From d5b8311d81719f90a8f8d7f0b85ad320b9d7a0cd Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sun, 29 Apr 2012 23:43:04 +0200
Subject: conntrack: fix new ATTR_GRP_[ORIG|REPL]_ADDR_[SRC|DST]

The previous patch was incomplete. This fixes several issues with
it like the IPV4 and IPV6 address are mutually exclusive, thus,
the getter operation works. No sane way to support the setter
operation correctly, thus, it's been documented that it has no
effect.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/api.c | 48 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 40 insertions(+), 8 deletions(-)

(limited to 'src/conntrack/api.c')

diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 683b2ce..202b85d 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -601,8 +601,8 @@ int nfct_attr_unset(struct nf_conntrack *ct,
  * \param type attribute group (see ATTR_GRP_*)
  * \param data pointer to struct (see struct nfct_attr_grp_*)
  *
- * Note that calling this function for ATTR_GRP_COUNTER_* does nothing since 
- * counters are unsettable.
+ * Note that calling this function for ATTR_GRP_COUNTER_* and ATTR_GRP_ADDR_*
+ * have no effect.
  */
 void nfct_set_attr_grp(struct nf_conntrack *ct,
 		       const enum nf_conntrack_attr_grp type,
@@ -615,7 +615,8 @@ void nfct_set_attr_grp(struct nf_conntrack *ct,
 
 	if (set_attr_grp_array[type]) {
 		set_attr_grp_array[type](ct, data);
-		set_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
+		set_bitmask_u32(ct->head.set,
+				attr_grp_bitmask[type].bitmask, __NFCT_BITSET);
 	}
 }
 
@@ -638,9 +639,23 @@ int nfct_get_attr_grp(const struct nf_conntrack *ct,
 		errno = EINVAL;
 		return -1;
 	}
-	if (!test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET)) {
-		errno = ENODATA;
-		return -1;
+	switch(attr_grp_bitmask[type].type) {
+	case NFCT_BITMASK_AND:
+		if (!test_bitmask_u32(ct->head.set,
+				      attr_grp_bitmask[type].bitmask,
+				      __NFCT_BITSET)) {
+			errno = ENODATA;
+			return -1;
+		}
+		break;
+	case NFCT_BITMASK_OR:
+		if (!test_bitmask_u32_or(ct->head.set,
+					 attr_grp_bitmask[type].bitmask,
+					 __NFCT_BITSET)) {
+			errno = ENODATA;
+			return -1;
+		}
+		break;
 	}
 	assert(get_attr_grp_array[type]);
 	get_attr_grp_array[type](ct, data);
@@ -663,7 +678,23 @@ int nfct_attr_grp_is_set(const struct nf_conntrack *ct,
 		errno = EINVAL;
 		return -1;
 	}
-	return test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
+	switch(attr_grp_bitmask[type].type) {
+	case NFCT_BITMASK_AND:
+		if (test_bitmask_u32(ct->head.set,
+				     attr_grp_bitmask[type].bitmask,
+				     __NFCT_BITSET)) {
+			return 1;
+		}
+		break;
+	case NFCT_BITMASK_OR:
+		if (test_bitmask_u32_or(ct->head.set,
+					attr_grp_bitmask[type].bitmask,
+					__NFCT_BITSET)) {
+			return 1;
+		}
+		break;
+	}
+	return 0;
 }
 
 /**
@@ -683,7 +714,8 @@ int nfct_attr_grp_unset(struct nf_conntrack *ct,
 		errno = EINVAL;
 		return -1;
 	}
-	unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
+	unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type].bitmask,
+			  __NFCT_BITSET);
 
 	return 0;
 }
-- 
cgit v1.2.3