summaryrefslogtreecommitdiffstats
path: root/include/internal
diff options
context:
space:
mode:
Diffstat (limited to 'include/internal')
-rw-r--r--include/internal/Makefile.am2
-rw-r--r--include/internal/internal.h6
-rw-r--r--include/internal/object.h13
-rw-r--r--include/internal/proto.h20
-rw-r--r--include/internal/prototypes.h3
5 files changed, 37 insertions, 7 deletions
diff --git a/include/internal/Makefile.am b/include/internal/Makefile.am
index d5c2be6..a60c6b5 100644
--- a/include/internal/Makefile.am
+++ b/include/internal/Makefile.am
@@ -1,2 +1,2 @@
noinst_HEADERS = bitops.h extern.h linux_list.h prototypes.h \
- internal.h object.h types.h stack.h
+ internal.h object.h types.h stack.h proto.h
diff --git a/include/internal/internal.h b/include/internal/internal.h
index bb44e12..7cd7c44 100644
--- a/include/internal/internal.h
+++ b/include/internal/internal.h
@@ -14,7 +14,6 @@
#include <arpa/inet.h>
#include <time.h>
#include <errno.h>
-#include <netinet/in.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
@@ -27,6 +26,7 @@
#include "internal/types.h"
#include "internal/extern.h"
#include "internal/bitops.h"
+#include "internal/proto.h"
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
@@ -40,7 +40,11 @@
#define IPPROTO_DCCP 33
#endif
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+
#define BUFFER_SIZE(ret, size, len, offset) \
+ if (ret < 0) \
+ return -1; \
size += ret; \
if (ret > len) \
ret = len; \
diff --git a/include/internal/object.h b/include/internal/object.h
index 3f6904f..8854ef2 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -6,6 +6,7 @@
#ifndef _NFCT_OBJECT_H_
#define _NFCT_OBJECT_H_
+#include <internal/bitops.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
/*
@@ -223,12 +224,13 @@ struct nfct_filter {
enum nfct_filter_logic logic[NFCT_FILTER_MAX];
/*
- * This the layer 4 protocol map for filtering. Not more than
- * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually,
- * I doubt that anyone can reach such a limit.
+ * This the layer 4 protocol map for filtering. Not more than 255
+ * protocols. Although IPPROTO_MAX is currently 263, there are many
+ * fewer protocols defined in netinet/in.h, so no one should reach this
+ * limit.
*/
#define __FILTER_L4PROTO_MAX 255
- uint32_t l4proto_map[IPPROTO_MAX/32];
+ uint32_t l4proto_map[DIV_ROUND_UP(IPPROTO_MAX, 32)];
uint32_t l4proto_len;
struct {
@@ -286,9 +288,12 @@ struct nfct_filter {
*/
struct nfct_filter_dump {
+ struct nf_conntrack ct;
struct nfct_filter_dump_mark mark;
+ struct nfct_filter_dump_mark status;
uint8_t l3num;
uint32_t set;
+ uint16_t zone;
};
/*
diff --git a/include/internal/proto.h b/include/internal/proto.h
new file mode 100644
index 0000000..60a5f4e
--- /dev/null
+++ b/include/internal/proto.h
@@ -0,0 +1,20 @@
+#ifndef _NFCT_PROTO_H_
+#define _NFCT_PROTO_H_
+
+#include <stdint.h>
+#include <netinet/in.h>
+#include <linux/icmp.h>
+#include <linux/icmpv6.h>
+
+#ifndef ICMPV6_NI_QUERY
+#define ICMPV6_NI_QUERY 139
+#endif
+
+#ifndef ICMPV6_NI_REPLY
+#define ICMPV6_NI_REPLY 140
+#endif
+
+uint8_t __icmp_reply_type(uint8_t type);
+uint8_t __icmpv6_reply_type(uint8_t type);
+
+#endif
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index c0047b3..82a3f29 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -35,7 +35,8 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct);
int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter);
-void __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
+int __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
+int __build_filter_flush(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
int nfct_build_tuple(struct nlmsghdr *nlh, const struct __nfct_tuple *t, int type);
int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int dir, uint32_t *set);