From d3d2bee2d9ebd565e006f213c76cfa316b5e5ab1 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Tue, 25 Aug 2015 14:22:41 +0200
Subject: conntrack: add zone attribute to tuple

This patch adds the front-end to the recent ctnetlink interface
changes that add the zone attribute into the tuple.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build.c | 46 ++++++++++++++++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 12 deletions(-)

(limited to 'src/conntrack/build.c')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 0549084..01bdefb 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -86,18 +86,20 @@ static void __build_tuple_proto(struct nfnlhdr *req,
 	nfnl_nest_end(&req->nlh, nest);
 }
 
-void __build_tuple(struct nfnlhdr *req, 
-		   size_t size, 
-		   const struct __nfct_tuple *t, 
-		   const int type)
+static void __build_tuple_raw(struct nfnlhdr *req, size_t size,
+			      const struct __nfct_tuple *t)
 {
-	struct nfattr *nest;
-
-	nest = nfnl_nest(&req->nlh, size, type);
-
 	__build_tuple_ip(req, size, t);
 	__build_tuple_proto(req, size, t);
+}
 
+void __build_tuple(struct nfnlhdr *req, size_t size,
+		   const struct __nfct_tuple *t, const int type)
+{
+	struct nfattr *nest;
+
+	nest = nfnl_nest(&req->nlh, size, type);
+	__build_tuple_raw(req, size, t);
 	nfnl_nest_end(&req->nlh, nest);
 }
 
@@ -448,10 +450,20 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	    test_bit(ATTR_ORIG_PORT_DST, ct->head.set) ||
 	    test_bit(ATTR_ORIG_L3PROTO, ct->head.set)  ||
 	    test_bit(ATTR_ORIG_L4PROTO, ct->head.set)  ||
+	    test_bit(ATTR_ORIG_ZONE, ct->head.set)     ||
 	    test_bit(ATTR_ICMP_TYPE, ct->head.set) 	  ||
 	    test_bit(ATTR_ICMP_CODE, ct->head.set)	  ||
-	    test_bit(ATTR_ICMP_ID, ct->head.set))
-		__build_tuple(req, size, &ct->head.orig, CTA_TUPLE_ORIG);
+	    test_bit(ATTR_ICMP_ID, ct->head.set)) {
+		const struct __nfct_tuple *t = &ct->head.orig;
+		struct nfattr *nest;
+
+		nest = nfnl_nest(&req->nlh, size, CTA_TUPLE_ORIG);
+		__build_tuple_raw(req, size, t);
+		if (test_bit(ATTR_ORIG_ZONE, ct->head.set))
+			nfnl_addattr16(&req->nlh, size, CTA_TUPLE_ZONE,
+				       htons(t->zone));
+		nfnl_nest_end(&req->nlh, nest);
+	}
 
 	if (test_bit(ATTR_REPL_IPV4_SRC, ct->head.set) ||
 	    test_bit(ATTR_REPL_IPV4_DST, ct->head.set) ||
@@ -460,8 +472,18 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	    test_bit(ATTR_REPL_PORT_SRC, ct->head.set) ||
 	    test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
 	    test_bit(ATTR_REPL_L3PROTO, ct->head.set)  ||
-	    test_bit(ATTR_REPL_L4PROTO, ct->head.set))
-		__build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY);
+	    test_bit(ATTR_REPL_L4PROTO, ct->head.set)  ||
+	    test_bit(ATTR_REPL_ZONE, ct->head.set)) {
+		const struct __nfct_tuple *t = &ct->repl;
+		struct nfattr *nest;
+
+		nest = nfnl_nest(&req->nlh, size, CTA_TUPLE_REPLY);
+		__build_tuple_raw(req, size, t);
+		if (test_bit(ATTR_REPL_ZONE, ct->head.set))
+			nfnl_addattr16(&req->nlh, size, CTA_TUPLE_ZONE,
+				       htons(t->zone));
+		nfnl_nest_end(&req->nlh, nest);
+	}
 
 	if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) ||
 	    test_bit(ATTR_MASTER_IPV4_DST, ct->head.set) ||
-- 
cgit v1.2.3