diff options
Diffstat (limited to 'src/conntrack/objopt.c')
-rw-r--r-- | src/conntrack/objopt.c | 85 |
1 files changed, 46 insertions, 39 deletions
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index d2035fb..5898746 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -11,27 +11,34 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) { - int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG; + struct __nfct_tuple *this = NULL, *other = NULL; - ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum; - ct->tuple[dir].protonum = ct->tuple[other].protonum; + switch(dir) { + case __DIR_ORIG: + this = &ct->head.orig; + other = &ct->repl; + break; + case __DIR_REPL: + this = &ct->repl; + other = &ct->head.orig; + break; + } + + this->l3protonum = other->l3protonum; + this->protonum = other->protonum; - memcpy(&ct->tuple[dir].src.v6, - &ct->tuple[other].dst.v6, - sizeof(union __nfct_address)); - memcpy(&ct->tuple[dir].dst.v6, - &ct->tuple[other].src.v6, - sizeof(union __nfct_address)); + memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address)); + memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address)); - switch(ct->tuple[dir].protonum) { + switch(this->protonum) { case IPPROTO_UDP: case IPPROTO_TCP: case IPPROTO_SCTP: case IPPROTO_DCCP: case IPPROTO_GRE: case IPPROTO_UDPLITE: - ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; - ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; + this->l4src.all = other->l4dst.all; + this->l4dst.all = other->l4src.all; break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: @@ -40,41 +47,41 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) } /* XXX: this is safe but better convert bitset to uint64_t */ - ct->set[0] |= TS_ORIG | TS_REPL; + ct->head.set[0] |= TS_ORIG | TS_REPL; } static void setobjopt_undo_snat(struct nf_conntrack *ct) { - ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4; + ct->snat.min_ip = ct->repl.dst.v4; ct->snat.max_ip = ct->snat.min_ip; - ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4; - set_bit(ATTR_SNAT_IPV4, ct->set); + ct->repl.dst.v4 = ct->head.orig.src.v4; + set_bit(ATTR_SNAT_IPV4, ct->head.set); } static void setobjopt_undo_dnat(struct nf_conntrack *ct) { - ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4; + ct->dnat.min_ip = ct->repl.src.v4; ct->dnat.max_ip = ct->dnat.min_ip; - ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4; - set_bit(ATTR_DNAT_IPV4, ct->set); + ct->repl.src.v4 = ct->head.orig.dst.v4; + set_bit(ATTR_DNAT_IPV4, ct->head.set); } static void setobjopt_undo_spat(struct nf_conntrack *ct) { - ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port; + ct->snat.l4min.all = ct->repl.l4dst.tcp.port; ct->snat.l4max.all = ct->snat.l4min.all; - ct->tuple[__DIR_REPL].l4dst.tcp.port = - ct->tuple[__DIR_ORIG].l4src.tcp.port; - set_bit(ATTR_SNAT_PORT, ct->set); + ct->repl.l4dst.tcp.port = + ct->head.orig.l4src.tcp.port; + set_bit(ATTR_SNAT_PORT, ct->head.set); } static void setobjopt_undo_dpat(struct nf_conntrack *ct) { - ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port; + ct->dnat.l4min.all = ct->repl.l4src.tcp.port; ct->dnat.l4max.all = ct->dnat.l4min.all; - ct->tuple[__DIR_REPL].l4src.tcp.port = - ct->tuple[__DIR_ORIG].l4dst.tcp.port; - set_bit(ATTR_DNAT_PORT, ct->set); + ct->repl.l4src.tcp.port = + ct->head.orig.l4dst.tcp.port; + set_bit(ATTR_DNAT_PORT, ct->head.set); } static void setobjopt_setup_orig(struct nf_conntrack *ct) @@ -107,34 +114,34 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option) static int getobjopt_is_snat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].dst.v4 != - ct->tuple[__DIR_ORIG].src.v4); + ct->repl.dst.v4 != + ct->head.orig.src.v4); } static int getobjopt_is_dnat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].src.v4 != - ct->tuple[__DIR_ORIG].dst.v4); + ct->repl.src.v4 != + ct->head.orig.dst.v4); } static int getobjopt_is_spat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4dst.tcp.port != - ct->tuple[__DIR_ORIG].l4src.tcp.port); + ct->repl.l4dst.tcp.port != + ct->head.orig.l4src.tcp.port); } static int getobjopt_is_dpat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4src.tcp.port != - ct->tuple[__DIR_ORIG].l4dst.tcp.port); + ct->repl.l4src.tcp.port != + ct->head.orig.l4dst.tcp.port); } static const getobjopt getobjopt_array[__NFCT_GOPT_MAX] = { |