [ATTR_ORIG_IPV6_SRC] = copy_attr_orig_ipv6_src,
+ [ATTR_ORIG_IPV6_DST] = copy_attr_orig_ipv6_dst,
+ [ATTR_REPL_IPV6_SRC] = copy_attr_repl_ipv6_src,
+ [ATTR_REPL_IPV6_DST] = copy_attr_repl_ipv6_dst,
+ [ATTR_ORIG_PORT_SRC] = copy_attr_orig_port_src,
+ [ATTR_ORIG_PORT_DST] = copy_attr_orig_port_dst,
+ [ATTR_REPL_PORT_SRC] = copy_attr_repl_port_src,
+ [ATTR_REPL_PORT_DST] = copy_attr_repl_port_dst,
+ [ATTR_ICMP_TYPE] = copy_attr_icmp_type,
+ [ATTR_ICMP_CODE] = copy_attr_icmp_code,
+ [ATTR_ICMP_ID] = copy_attr_icmp_id,
+ [ATTR_ORIG_L3PROTO] = copy_attr_orig_l3proto,
+ [ATTR_REPL_L3PROTO] = copy_attr_repl_l3proto,
+ [ATTR_ORIG_L4PROTO] = copy_attr_orig_l4proto,
+ [ATTR_REPL_L4PROTO] = copy_attr_repl_l4proto,
+ [ATTR_TCP_STATE] = copy_attr_tcp_state,
+ [ATTR_SNAT_IPV4] = copy_attr_snat_ipv4,
+ [ATTR_DNAT_IPV4] = copy_attr_dnat_ipv4,
+ [ATTR_SNAT_PORT] = copy_attr_snat_port,
+ [ATTR_DNAT_PORT] = copy_attr_dnat_port,
+ [ATTR_TIMEOUT] = copy_attr_timeout,
+ [ATTR_MARK] = copy_attr_mark,
+ [ATTR_ORIG_COUNTER_PACKETS] = copy_attr_orig_counter_packets,
+ [ATTR_ORIG_COUNTER_BYTES] = copy_attr_orig_counter_bytes,
+ [ATTR_REPL_COUNTER_PACKETS] = copy_attr_repl_counter_packets,
+ [ATTR_REPL_COUNTER_BYTES] = copy_attr_repl_counter_bytes,
+ [ATTR_USE] = copy_attr_use,
+ [ATTR_ID] = copy_attr_id,
+ [ATTR_STATUS] = copy_attr_status,
+ [ATTR_TCP_FLAGS_ORIG] = copy_attr_tcp_flags_orig,
+ [ATTR_TCP_FLAGS_REPL] = copy_attr_tcp_flags_repl,
+ [ATTR_TCP_MASK_ORIG] = copy_attr_tcp_mask_orig,
+ [ATTR_TCP_MASK_REPL] = copy_attr_tcp_mask_repl,
+ [ATTR_MASTER_IPV4_SRC] = copy_attr_master_ipv4_src,
+ [ATTR_MASTER_IPV4_DST] = copy_attr_master_ipv4_dst,
+ [ATTR_MASTER_IPV6_SRC] = copy_attr_master_ipv6_src,
+ [ATTR_MASTER_IPV6_DST] = copy_attr_master_ipv6_dst,
+ [ATTR_MASTER_PORT_SRC] = copy_attr_master_port_src,
+ [ATTR_MASTER_PORT_DST] = copy_attr_master_port_dst,
+ [ATTR_MASTER_L3PROTO] = copy_attr_master_l3proto,
+ [ATTR_MASTER_L4PROTO] = copy_attr_master_l4proto,
+ [ATTR_SECMARK] = copy_attr_secmark,
+ [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = copy_attr_orig_cor_pos,
+ [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = copy_attr_orig_off_bfr,
+ [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = copy_attr_orig_off_aft,
+ [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = copy_attr_repl_cor_pos,
+ [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = copy_attr_repl_off_bfr,
+ [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = copy_attr_repl_off_aft,
+};