diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack/api.c | 38 | ||||
-rw-r--r-- | src/conntrack/build.c | 183 | ||||
-rw-r--r-- | src/conntrack/compare.c | 61 | ||||
-rw-r--r-- | src/conntrack/copy.c | 98 | ||||
-rw-r--r-- | src/conntrack/getter.c | 66 | ||||
-rw-r--r-- | src/conntrack/grp_getter.c | 42 | ||||
-rw-r--r-- | src/conntrack/grp_setter.c | 64 | ||||
-rw-r--r-- | src/conntrack/objopt.c | 85 | ||||
-rw-r--r-- | src/conntrack/parse.c | 94 | ||||
-rw-r--r-- | src/conntrack/setter.c | 76 | ||||
-rw-r--r-- | src/conntrack/snprintf_default.c | 58 | ||||
-rw-r--r-- | src/conntrack/snprintf_xml.c | 104 | ||||
-rw-r--r-- | src/expect/build.c | 19 | ||||
-rw-r--r-- | src/expect/parse.c | 12 | ||||
-rw-r--r-- | src/expect/setter.c | 6 | ||||
-rw-r--r-- | src/expect/snprintf_default.c | 17 |
16 files changed, 502 insertions, 521 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 738aa51..d3d9bdb 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -377,7 +377,7 @@ void nfct_set_attr(struct nf_conntrack *ct, if (set_attr_array[type]) { set_attr_array[type](ct, value); - set_bit(type, ct->set); + set_bit(type, ct->head.set); } } @@ -451,7 +451,7 @@ const void *nfct_get_attr(const struct nf_conntrack *ct, return NULL; } - if (!test_bit(type, ct->set)) { + if (!test_bit(type, ct->head.set)) { errno = ENODATA; return NULL; } @@ -542,7 +542,7 @@ int nfct_attr_is_set(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - return test_bit(type, ct->set); + return test_bit(type, ct->head.set); } /** @@ -567,7 +567,7 @@ int nfct_attr_is_set_array(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - if (!test_bit(type_array[i], ct->set)) + if (!test_bit(type_array[i], ct->head.set)) return 0; } return 1; @@ -590,7 +590,7 @@ int nfct_attr_unset(struct nf_conntrack *ct, errno = EINVAL; return -1; } - unset_bit(type, ct->set); + unset_bit(type, ct->head.set); return 0; } @@ -615,7 +615,7 @@ void nfct_set_attr_grp(struct nf_conntrack *ct, if (set_attr_grp_array[type]) { set_attr_grp_array[type](ct, data); - set_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + set_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); } } @@ -638,7 +638,7 @@ int nfct_get_attr_grp(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - if (!test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET)) { + if (!test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET)) { errno = ENODATA; return -1; } @@ -663,7 +663,7 @@ int nfct_attr_grp_is_set(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - return test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + return test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); } /** @@ -683,7 +683,7 @@ int nfct_attr_grp_unset(struct nf_conntrack *ct, errno = EINVAL; return -1; } - unset_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); return 0; } @@ -1128,10 +1128,10 @@ void nfct_copy(struct nf_conntrack *ct1, } if (flags == NFCT_CP_ALL) { for (i=0; i<ATTR_MAX; i++) { - if (test_bit(i, ct2->set)) { + if (test_bit(i, ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[i](ct1, ct2); - set_bit(i, ct1->set); + set_bit(i, ct1->head.set); } } return; @@ -1154,10 +1154,10 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_ORIG) { for (i=0; i<__CP_ORIG_MAX; i++) { - if (test_bit(cp_orig_mask[i], ct2->set)) { + if (test_bit(cp_orig_mask[i], ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[cp_orig_mask[i]](ct1, ct2); - set_bit(cp_orig_mask[i], ct1->set); + set_bit(cp_orig_mask[i], ct1->head.set); } } } @@ -1176,20 +1176,20 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_REPL) { for (i=0; i<__CP_REPL_MAX; i++) { - if (test_bit(cp_repl_mask[i], ct2->set)) { + if (test_bit(cp_repl_mask[i], ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[cp_repl_mask[i]](ct1, ct2); - set_bit(cp_repl_mask[i], ct1->set); + set_bit(cp_repl_mask[i], ct1->head.set); } } } if (flags & NFCT_CP_META) { for (i=ATTR_TCP_STATE; i<ATTR_MAX; i++) { - if (test_bit(i, ct2->set)) { + if (test_bit(i, ct2->head.set)) { assert(copy_attr_array[i]), copy_attr_array[i](ct1, ct2); - set_bit(i, ct1->set); + set_bit(i, ct1->head.set); } } } @@ -1207,10 +1207,10 @@ void nfct_copy_attr(struct nf_conntrack *ct1, const struct nf_conntrack *ct2, const enum nf_conntrack_attr type) { - if (test_bit(type, ct2->set)) { + if (test_bit(type, ct2->head.set)) { assert(copy_attr_array[type]); copy_attr_array[type](ct1, ct2); - set_bit(type, ct1->set); + set_bit(type, ct1->head.set); } } diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 6e85d32..3ff2e13 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -106,45 +106,45 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, { struct nfattr *nest, *nest_proto; - switch(ct->tuple[__DIR_ORIG].protonum) { + switch(ct->head.orig.protonum) { case IPPROTO_TCP: /* Preliminary attribute check to avoid sending an empty * CTA_PROTOINFO_TCP nest, which results in EINVAL in * Linux kernel <= 2.6.25. */ - if (!(test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) || - test_bit(ATTR_TCP_FLAGS_REPL, ct->set) || - test_bit(ATTR_TCP_MASK_ORIG, ct->set) || - test_bit(ATTR_TCP_MASK_REPL, ct->set) || - test_bit(ATTR_TCP_WSCALE_ORIG, ct->set) || - test_bit(ATTR_TCP_WSCALE_REPL, ct->set))) { + if (!(test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) || + test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) || + test_bit(ATTR_TCP_MASK_ORIG, ct->head.set) || + test_bit(ATTR_TCP_MASK_REPL, ct->head.set) || + test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set) || + test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); - if (test_bit(ATTR_TCP_STATE, ct->set)) + if (test_bit(ATTR_TCP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, &ct->protoinfo.tcp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && - test_bit(ATTR_TCP_MASK_ORIG, ct->set)) + if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, &ct->protoinfo.tcp.flags[0], sizeof(struct nf_ct_tcp_flags)); - if (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && - test_bit(ATTR_TCP_MASK_REPL, ct->set)) + if (test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) && + test_bit(ATTR_TCP_MASK_REPL, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_FLAGS_REPLY, &ct->protoinfo.tcp.flags[1], sizeof(struct nf_ct_tcp_flags)); - if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->set)) + if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, &ct->protoinfo.tcp.wscale[__DIR_ORIG], sizeof(u_int8_t)); - if (test_bit(ATTR_TCP_WSCALE_REPL, ct->set)) + if (test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_WSCALE_REPLY, &ct->protoinfo.tcp.wscale[__DIR_REPL], @@ -154,23 +154,23 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, break; case IPPROTO_SCTP: /* See comment above on TCP. */ - if (!(test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) || - test_bit(ATTR_SCTP_VTAG_REPL, ct->set))) { + if (!(test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set) || + test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP); - if (test_bit(ATTR_SCTP_STATE, ct->set)) + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_SCTP_STATE, &ct->protoinfo.sctp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set)) + if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set)) nfnl_addattr32(&req->nlh, size, CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, htonl(ct->protoinfo.sctp.vtag[__DIR_ORIG])); - if (test_bit(ATTR_SCTP_VTAG_REPL, ct->set)) + if (test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set)) nfnl_addattr32(&req->nlh, size, CTA_PROTOINFO_SCTP_VTAG_REPLY, htonl(ct->protoinfo.sctp.vtag[__DIR_REPL])); @@ -179,24 +179,24 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, break; case IPPROTO_DCCP: /* See comment above on TCP. */ - if (!(test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_DCCP_ROLE, ct->set) || - test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set))) { + if (!(test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_ROLE, ct->head.set) || + test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP); - if (test_bit(ATTR_DCCP_STATE, ct->set)) + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_DCCP_STATE, &ct->protoinfo.dccp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_DCCP_ROLE, ct->set)) + if (test_bit(ATTR_DCCP_ROLE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_DCCP_ROLE, &ct->protoinfo.dccp.role, sizeof(u_int8_t)); - if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set)) { + if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set)) { /* FIXME: use __cpu_to_be64() instead which is the * correct operation. This is a semantic abuse but * we have no function to do it in libnfnetlink. */ @@ -224,15 +224,15 @@ __nat_seq_adj(struct nfnlhdr *req, nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_CORRECTION_POS, - htonl(ct->tuple[dir].natseq.correction_pos)); + htonl(ct->natseq[dir].correction_pos)); nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_OFFSET_BEFORE, - htonl(ct->tuple[dir].natseq.offset_before)); + htonl(ct->natseq[dir].offset_before)); nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_OFFSET_AFTER, - htonl(ct->tuple[dir].natseq.offset_after)); + htonl(ct->natseq[dir].offset_after)); } static void @@ -259,7 +259,7 @@ static void __build_protonat(struct nfnlhdr *req, nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO); - switch (ct->tuple[__DIR_ORIG].protonum) { + switch (ct->head.orig.protonum) { case IPPROTO_TCP: case IPPROTO_UDP: nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_PORT_MIN, @@ -405,9 +405,9 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, u_int16_t flags, const struct nf_conntrack *ct) { - u_int8_t l3num = ct->tuple[__DIR_ORIG].l3protonum; + u_int8_t l3num = ct->head.orig.l3protonum; - if (!test_bit(ATTR_ORIG_L3PROTO, ct->set)) { + if (!test_bit(ATTR_ORIG_L3PROTO, ct->head.set)) { errno = EINVAL; return -1; } @@ -416,48 +416,43 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags); - if (test_bit(ATTR_ORIG_IPV4_SRC, ct->set) || - test_bit(ATTR_ORIG_IPV4_DST, ct->set) || - test_bit(ATTR_ORIG_IPV6_SRC, ct->set) || - test_bit(ATTR_ORIG_IPV6_DST, ct->set) || - test_bit(ATTR_ORIG_PORT_SRC, ct->set) || - test_bit(ATTR_ORIG_PORT_DST, ct->set) || - test_bit(ATTR_ORIG_L3PROTO, ct->set) || - test_bit(ATTR_ORIG_L4PROTO, ct->set) || - test_bit(ATTR_ICMP_TYPE, ct->set) || - test_bit(ATTR_ICMP_CODE, ct->set) || - test_bit(ATTR_ICMP_ID, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_ORIG], - CTA_TUPLE_ORIG); - - if (test_bit(ATTR_REPL_IPV4_SRC, ct->set) || - test_bit(ATTR_REPL_IPV4_DST, ct->set) || - test_bit(ATTR_REPL_IPV6_SRC, ct->set) || - test_bit(ATTR_REPL_IPV6_DST, ct->set) || - test_bit(ATTR_REPL_PORT_SRC, ct->set) || - test_bit(ATTR_REPL_PORT_DST, ct->set) || - test_bit(ATTR_REPL_L3PROTO, ct->set) || - test_bit(ATTR_REPL_L4PROTO, ct->set) || - test_bit(ATTR_ICMP_TYPE, ct->set) || - test_bit(ATTR_ICMP_CODE, ct->set) || - test_bit(ATTR_ICMP_ID, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_REPL], - CTA_TUPLE_REPLY); - - if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) || - test_bit(ATTR_MASTER_IPV4_DST, ct->set) || - test_bit(ATTR_MASTER_IPV6_SRC, ct->set) || - test_bit(ATTR_MASTER_IPV6_DST, ct->set) || - test_bit(ATTR_MASTER_PORT_SRC, ct->set) || - test_bit(ATTR_MASTER_PORT_DST, ct->set) || - test_bit(ATTR_MASTER_L3PROTO, ct->set) || - test_bit(ATTR_MASTER_L4PROTO, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_MASTER], CTA_TUPLE_MASTER); - - if (test_bit(ATTR_STATUS, ct->set)) + if (test_bit(ATTR_ORIG_IPV4_SRC, ct->head.set) || + test_bit(ATTR_ORIG_IPV4_DST, ct->head.set) || + test_bit(ATTR_ORIG_IPV6_SRC, ct->head.set) || + test_bit(ATTR_ORIG_IPV6_DST, ct->head.set) || + test_bit(ATTR_ORIG_PORT_SRC, ct->head.set) || + test_bit(ATTR_ORIG_PORT_DST, ct->head.set) || + test_bit(ATTR_ORIG_L3PROTO, ct->head.set) || + test_bit(ATTR_ORIG_L4PROTO, ct->head.set) || + test_bit(ATTR_ICMP_TYPE, ct->head.set) || + test_bit(ATTR_ICMP_CODE, ct->head.set) || + test_bit(ATTR_ICMP_ID, ct->head.set)) + __build_tuple(req, size, &ct->head.orig, CTA_TUPLE_ORIG); + + if (test_bit(ATTR_REPL_IPV4_SRC, ct->head.set) || + test_bit(ATTR_REPL_IPV4_DST, ct->head.set) || + test_bit(ATTR_REPL_IPV6_SRC, ct->head.set) || + test_bit(ATTR_REPL_IPV6_DST, ct->head.set) || + test_bit(ATTR_REPL_PORT_SRC, ct->head.set) || + test_bit(ATTR_REPL_PORT_DST, ct->head.set) || + test_bit(ATTR_REPL_L3PROTO, ct->head.set) || + test_bit(ATTR_REPL_L4PROTO, ct->head.set) || + test_bit(ATTR_ICMP_TYPE, ct->head.set) || + test_bit(ATTR_ICMP_CODE, ct->head.set) || + test_bit(ATTR_ICMP_ID, ct->head.set)) + __build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY); + + if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) || + test_bit(ATTR_MASTER_IPV4_DST, ct->head.set) || + test_bit(ATTR_MASTER_IPV6_SRC, ct->head.set) || + test_bit(ATTR_MASTER_IPV6_DST, ct->head.set) || + test_bit(ATTR_MASTER_PORT_SRC, ct->head.set) || + test_bit(ATTR_MASTER_PORT_DST, ct->head.set) || + test_bit(ATTR_MASTER_L3PROTO, ct->head.set) || + test_bit(ATTR_MASTER_L4PROTO, ct->head.set)) + __build_tuple(req, size, &ct->master, CTA_TUPLE_MASTER); + + if (test_bit(ATTR_STATUS, ct->head.set)) __build_status(req, size, ct); else { /* build IPS_CONFIRMED if we're creating a new conntrack */ @@ -465,47 +460,47 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, __build_status(req, size, ct); } - if (test_bit(ATTR_TIMEOUT, ct->set)) + if (test_bit(ATTR_TIMEOUT, ct->head.set)) __build_timeout(req, size, ct); - if (test_bit(ATTR_MARK, ct->set)) + if (test_bit(ATTR_MARK, ct->head.set)) __build_mark(req, size, ct); - if (test_bit(ATTR_SECMARK, ct->set)) + if (test_bit(ATTR_SECMARK, ct->head.set)) __build_secmark(req, size, ct); __build_protoinfo(req, size, ct); - if (test_bit(ATTR_SNAT_IPV4, ct->set) && - test_bit(ATTR_SNAT_PORT, ct->set)) + if (test_bit(ATTR_SNAT_IPV4, ct->head.set) && + test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat(req, size, ct); - else if (test_bit(ATTR_SNAT_IPV4, ct->set)) + else if (test_bit(ATTR_SNAT_IPV4, ct->head.set)) __build_snat_ipv4(req, size, ct); - else if (test_bit(ATTR_SNAT_PORT, ct->set)) + else if (test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat_port(req, size, ct); - if (test_bit(ATTR_DNAT_IPV4, ct->set) && - test_bit(ATTR_DNAT_PORT, ct->set)) + if (test_bit(ATTR_DNAT_IPV4, ct->head.set) && + test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat(req, size, ct); - else if (test_bit(ATTR_DNAT_IPV4, ct->set)) + else if (test_bit(ATTR_DNAT_IPV4, ct->head.set)) __build_dnat_ipv4(req, size, ct); - else if (test_bit(ATTR_DNAT_PORT, ct->set)) + else if (test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat_port(req, size, ct); - if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set) && - test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set) && - test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set)) + if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set) && + test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set) && + test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set)) __build_nat_seq_adj(req, size, ct, __DIR_ORIG); - if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set) && - test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set) && - test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set)) + if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set) && + test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set) && + test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set)) __build_nat_seq_adj(req, size, ct, __DIR_REPL); - if (test_bit(ATTR_HELPER_NAME, ct->set)) + if (test_bit(ATTR_HELPER_NAME, ct->head.set)) __build_helper_name(req, size, ct); - if (test_bit(ATTR_ZONE, ct->set)) + if (test_bit(ATTR_ZONE, ct->head.set)) __build_zone(req, size, ct); return 0; diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index cc0afc9..f94f1b9 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -17,10 +17,10 @@ static int __cmp(int attr, const struct nf_conntrack *ct2, unsigned int flags)) { - if (test_bit(attr, ct1->set) && test_bit(attr, ct2->set)) { + if (test_bit(attr, ct1->head.set) && test_bit(attr, ct2->head.set)) { return cmp(ct1, ct2, flags); } else if (flags & NFCT_CMP_MASK && - test_bit(attr, ct1->set)) { + test_bit(attr, ct1->head.set)) { return 0; } else if (flags & NFCT_CMP_STRICT) { return 0; @@ -33,8 +33,7 @@ cmp_orig_l3proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l3protonum == - ct2->tuple[__DIR_ORIG].l3protonum); + return (ct1->head.orig.l3protonum == ct2->head.orig.l3protonum); } static int @@ -42,8 +41,7 @@ cmp_icmp_id(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4src.icmp.id == - ct2->tuple[__DIR_ORIG].l4src.icmp.id); + return (ct1->head.orig.l4src.icmp.id == ct2->head.orig.l4src.icmp.id); } static int @@ -51,8 +49,8 @@ cmp_icmp_type(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.icmp.type == - ct2->tuple[__DIR_ORIG].l4dst.icmp.type); + return (ct1->head.orig.l4dst.icmp.type == + ct2->head.orig.l4dst.icmp.type); } static int @@ -60,8 +58,8 @@ cmp_icmp_code(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.icmp.code == - ct2->tuple[__DIR_ORIG].l4dst.icmp.code); + return (ct1->head.orig.l4dst.icmp.code == + ct2->head.orig.l4dst.icmp.code); } static int @@ -69,8 +67,7 @@ cmp_orig_port_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4src.all == - ct2->tuple[__DIR_ORIG].l4src.all); + return (ct1->head.orig.l4src.all == ct2->head.orig.l4src.all); } static int @@ -78,8 +75,7 @@ cmp_orig_port_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.all == - ct2->tuple[__DIR_ORIG].l4dst.all); + return (ct1->head.orig.l4dst.all == ct2->head.orig.l4dst.all); } static int @@ -87,10 +83,10 @@ cmp_orig_l4proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - if (ct1->tuple[__DIR_ORIG].protonum != ct2->tuple[__DIR_ORIG].protonum) + if (ct1->head.orig.protonum != ct2->head.orig.protonum) return 0; - switch(ct1->tuple[__DIR_ORIG].protonum) { + switch(ct1->head.orig.protonum) { case IPPROTO_ICMP: case IPPROTO_ICMPV6: if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id)) @@ -121,22 +117,21 @@ cmp_orig_ipv4_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].src.v4 == ct2->tuple[__DIR_ORIG].src.v4);} + return (ct1->head.orig.src.v4 == ct2->head.orig.src.v4);} static int cmp_orig_ipv4_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].dst.v4 == ct2->tuple[__DIR_ORIG].dst.v4);} + return (ct1->head.orig.dst.v4 == ct2->head.orig.dst.v4);} static int cmp_orig_ipv6_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_ORIG].src.v6, - &ct2->tuple[__DIR_ORIG].src.v6, + return (memcmp(&ct1->head.orig.src.v6, &ct2->head.orig.src.v6, sizeof(struct in6_addr)) == 0); } @@ -145,8 +140,7 @@ cmp_orig_ipv6_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_ORIG].dst.v6, - &ct2->tuple[__DIR_ORIG].dst.v6, + return (memcmp(&ct1->head.orig.dst.v6, &ct2->head.orig.dst.v6, sizeof(struct in6_addr)) == 0); } @@ -175,8 +169,7 @@ cmp_repl_l3proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l3protonum == - ct2->tuple[__DIR_REPL].l3protonum); + return (ct1->repl.l3protonum == ct2->repl.l3protonum); } static int @@ -184,8 +177,7 @@ cmp_repl_port_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l4src.all == - ct2->tuple[__DIR_REPL].l4src.all); + return (ct1->repl.l4src.all == ct2->repl.l4src.all); } static int @@ -193,8 +185,7 @@ cmp_repl_port_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l4dst.all == - ct2->tuple[__DIR_REPL].l4dst.all); + return (ct1->repl.l4dst.all == ct2->repl.l4dst.all); } static int @@ -202,10 +193,10 @@ cmp_repl_l4proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - if (ct1->tuple[__DIR_REPL].protonum != ct2->tuple[__DIR_REPL].protonum) + if (ct1->repl.protonum != ct2->repl.protonum) return 0; - switch(ct1->tuple[__DIR_REPL].protonum) { + switch(ct1->repl.protonum) { case IPPROTO_ICMP: case IPPROTO_ICMPV6: if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id)) @@ -236,22 +227,21 @@ cmp_repl_ipv4_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].src.v4 == ct2->tuple[__DIR_REPL].src.v4);} + return (ct1->repl.src.v4 == ct2->repl.src.v4);} static int cmp_repl_ipv4_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].dst.v4 == ct2->tuple[__DIR_REPL].dst.v4);} + return (ct1->repl.dst.v4 == ct2->repl.dst.v4);} static int cmp_repl_ipv6_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_REPL].src.v6, - &ct2->tuple[__DIR_REPL].src.v6, + return (memcmp(&ct1->repl.src.v6, &ct2->repl.src.v6, sizeof(struct in6_addr)) == 0); } @@ -260,8 +250,7 @@ cmp_repl_ipv6_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_REPL].dst.v6, - &ct2->tuple[__DIR_REPL].dst.v6, + return (memcmp(&ct1->repl.dst.v6, &ct2->repl.dst.v6, sizeof(struct in6_addr)) == 0); } diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 459741b..3c47b15 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -12,184 +12,178 @@ static void copy_attr_orig_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].src.v4 = orig->tuple[__DIR_ORIG].src.v4; + dest->head.orig.src.v4 = orig->head.orig.src.v4; } static void copy_attr_orig_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].dst.v4 = orig->tuple[__DIR_ORIG].dst.v4; + dest->head.orig.dst.v4 = orig->head.orig.dst.v4; } static void copy_attr_repl_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].src.v4 = orig->tuple[__DIR_REPL].src.v4; + dest->repl.src.v4 = orig->repl.src.v4; } static void copy_attr_repl_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].dst.v4 = orig->tuple[__DIR_REPL].dst.v4; + dest->repl.dst.v4 = orig->repl.dst.v4; } static void copy_attr_orig_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_ORIG].src, - &orig->tuple[__DIR_ORIG].src, + memcpy(&dest->head.orig.src, + &orig->head.orig.src, sizeof(union __nfct_address)); } static void copy_attr_orig_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_ORIG].dst, - &orig->tuple[__DIR_ORIG].dst, + memcpy(&dest->head.orig.dst, + &orig->head.orig.dst, sizeof(union __nfct_address)); } static void copy_attr_repl_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_REPL].src, - &orig->tuple[__DIR_REPL].src, + memcpy(&dest->repl.src, + &orig->repl.src, sizeof(union __nfct_address)); } static void copy_attr_repl_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_REPL].dst, - &orig->tuple[__DIR_REPL].dst, + memcpy(&dest->repl.dst, + &orig->repl.dst, sizeof(union __nfct_address)); } static void copy_attr_orig_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4src.all = orig->tuple[__DIR_ORIG].l4src.all; + dest->head.orig.l4src.all = orig->head.orig.l4src.all; } static void copy_attr_orig_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.all = orig->tuple[__DIR_ORIG].l4dst.all; + dest->head.orig.l4dst.all = orig->head.orig.l4dst.all; } static void copy_attr_repl_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l4src.all = orig->tuple[__DIR_REPL].l4src.all; + dest->repl.l4src.all = orig->repl.l4src.all; } static void copy_attr_repl_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l4dst.all = orig->tuple[__DIR_REPL].l4dst.all; + dest->repl.l4dst.all = orig->repl.l4dst.all; } static void copy_attr_icmp_type(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.icmp.type = - orig->tuple[__DIR_ORIG].l4dst.icmp.type; + dest->head.orig.l4dst.icmp.type = + orig->head.orig.l4dst.icmp.type; } static void copy_attr_icmp_code(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.icmp.code = - orig->tuple[__DIR_ORIG].l4dst.icmp.code; + dest->head.orig.l4dst.icmp.code = + orig->head.orig.l4dst.icmp.code; } static void copy_attr_icmp_id(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4src.icmp.id = - orig->tuple[__DIR_ORIG].l4src.icmp.id; + dest->head.orig.l4src.icmp.id = + orig->head.orig.l4src.icmp.id; } static void copy_attr_orig_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l3protonum = orig->tuple[__DIR_ORIG].l3protonum; + dest->head.orig.l3protonum = orig->head.orig.l3protonum; } static void copy_attr_repl_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l3protonum = orig->tuple[__DIR_REPL].l3protonum; + dest->repl.l3protonum = orig->repl.l3protonum; } static void copy_attr_orig_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].protonum = orig->tuple[__DIR_ORIG].protonum; + dest->head.orig.protonum = orig->head.orig.protonum; } static void copy_attr_repl_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].protonum = orig->tuple[__DIR_REPL].protonum; + dest->repl.protonum = orig->repl.protonum; } static void copy_attr_master_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].src.v4 = orig->tuple[__DIR_MASTER].src.v4; + dest->master.src.v4 = orig->master.src.v4; } static void copy_attr_master_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].dst.v4 = orig->tuple[__DIR_MASTER].dst.v4; + dest->master.dst.v4 = orig->master.dst.v4; } static void copy_attr_master_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_MASTER].src, - &orig->tuple[__DIR_MASTER].src, + memcpy(&dest->master.src, &orig->master.src, sizeof(union __nfct_address)); } static void copy_attr_master_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_MASTER].dst, - &orig->tuple[__DIR_MASTER].dst, + memcpy(&dest->master.dst, &orig->master.dst, sizeof(union __nfct_address)); } static void copy_attr_master_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l4src.all = - orig->tuple[__DIR_MASTER].l4src.all; + dest->master.l4src.all = orig->master.l4src.all; } static void copy_attr_master_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l4dst.all = - orig->tuple[__DIR_MASTER].l4dst.all; + dest->master.l4dst.all = orig->master.l4dst.all; } static void copy_attr_master_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l3protonum = - orig->tuple[__DIR_MASTER].l3protonum; + dest->master.l3protonum = orig->master.l3protonum; } static void copy_attr_master_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].protonum = - orig->tuple[__DIR_MASTER].protonum; + dest->master.protonum = orig->master.protonum; } static void copy_attr_tcp_state(struct nf_conntrack *dest, @@ -365,43 +359,43 @@ static void copy_attr_id(struct nf_conntrack *dest, static void copy_attr_orig_cor_pos(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.correction_pos = - orig->tuple[__DIR_ORIG].natseq.correction_pos; + dest->natseq[__DIR_ORIG].correction_pos = + orig->natseq[__DIR_ORIG].correction_pos; } static void copy_attr_orig_off_bfr(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.offset_before = - orig->tuple[__DIR_ORIG].natseq.offset_before; + dest->natseq[__DIR_ORIG].offset_before = + orig->natseq[__DIR_ORIG].offset_before; } static void copy_attr_orig_off_aft(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.offset_after = - orig->tuple[__DIR_ORIG].natseq.offset_after; + dest->natseq[__DIR_ORIG].offset_after = + orig->natseq[__DIR_ORIG].offset_after; } static void copy_attr_repl_cor_pos(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.correction_pos = - orig->tuple[__DIR_REPL].natseq.correction_pos; + dest->natseq[__DIR_REPL].correction_pos = + orig->natseq[__DIR_REPL].correction_pos; } static void copy_attr_repl_off_bfr(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.offset_before = - orig->tuple[__DIR_REPL].natseq.offset_before; + dest->natseq[__DIR_REPL].offset_before = + orig->natseq[__DIR_REPL].offset_before; } static void copy_attr_repl_off_aft(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.offset_after = - orig->tuple[__DIR_REPL].natseq.offset_after; + dest->natseq[__DIR_REPL].offset_after = + orig->natseq[__DIR_REPL].offset_after; } static void copy_attr_helper_name(struct nf_conntrack *dest, diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c index c94fe2e..5e0a450 100644 --- a/src/conntrack/getter.c +++ b/src/conntrack/getter.c @@ -11,137 +11,137 @@ static const void *get_attr_orig_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].src.v4; + return &ct->head.orig.src.v4; } static const void *get_attr_orig_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].dst.v4; + return &ct->head.orig.dst.v4; } static const void *get_attr_repl_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].src.v4; + return &ct->repl.src.v4; } static const void *get_attr_repl_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].dst.v4; + return &ct->repl.dst.v4; } static const void *get_attr_orig_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].src.v6; + return &ct->head.orig.src.v6; } static const void *get_attr_orig_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].dst.v6; + return &ct->head.orig.dst.v6; } static const void *get_attr_repl_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].src.v6; + return &ct->repl.src.v6; } static const void *get_attr_repl_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].dst.v6; + return &ct->repl.dst.v6; } static const void *get_attr_orig_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4src.all; + return &ct->head.orig.l4src.all; } static const void *get_attr_orig_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.all; + return &ct->head.orig.l4dst.all; } static const void *get_attr_repl_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l4src.all; + return &ct->repl.l4src.all; } static const void *get_attr_repl_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l4dst.all; + return &ct->repl.l4dst.all; } static const void *get_attr_icmp_type(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.icmp.type; + return &ct->head.orig.l4dst.icmp.type; } static const void *get_attr_icmp_code(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.icmp.code; + return &ct->head.orig.l4dst.icmp.code; } static const void *get_attr_icmp_id(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4src.icmp.id; + return &ct->head.orig.l4src.icmp.id; } static const void *get_attr_orig_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l3protonum; + return &ct->head.orig.l3protonum; } static const void *get_attr_repl_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l3protonum; + return &ct->repl.l3protonum; } static const void *get_attr_orig_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].protonum; + return &ct->head.orig.protonum; } static const void *get_attr_repl_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].protonum; + return &ct->repl.protonum; } static const void *get_attr_master_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].src.v4; + return &ct->master.src.v4; } static const void *get_attr_master_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].dst.v4; + return &ct->master.dst.v4; } static const void *get_attr_master_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].src.v6; + return &ct->master.src.v6; } static const void *get_attr_master_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].dst.v6; + return &ct->master.dst.v6; } static const void *get_attr_master_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l4src.all; + return &ct->master.l4src.all; } static const void *get_attr_master_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l4dst.all; + return &ct->master.l4dst.all; } static const void *get_attr_master_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l3protonum; + return &ct->master.l3protonum; } static const void *get_attr_master_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].protonum; + return &ct->master.protonum; } static const void *get_attr_tcp_state(const struct nf_conntrack *ct) @@ -266,32 +266,32 @@ static const void *get_attr_id(const struct nf_conntrack *ct) static const void *get_attr_orig_cor_pos(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.correction_pos; + return &ct->natseq[__DIR_ORIG].correction_pos; } static const void *get_attr_orig_off_bfr(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.offset_before; + return &ct->natseq[__DIR_ORIG].offset_before; } static const void *get_attr_orig_off_aft(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.offset_after; + return &ct->natseq[__DIR_ORIG].offset_after; } static const void *get_attr_repl_cor_pos(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.correction_pos; + return &ct->natseq[__DIR_REPL].correction_pos; } static const void *get_attr_repl_off_bfr(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.offset_before; + return &ct->natseq[__DIR_REPL].offset_before; } static const void *get_attr_repl_off_aft(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.offset_after; + return &ct->natseq[__DIR_REPL].offset_after; } static const void *get_attr_helper_name(const struct nf_conntrack *ct) diff --git a/src/conntrack/grp_getter.c b/src/conntrack/grp_getter.c index db5b67d..a8d43cf 100644 --- a/src/conntrack/grp_getter.c +++ b/src/conntrack/grp_getter.c @@ -12,72 +12,72 @@ static void get_attr_grp_orig_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_ORIG].src.v4; - this->dst = ct->tuple[__DIR_ORIG].dst.v4; + this->src = ct->head.orig.src.v4; + this->dst = ct->head.orig.dst.v4; } static void get_attr_grp_repl_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_REPL].src.v4; - this->dst = ct->tuple[__DIR_REPL].dst.v4; + this->src = ct->repl.src.v4; + this->dst = ct->repl.dst.v4; } static void get_attr_grp_orig_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_ORIG].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_ORIG].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->head.orig.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->head.orig.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_repl_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_REPL].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_REPL].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->repl.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->repl.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_orig_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_ORIG].l4src.all; - this->dport = ct->tuple[__DIR_ORIG].l4dst.all; + this->sport = ct->head.orig.l4src.all; + this->dport = ct->head.orig.l4dst.all; } static void get_attr_grp_repl_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_REPL].l4src.all; - this->dport = ct->tuple[__DIR_REPL].l4dst.all; + this->sport = ct->repl.l4src.all; + this->dport = ct->repl.l4dst.all; } static void get_attr_grp_icmp(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_icmp *this = data; - this->type = ct->tuple[__DIR_ORIG].l4dst.icmp.type; - this->code = ct->tuple[__DIR_ORIG].l4dst.icmp.code; - this->id = ct->tuple[__DIR_ORIG].l4src.icmp.id; + this->type = ct->head.orig.l4dst.icmp.type; + this->code = ct->head.orig.l4dst.icmp.code; + this->id = ct->head.orig.l4src.icmp.id; } static void get_attr_grp_master_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_MASTER].src.v4; - this->dst = ct->tuple[__DIR_MASTER].dst.v4; + this->src = ct->master.src.v4; + this->dst = ct->master.dst.v4; } static void get_attr_grp_master_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_MASTER].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_MASTER].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->master.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->master.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_master_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_MASTER].l4src.all; - this->dport = ct->tuple[__DIR_MASTER].l4dst.all; + this->sport = ct->master.l4src.all; + this->dport = ct->master.l4dst.all; } static void get_attr_grp_orig_ctrs(const struct nf_conntrack *ct, void *data) diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c index 324aa4c..0492a84 100644 --- a/src/conntrack/grp_setter.c +++ b/src/conntrack/grp_setter.c @@ -40,47 +40,47 @@ static const u_int8_t invmap_icmpv6[] = { static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_ORIG].src.v4 = this->src; - ct->tuple[__DIR_ORIG].dst.v4 = this->dst; - ct->tuple[__DIR_ORIG].l3protonum = AF_INET; + ct->head.orig.src.v4 = this->src; + ct->head.orig.dst.v4 = this->dst; + ct->head.orig.l3protonum = AF_INET; } static void set_attr_grp_repl_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_REPL].src.v4 = this->src; - ct->tuple[__DIR_REPL].dst.v4 = this->dst; - ct->tuple[__DIR_REPL].l3protonum = AF_INET; + ct->repl.src.v4 = this->src; + ct->repl.dst.v4 = this->dst; + ct->repl.l3protonum = AF_INET; } static void set_attr_grp_orig_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_ORIG].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_ORIG].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_ORIG].l3protonum = AF_INET6; + memcpy(&ct->head.orig.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->head.orig.l3protonum = AF_INET6; } static void set_attr_grp_repl_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_REPL].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_REPL].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_REPL].l3protonum = AF_INET6; + memcpy(&ct->repl.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->repl.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->repl.l3protonum = AF_INET6; } static void set_attr_grp_orig_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_ORIG].l4src.all = this->sport; - ct->tuple[__DIR_ORIG].l4dst.all = this->dport; + ct->head.orig.l4src.all = this->sport; + ct->head.orig.l4dst.all = this->dport; } static void set_attr_grp_repl_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_REPL].l4src.all = this->sport; - ct->tuple[__DIR_REPL].l4dst.all = this->dport; + ct->repl.l4src.all = this->sport; + ct->repl.l4dst.all = this->dport; } static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) @@ -88,9 +88,9 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) u_int8_t rtype; const struct nfct_attr_grp_icmp *this = value; - ct->tuple[__DIR_ORIG].l4dst.icmp.type = this->type; + ct->head.orig.l4dst.icmp.type = this->type; - switch(ct->tuple[__DIR_ORIG].l3protonum) { + switch(ct->head.orig.l3protonum) { case AF_INET: rtype = invmap_icmp[this->type]; break; @@ -104,38 +104,38 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) } if (rtype) - ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1; + ct->repl.l4dst.icmp.type = rtype - 1; else - ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* -EINVAL */ + ct->repl.l4dst.icmp.type = 255; /* -EINVAL */ - ct->tuple[__DIR_ORIG].l4dst.icmp.code = this->code; - ct->tuple[__DIR_REPL].l4dst.icmp.code = this->code; + ct->head.orig.l4dst.icmp.code = this->code; + ct->repl.l4dst.icmp.code = this->code; - ct->tuple[__DIR_ORIG].l4src.icmp.id = this->id; - ct->tuple[__DIR_REPL].l4src.icmp.id = this->id; + ct->head.orig.l4src.icmp.id = this->id; + ct->repl.l4src.icmp.id = this->id; } static void set_attr_grp_master_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_MASTER].src.v4 = this->src; - ct->tuple[__DIR_MASTER].dst.v4 = this->dst; - ct->tuple[__DIR_MASTER].l3protonum = AF_INET; + ct->master.src.v4 = this->src; + ct->master.dst.v4 = this->dst; + ct->master.l3protonum = AF_INET; } static void set_attr_grp_master_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_MASTER].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_MASTER].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_MASTER].l3protonum = AF_INET6; + memcpy(&ct->master.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->master.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->master.l3protonum = AF_INET6; } static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_MASTER].l4src.all = this->sport; - ct->tuple[__DIR_MASTER].l4dst.all = this->dport; + ct->master.l4src.all = this->sport; + ct->master.l4dst.all = this->dport; } static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value) diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index d2035fb..5898746 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -11,27 +11,34 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) { - int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG; + struct __nfct_tuple *this = NULL, *other = NULL; - ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum; - ct->tuple[dir].protonum = ct->tuple[other].protonum; + switch(dir) { + case __DIR_ORIG: + this = &ct->head.orig; + other = &ct->repl; + break; + case __DIR_REPL: + this = &ct->repl; + other = &ct->head.orig; + break; + } + + this->l3protonum = other->l3protonum; + this->protonum = other->protonum; - memcpy(&ct->tuple[dir].src.v6, - &ct->tuple[other].dst.v6, - sizeof(union __nfct_address)); - memcpy(&ct->tuple[dir].dst.v6, - &ct->tuple[other].src.v6, - sizeof(union __nfct_address)); + memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address)); + memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address)); - switch(ct->tuple[dir].protonum) { + switch(this->protonum) { case IPPROTO_UDP: case IPPROTO_TCP: case IPPROTO_SCTP: case IPPROTO_DCCP: case IPPROTO_GRE: case IPPROTO_UDPLITE: - ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; - ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; + this->l4src.all = other->l4dst.all; + this->l4dst.all = other->l4src.all; break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: @@ -40,41 +47,41 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) } /* XXX: this is safe but better convert bitset to uint64_t */ - ct->set[0] |= TS_ORIG | TS_REPL; + ct->head.set[0] |= TS_ORIG | TS_REPL; } static void setobjopt_undo_snat(struct nf_conntrack *ct) { - ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4; + ct->snat.min_ip = ct->repl.dst.v4; ct->snat.max_ip = ct->snat.min_ip; - ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4; - set_bit(ATTR_SNAT_IPV4, ct->set); + ct->repl.dst.v4 = ct->head.orig.src.v4; + set_bit(ATTR_SNAT_IPV4, ct->head.set); } static void setobjopt_undo_dnat(struct nf_conntrack *ct) { - ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4; + ct->dnat.min_ip = ct->repl.src.v4; ct->dnat.max_ip = ct->dnat.min_ip; - ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4; - set_bit(ATTR_DNAT_IPV4, ct->set); + ct->repl.src.v4 = ct->head.orig.dst.v4; + set_bit(ATTR_DNAT_IPV4, ct->head.set); } static void setobjopt_undo_spat(struct nf_conntrack *ct) { - ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port; + ct->snat.l4min.all = ct->repl.l4dst.tcp.port; ct->snat.l4max.all = ct->snat.l4min.all; - ct->tuple[__DIR_REPL].l4dst.tcp.port = - ct->tuple[__DIR_ORIG].l4src.tcp.port; - set_bit(ATTR_SNAT_PORT, ct->set); + ct->repl.l4dst.tcp.port = + ct->head.orig.l4src.tcp.port; + set_bit(ATTR_SNAT_PORT, ct->head.set); } static void setobjopt_undo_dpat(struct nf_conntrack *ct) { - ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port; + ct->dnat.l4min.all = ct->repl.l4src.tcp.port; ct->dnat.l4max.all = ct->dnat.l4min.all; - ct->tuple[__DIR_REPL].l4src.tcp.port = - ct->tuple[__DIR_ORIG].l4dst.tcp.port; - set_bit(ATTR_DNAT_PORT, ct->set); + ct->repl.l4src.tcp.port = + ct->head.orig.l4dst.tcp.port; + set_bit(ATTR_DNAT_PORT, ct->head.set); } static void setobjopt_setup_orig(struct nf_conntrack *ct) @@ -107,34 +114,34 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option) static int getobjopt_is_snat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].dst.v4 != - ct->tuple[__DIR_ORIG].src.v4); + ct->repl.dst.v4 != + ct->head.orig.src.v4); } static int getobjopt_is_dnat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].src.v4 != - ct->tuple[__DIR_ORIG].dst.v4); + ct->repl.src.v4 != + ct->head.orig.dst.v4); } static int getobjopt_is_spat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4dst.tcp.port != - ct->tuple[__DIR_ORIG].l4src.tcp.port); + ct->repl.l4dst.tcp.port != + ct->head.orig.l4src.tcp.port); } static int getobjopt_is_dpat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4src.tcp.port != - ct->tuple[__DIR_ORIG].l4dst.tcp.port); + ct->repl.l4src.tcp.port != + ct->head.orig.l4dst.tcp.port); } static const getobjopt getobjopt_array[__NFCT_GOPT_MAX] = { diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index cb2a8dc..b9f9a99 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -199,37 +199,37 @@ static void __parse_protoinfo_tcp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_TCP_STATE-1]) { ct->protoinfo.tcp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); - set_bit(ATTR_TCP_STATE, ct->set); + set_bit(ATTR_TCP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]) { memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG], NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]), sizeof(u_int8_t)); - set_bit(ATTR_TCP_WSCALE_ORIG, ct->set); + set_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]) { memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL], NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]), sizeof(u_int8_t)); - set_bit(ATTR_TCP_WSCALE_REPL, ct->set); + set_bit(ATTR_TCP_WSCALE_REPL, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) { memcpy(&ct->protoinfo.tcp.flags[0], NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]), sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_ORIG, ct->set); - set_bit(ATTR_TCP_MASK_ORIG, ct->set); + set_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set); + set_bit(ATTR_TCP_MASK_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) { memcpy(&ct->protoinfo.tcp.flags[1], NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]), sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_REPL, ct->set); - set_bit(ATTR_TCP_MASK_REPL, ct->set); + set_bit(ATTR_TCP_FLAGS_REPL, ct->head.set); + set_bit(ATTR_TCP_MASK_REPL, ct->head.set); } } @@ -243,19 +243,19 @@ static void __parse_protoinfo_sctp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_SCTP_STATE-1]) { ct->protoinfo.sctp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_STATE-1]); - set_bit(ATTR_SCTP_STATE, ct->set); + set_bit(ATTR_SCTP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1]) { ct->protoinfo.sctp.vtag[__DIR_ORIG] = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1])); - set_bit(ATTR_SCTP_VTAG_ORIG, ct->set); + set_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1]) { ct->protoinfo.sctp.vtag[__DIR_REPL] = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1])); - set_bit(ATTR_SCTP_VTAG_REPL, ct->set); + set_bit(ATTR_SCTP_VTAG_REPL, ct->head.set); } } @@ -270,12 +270,12 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_DCCP_STATE-1]) { ct->protoinfo.dccp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]); - set_bit(ATTR_DCCP_STATE, ct->set); + set_bit(ATTR_DCCP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) { ct->protoinfo.dccp.role = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]); - set_bit(ATTR_DCCP_ROLE, ct->set); + set_bit(ATTR_DCCP_ROLE, ct->head.set); } if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]) { u_int64_t tmp; @@ -283,7 +283,7 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr, NFA_DATA(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]), sizeof(tmp)); ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp); - set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set); + set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set); } } @@ -328,10 +328,10 @@ static void __parse_counters(const struct nfattr *attr, switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set); + set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_PACKETS, ct->set); + set_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set); break; } } @@ -352,10 +352,10 @@ static void __parse_counters(const struct nfattr *attr, switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_BYTES, ct->set); + set_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_BYTES, ct->set); + set_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set); break; } } @@ -369,40 +369,40 @@ __parse_nat_seq(const struct nfattr *attr, struct nf_conntrack *ct, int dir) nfnl_parse_nested(tb, CTA_NAT_SEQ_MAX, attr); if (tb[CTA_NAT_SEQ_CORRECTION_POS-1]) { - ct->tuple[dir].natseq.correction_pos = - ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1])); + ct->natseq[dir].correction_pos = + ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set); break; } } if (tb[CTA_NAT_SEQ_OFFSET_BEFORE-1]) { - ct->tuple[dir].natseq.offset_before = + ct->natseq[dir].offset_before = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_BEFORE-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set); break; } } if (tb[CTA_NAT_SEQ_OFFSET_AFTER-1]) { - ct->tuple[dir].natseq.offset_after = + ct->natseq[dir].offset_after = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_AFTER-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set); break; } } @@ -421,7 +421,7 @@ __parse_helper(const struct nfattr *attr, struct nf_conntrack *ct) NFA_DATA(tb[CTA_HELP_NAME-1]), NFCT_HELPER_NAME_MAX); ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0'; - set_bit(ATTR_HELPER_NAME, ct->set); + set_bit(ATTR_HELPER_NAME, ct->head.set); } static void @@ -435,7 +435,7 @@ __parse_secctx(const struct nfattr *attr, struct nf_conntrack *ct) ct->secctx = strdup(NFA_DATA(tb[CTA_SECCTX_NAME-1])); if (ct->secctx) - set_bit(ATTR_SECCTX, ct->set); + set_bit(ATTR_SECCTX, ct->head.set); } int __parse_message_type(const struct nlmsghdr *nlh) @@ -465,13 +465,13 @@ __parse_timestamp(const struct nfattr *attr, struct nf_conntrack *ct) u_int64_t tmp; memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_START-1]), sizeof(tmp)); ct->timestamp.start = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_START, ct->set); + set_bit(ATTR_TIMESTAMP_START, ct->head.set); } if (tb[CTA_TIMESTAMP_STOP-1]) { u_int64_t tmp; memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_STOP-1]), sizeof(tmp)); ct->timestamp.stop = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_STOP, ct->set); + set_bit(ATTR_TIMESTAMP_STOP, ct->head.set); } } @@ -482,27 +482,27 @@ void __parse_conntrack(const struct nlmsghdr *nlh, struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); if (cda[CTA_TUPLE_ORIG-1]) { - ct->tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, ct->set); + ct->head.orig.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_ORIG_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_ORIG-1], - &ct->tuple[__DIR_ORIG], __DIR_ORIG, ct->set); + &ct->head.orig, __DIR_ORIG, ct->head.set); } if (cda[CTA_TUPLE_REPLY-1]) { - ct->tuple[__DIR_REPL].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_REPL_L3PROTO, ct->set); + ct->repl.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_REPL_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_REPLY-1], - &ct->tuple[__DIR_REPL], __DIR_REPL, ct->set); + &ct->repl, __DIR_REPL, ct->head.set); } if (cda[CTA_TUPLE_MASTER-1]) { - ct->tuple[__DIR_MASTER].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_MASTER_L3PROTO, ct->set); + ct->master.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_MASTER_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_MASTER-1], - &ct->tuple[__DIR_MASTER], __DIR_MASTER, ct->set); + &ct->master, __DIR_MASTER, ct->head.set); } if (cda[CTA_NAT_SEQ_ADJ_ORIG-1]) @@ -513,7 +513,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_STATUS-1]) { ct->status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1])); - set_bit(ATTR_STATUS, ct->set); + set_bit(ATTR_STATUS, ct->head.set); } if (cda[CTA_PROTOINFO-1]) @@ -521,17 +521,17 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_TIMEOUT-1]) { ct->timeout = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1])); - set_bit(ATTR_TIMEOUT, ct->set); + set_bit(ATTR_TIMEOUT, ct->head.set); } if (cda[CTA_MARK-1]) { ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); - set_bit(ATTR_MARK, ct->set); + set_bit(ATTR_MARK, ct->head.set); } if (cda[CTA_SECMARK-1]) { ct->secmark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_SECMARK-1])); - set_bit(ATTR_SECMARK, ct->set); + set_bit(ATTR_SECMARK, ct->head.set); } if (cda[CTA_COUNTERS_ORIG-1]) @@ -542,12 +542,12 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_USE-1]) { ct->use = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_USE-1])); - set_bit(ATTR_USE, ct->set); + set_bit(ATTR_USE, ct->head.set); } if (cda[CTA_ID-1]) { ct->id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_ID-1])); - set_bit(ATTR_ID, ct->set); + set_bit(ATTR_ID, ct->head.set); } if (cda[CTA_HELP-1]) @@ -555,7 +555,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_ZONE-1]) { ct->zone = ntohs(*(u_int16_t *)NFA_DATA(cda[CTA_ZONE-1])); - set_bit(ATTR_ZONE, ct->set); + set_bit(ATTR_ZONE, ct->head.set); } if (cda[CTA_SECCTX-1]) diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 3969859..626d4df 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -39,71 +39,71 @@ static const u_int8_t invmap_icmpv6[] = { static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].src.v4 = *((u_int32_t *) value); + ct->head.orig.src.v4 = *((u_int32_t *) value); } static void set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].dst.v4 = *((u_int32_t *) value); + ct->head.orig.dst.v4 = *((u_int32_t *) value); } static void set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].src.v4 = *((u_int32_t *) value); + ct->repl.src.v4 = *((u_int32_t *) value); } static void set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].dst.v4 = *((u_int32_t *) value); + ct->repl.dst.v4 = *((u_int32_t *) value); } static void set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_ORIG].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_ORIG].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_REPL].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->repl.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_REPL].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->repl.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_orig_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4src.all = *((u_int16_t *) value); + ct->head.orig.l4src.all = *((u_int16_t *) value); } static void set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4dst.all = *((u_int16_t *) value); + ct->head.orig.l4dst.all = *((u_int16_t *) value); } static void set_attr_repl_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l4src.all = *((u_int16_t *) value); + ct->repl.l4src.all = *((u_int16_t *) value); } static void set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l4dst.all = *((u_int16_t *) value); + ct->repl.l4dst.all = *((u_int16_t *) value); } static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value) { u_int8_t rtype; - ct->tuple[__DIR_ORIG].l4dst.icmp.type = *((u_int8_t *) value); + ct->head.orig.l4dst.icmp.type = *((u_int8_t *) value); - switch(ct->tuple[__DIR_ORIG].l3protonum) { + switch(ct->head.orig.l3protonum) { case AF_INET: rtype = invmap_icmp[*((u_int8_t *) value)]; break; @@ -117,42 +117,42 @@ static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value) } if (rtype) - ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1; + ct->repl.l4dst.icmp.type = rtype - 1; else - ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* will fail with -EINVAL */ + ct->repl.l4dst.icmp.type = 255; /* will fail with -EINVAL */ } static void set_attr_icmp_code(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4dst.icmp.code = *((u_int8_t *) value); - ct->tuple[__DIR_REPL].l4dst.icmp.code = *((u_int8_t *) value); + ct->head.orig.l4dst.icmp.code = *((u_int8_t *) value); + ct->repl.l4dst.icmp.code = *((u_int8_t *) value); } static void set_attr_icmp_id(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4src.icmp.id = *((u_int16_t *) value); - ct->tuple[__DIR_REPL].l4src.icmp.id = *((u_int16_t *) value); + ct->head.orig.l4src.icmp.id = *((u_int16_t *) value); + ct->repl.l4src.icmp.id = *((u_int16_t *) value); } static void set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l3protonum = *((u_int8_t *) value); + ct->head.orig.l3protonum = *((u_int8_t *) value); } static void set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l3protonum = *((u_int8_t *) value); + ct->repl.l3protonum = *((u_int8_t *) value); } static void set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].protonum = *((u_int8_t *) value); + ct->head.orig.protonum = *((u_int8_t *) value); } static void set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].protonum = *((u_int8_t *) value); + ct->repl.protonum = *((u_int8_t *) value); } static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value) @@ -242,72 +242,72 @@ static void set_attr_id(struct nf_conntrack *ct, const void *value) static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value); + ct->master.src.v4 = *((u_int32_t *) value); } static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value); + ct->master.dst.v4 = *((u_int32_t *) value); } static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->master.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->master.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value); + ct->master.l4src.all = *((u_int16_t *) value); } static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value); + ct->master.l4dst.all = *((u_int16_t *) value); } static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value); + ct->master.l3protonum = *((u_int8_t *) value); } static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value); + ct->master.protonum = *((u_int8_t *) value); } static void set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.correction_pos = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].correction_pos = *((u_int32_t *) value); } static void set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.offset_before = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].offset_before = *((u_int32_t *) value); } static void set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.offset_after = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].offset_after = *((u_int32_t *) value); } static void set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.correction_pos = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].correction_pos = *((u_int32_t *) value); } static void set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.offset_before = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].offset_before = *((u_int32_t *) value); } static void set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.offset_after = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].offset_after = *((u_int32_t *) value); } static void set_attr_helper_name(struct nf_conntrack *ct, const void *value) diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c index 158e404..206b9c0 100644 --- a/src/conntrack/snprintf_default.c +++ b/src/conntrack/snprintf_default.c @@ -14,9 +14,9 @@ static int __snprintf_l3protocol(char *buf, const struct nf_conntrack *ct) { return (snprintf(buf, len, "%-8s %u ", - l3proto2str[ct->tuple[__DIR_ORIG].l3protonum] == NULL ? - "unknown" : l3proto2str[ct->tuple[__DIR_ORIG].l3protonum], - ct->tuple[__DIR_ORIG].l3protonum)); + l3proto2str[ct->head.orig.l3protonum] == NULL ? + "unknown" : l3proto2str[ct->head.orig.l3protonum], + ct->head.orig.l3protonum)); } int __snprintf_protocol(char *buf, @@ -24,9 +24,9 @@ int __snprintf_protocol(char *buf, const struct nf_conntrack *ct) { return (snprintf(buf, len, "%-8s %u ", - proto2str[ct->tuple[__DIR_ORIG].protonum] == NULL ? - "unknown" : proto2str[ct->tuple[__DIR_ORIG].protonum], - ct->tuple[__DIR_ORIG].protonum)); + proto2str[ct->head.orig.protonum] == NULL ? + "unknown" : proto2str[ct->head.orig.protonum], + ct->head.orig.protonum)); } static int __snprintf_timeout(char *buf, @@ -314,103 +314,103 @@ int __snprintf_conntrack_default(char *buf, ret = __snprintf_protocol(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_TIMEOUT, ct->set)) { + if (test_bit(ATTR_TIMEOUT, ct->head.set)) { ret = __snprintf_timeout(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set)) { ret = __snprintf_protoinfo(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SCTP_STATE, ct->set)) { + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) { ret = __snprintf_protoinfo_sctp(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_DCCP_STATE, ct->set)) { + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) { ret = __snprintf_protoinfo_dccp(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &ct->head.orig, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_ORIG]); + ret = __snprintf_proto(buf+offset, len, &ct->head.orig); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) { ret = __snprintf_counters(buf+offset, len, ct, __DIR_ORIG); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set)) { + if (test_bit(ATTR_STATUS, ct->head.set)) { ret = __snprintf_status_not_seen_reply(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_REPL], + ret = __snprintf_address(buf+offset, len, &ct->repl, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_REPL]); + ret = __snprintf_proto(buf+offset, len, &ct->repl); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_REPL_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set)) { ret = __snprintf_counters(buf+offset, len, ct, __DIR_REPL); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set)) { + if (test_bit(ATTR_STATUS, ct->head.set)) { ret = __snprintf_status_assured(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_MARK, ct->set)) { + if (test_bit(ATTR_MARK, ct->head.set)) { ret = __snprintf_mark(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECMARK, ct->set)) { + if (test_bit(ATTR_SECMARK, ct->head.set)) { ret = __snprintf_secmark(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECCTX, ct->set)) { + if (test_bit(ATTR_SECCTX, ct->head.set)) { ret = __snprintf_secctx(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ZONE, ct->set)) { + if (test_bit(ATTR_ZONE, ct->head.set)) { ret = __snprintf_zone(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_delta(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } if (flags & NFCT_OF_TIMESTAMP) { - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_start(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_timestamp_stop(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } } - if (test_bit(ATTR_USE, ct->set)) { + if (test_bit(ATTR_USE, ct->head.set)) { ret = __snprintf_use(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->set)) { + if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->head.set)) { ret = __snprintf_id(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c index 72e2787..63c814a 100644 --- a/src/conntrack/snprintf_xml.c +++ b/src/conntrack/snprintf_xml.c @@ -298,8 +298,16 @@ static int __snprintf_tuple_xml(char *buf, { int ret; unsigned int size = 0, offset = 0; - const struct __nfct_tuple *tuple = &ct->tuple[dir]; + const struct __nfct_tuple *tuple = NULL; + switch(dir) { + case __DIR_ORIG: + tuple = &ct->head.orig; + break; + case __DIR_REPL: + tuple = &ct->repl; + break; + } ret = snprintf(buf, len, "<meta direction=\"%s\">", dir == __DIR_ORIG ? "original" : "reply"); BUFFER_SIZE(ret, size, len, offset); @@ -332,8 +340,8 @@ static int __snprintf_tuple_xml(char *buf, ret = snprintf(buf+offset, len, "</layer4>"); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) { ret = snprintf(buf+offset, len, "<counters>"); BUFFER_SIZE(ret, size, len, offset); @@ -382,24 +390,24 @@ int __snprintf_conntrack_xml(char *buf, ret = __snprintf_tuple_xml(buf+offset, len, ct, __DIR_REPL); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_TIMEOUT, ct->set) || - test_bit(ATTR_MARK, ct->set) || - test_bit(ATTR_SECMARK, ct->set) || - test_bit(ATTR_ZONE, ct->set) || - test_bit(ATTR_USE, ct->set) || - test_bit(ATTR_STATUS, ct->set) || - test_bit(ATTR_ID, ct->set) || - test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_TIMEOUT, ct->head.set) || + test_bit(ATTR_MARK, ct->head.set) || + test_bit(ATTR_SECMARK, ct->head.set) || + test_bit(ATTR_ZONE, ct->head.set) || + test_bit(ATTR_USE, ct->head.set) || + test_bit(ATTR_STATUS, ct->head.set) || + test_bit(ATTR_ID, ct->head.set) || + test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, "<meta direction=\"independent\">"); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "<state>%s</state>", ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ? states[ct->protoinfo.tcp.state] : @@ -407,7 +415,7 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SCTP_STATE, ct->set)) { + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "<state>%s</state>", ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ? states[ct->protoinfo.sctp.state] : @@ -415,7 +423,7 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_DCCP_STATE, ct->set)) { + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "<state>%s</state>", ct->protoinfo.sctp.state < DCCP_CONNTRACK_MAX ? states[ct->protoinfo.dccp.state] : @@ -423,97 +431,97 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMEOUT, ct->set)) { + if (test_bit(ATTR_TIMEOUT, ct->head.set)) { ret = snprintf(buf+offset, len, "<timeout>%u</timeout>", ct->timeout); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_MARK, ct->set)) { + if (test_bit(ATTR_MARK, ct->head.set)) { ret = snprintf(buf+offset, len, "<mark>%u</mark>", ct->mark); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECMARK, ct->set)) { + if (test_bit(ATTR_SECMARK, ct->head.set)) { ret = snprintf(buf+offset, len, "<secmark>%u</secmark>", ct->secmark); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECCTX, ct->set)) { + if (test_bit(ATTR_SECCTX, ct->head.set)) { ret = snprintf(buf+offset, len, "<secctx>%s</secctx>", ct->secctx); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ZONE, ct->set)) { + if (test_bit(ATTR_ZONE, ct->head.set)) { ret = snprintf(buf+offset, len, "<zone>%u</zone>", ct->zone); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_USE, ct->set)) { + if (test_bit(ATTR_USE, ct->head.set)) { ret = snprintf(buf+offset, len, "<use>%u</use>", ct->use); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ID, ct->set)) { + if (test_bit(ATTR_ID, ct->head.set)) { ret = snprintf(buf+offset, len, "<id>%u</id>", ct->id); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set) + if (test_bit(ATTR_STATUS, ct->head.set) && ct->status & IPS_ASSURED) { ret = snprintf(buf+offset, len, "<assured/>"); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set) + if (test_bit(ATTR_STATUS, ct->head.set) && !(ct->status & IPS_SEEN_REPLY)) { ret = snprintf(buf+offset, len, "<unreplied/>"); BUFFER_SIZE(ret, size, len, offset); } if (flags & NFCT_OF_TIMESTAMP) { - if (test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, "<timestamp>"); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_start(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_timestamp_stop(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, "</timestamp>"); BUFFER_SIZE(ret, size, len, offset); } } - if (test_bit(ATTR_TIMESTAMP_START, ct->set) && - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) && + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_deltatime(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); - } else if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + } else if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_deltatime_now(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_TIMEOUT, ct->set) || - test_bit(ATTR_MARK, ct->set) || - test_bit(ATTR_SECMARK, ct->set) || - test_bit(ATTR_ZONE, ct->set) || - test_bit(ATTR_USE, ct->set) || - test_bit(ATTR_STATUS, ct->set) || - test_bit(ATTR_ID, ct->set) || - test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_TIMEOUT, ct->head.set) || + test_bit(ATTR_MARK, ct->head.set) || + test_bit(ATTR_SECMARK, ct->head.set) || + test_bit(ATTR_ZONE, ct->head.set) || + test_bit(ATTR_USE, ct->head.set) || + test_bit(ATTR_STATUS, ct->head.set) || + test_bit(ATTR_ID, ct->head.set) || + test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, "</meta>"); BUFFER_SIZE(ret, size, len, offset); } diff --git a/src/expect/build.c b/src/expect/build.c index 175698a..7fefd5f 100644 --- a/src/expect/build.c +++ b/src/expect/build.c @@ -45,9 +45,9 @@ int __build_expect(struct nfnl_subsys_handle *ssh, u_int8_t l3num; if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) - l3num = exp->master.tuple[__DIR_ORIG].l3protonum; + l3num = exp->master.orig.l3protonum; else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set)) - l3num = exp->expected.tuple[__DIR_ORIG].l3protonum; + l3num = exp->expected.orig.l3protonum; else return -1; @@ -56,24 +56,15 @@ int __build_expect(struct nfnl_subsys_handle *ssh, nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags); if (test_bit(ATTR_EXP_EXPECTED, exp->set)) { - __build_tuple(req, - size, - &exp->expected.tuple[__DIR_ORIG], - CTA_EXPECT_TUPLE); + __build_tuple(req, size, &exp->expected.orig, CTA_EXPECT_TUPLE); } if (test_bit(ATTR_EXP_MASTER, exp->set)) { - __build_tuple(req, - size, - &exp->master.tuple[__DIR_ORIG], - CTA_EXPECT_MASTER); + __build_tuple(req, size, &exp->master.orig, CTA_EXPECT_MASTER); } if (test_bit(ATTR_EXP_MASK, exp->set)) { - __build_tuple(req, - size, - &exp->mask.tuple[__DIR_ORIG], - CTA_EXPECT_MASK); + __build_tuple(req, size, &exp->mask.orig, CTA_EXPECT_MASK); } if (test_bit(ATTR_EXP_TIMEOUT, exp->set)) diff --git a/src/expect/parse.c b/src/expect/parse.c index 22d28ed..bee755d 100644 --- a/src/expect/parse.c +++ b/src/expect/parse.c @@ -33,32 +33,32 @@ void __parse_expect(const struct nlmsghdr *nlh, struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); /* XXX: this is ugly, clean it up, please */ - exp->expected.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->expected.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->expected.set); - exp->mask.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->mask.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->mask.set); - exp->master.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->master.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->master.set); if (cda[CTA_EXPECT_MASTER-1]) { __parse_tuple(cda[CTA_EXPECT_MASTER-1], - &exp->master.tuple[__DIR_ORIG], + &exp->master.orig, __DIR_ORIG, exp->master.set); set_bit(ATTR_EXP_MASTER, exp->set); } if (cda[CTA_EXPECT_TUPLE-1]) { __parse_tuple(cda[CTA_EXPECT_TUPLE-1], - &exp->expected.tuple[__DIR_ORIG], + &exp->expected.orig, __DIR_ORIG, exp->expected.set); set_bit(ATTR_EXP_EXPECTED, exp->set); } if (cda[CTA_EXPECT_MASK-1]) { __parse_tuple(cda[CTA_EXPECT_MASK-1], - &exp->mask.tuple[__DIR_ORIG], + &exp->mask.orig, __DIR_ORIG, exp->mask.set); set_bit(ATTR_EXP_MASK, exp->set); diff --git a/src/expect/setter.c b/src/expect/setter.c index 40e06f3..89a3157 100644 --- a/src/expect/setter.c +++ b/src/expect/setter.c @@ -11,17 +11,17 @@ static void set_exp_attr_master(struct nf_expect *exp, const void *value) { - exp->master = *((struct nf_conntrack *) value); + exp->master = *((struct nfct_tuple_head *) value); } static void set_exp_attr_expected(struct nf_expect *exp, const void *value) { - exp->expected = *((struct nf_conntrack *) value); + exp->expected = *((struct nfct_tuple_head *) value); } static void set_exp_attr_mask(struct nf_expect *exp, const void *value) { - exp->mask = *((struct nf_conntrack *) value); + exp->mask = *((struct nfct_tuple_head *) value); } static void set_exp_attr_timeout(struct nf_expect *exp, const void *value) diff --git a/src/expect/snprintf_default.c b/src/expect/snprintf_default.c index 7af9d15..77f9c3b 100644 --- a/src/expect/snprintf_default.c +++ b/src/expect/snprintf_default.c @@ -24,7 +24,7 @@ static int __snprintf_expect_proto(char *buf, const struct nf_expect *exp) { return(snprintf(buf, len, "proto=%d ", - exp->expected.tuple[__DIR_ORIG].protonum)); + exp->expected.orig.protonum)); } int __snprintf_expect_default(char *buf, @@ -58,30 +58,27 @@ int __snprintf_expect_default(char *buf, ret = __snprintf_expect_proto(buf+offset, len, exp); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->expected.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->expected.orig, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]); + ret = __snprintf_proto(buf+offset, len, &exp->expected.orig); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->mask.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->mask.orig, "mask-src", "mask-dst"); BUFFER_SIZE(ret, size, len, offset); ret = __snprintf_proto(buf+offset, len, - &exp->mask.tuple[__DIR_ORIG]); + &exp->mask.orig); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->master.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->master.orig, "master-src", "master-dst"); BUFFER_SIZE(ret, size, len, offset); ret = __snprintf_proto(buf+offset, len, - &exp->master.tuple[__DIR_ORIG]); + &exp->master.orig); BUFFER_SIZE(ret, size, len, offset); if (test_bit(ATTR_EXP_ZONE, exp->set)) { |