From 25e5b78e44726f8f7b79e41bf33193ef21e51a36 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Mon, 4 Jun 2007 17:00:24 +0000 Subject: introduce NFCT_SOPT_SETUP_* options to simplify object setup --- .../libnetfilter_conntrack.h | 2 ++ src/conntrack/objopt.c | 24 ++++++++++++++++++++++ utils/conntrack_create.c | 20 +++++++----------- utils/conntrack_create_nat.c | 20 +++++++----------- utils/conntrack_update.c | 20 +++++++----------- utils/expect_create.c | 20 +++++++----------- 6 files changed, 54 insertions(+), 52 deletions(-) diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 174cf6f..965050f 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -138,6 +138,8 @@ enum { NFCT_SOPT_UNDO_DNAT, NFCT_SOPT_UNDO_SPAT, NFCT_SOPT_UNDO_DPAT, + NFCT_SOPT_SETUP_ORIGINAL, + NFCT_SOPT_SETUP_REPLY, __NFCT_SOPT_MAX, }; #define NFCT_SOPT_MAX (__NFCT_SOPT_MAX - 1) diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index e525b2e..2f00005 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -7,6 +7,24 @@ #include "internal.h" +static int __autocomplete(struct nf_conntrack *ct, int dir) +{ + int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG; + + ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum; + ct->tuple[dir].protonum = ct->tuple[other].protonum; + + memcpy(&ct->tuple[dir].src.v6, + &ct->tuple[other].dst.v6, + sizeof(union __nfct_address)); + memcpy(&ct->tuple[dir].dst.v6, + &ct->tuple[other].src.v6, + sizeof(union __nfct_address)); + + ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; + ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; +} + int __setobjopt(struct nf_conntrack *ct, unsigned int option) { switch(option) { @@ -36,6 +54,12 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option) ct->tuple[__DIR_ORIG].l4dst.tcp.port; set_bit(ATTR_DNAT_PORT, ct->set); break; + case NFCT_SOPT_SETUP_ORIGINAL: + __autocomplete(ct, __DIR_ORIG); + break; + case NFCT_SOPT_SETUP_REPLY: + __autocomplete(ct, __DIR_REPL); + break; } return 0; } diff --git a/utils/conntrack_create.c b/utils/conntrack_create.c index 3c41d22..bc591b5 100644 --- a/utils/conntrack_create.c +++ b/utils/conntrack_create.c @@ -17,21 +17,15 @@ int main() return 0; } - nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); - nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); - nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); diff --git a/utils/conntrack_create_nat.c b/utils/conntrack_create_nat.c index 591f1bb..3995cd3 100644 --- a/utils/conntrack_create_nat.c +++ b/utils/conntrack_create_nat.c @@ -17,21 +17,15 @@ int main() return 0; } - nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); - nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); - nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); diff --git a/utils/conntrack_update.c b/utils/conntrack_update.c index 82b95d5..21e3054 100644 --- a/utils/conntrack_update.c +++ b/utils/conntrack_update.c @@ -17,21 +17,15 @@ int main() return 0; } - nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); - nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); - nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); nfct_set_attr_u32(ct, ATTR_TIMEOUT, 600); diff --git a/utils/expect_create.c b/utils/expect_create.c index 9663958..3890c26 100644 --- a/utils/expect_create.c +++ b/utils/expect_create.c @@ -22,21 +22,15 @@ int main() exit(EXIT_FAILURE); } - nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2")); - nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025)); - nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21)); + nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025)); + nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21)); - nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21)); - nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025)); + nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY); nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); nfct_set_attr_u32(master, ATTR_TIMEOUT, 200); -- cgit v1.2.3