From b4c3a23c884c24f4e5d941fb928cf49561a9cdf9 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=pablo/emailAddress=pablo@netfilter.org>
Date: Tue, 19 Dec 2006 17:41:53 +0000
Subject: Introduce the new libnetfilter_conntrack API, features:

- object oriented infrastructure
- extensible and configurable output (XML)
- low level functions to interact with netlink details
- fairly documented

Still backward compatible.
---
 src/conntrack/objopt.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 src/conntrack/objopt.c

(limited to 'src/conntrack/objopt.c')

diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
new file mode 100644
index 0000000..b495f55
--- /dev/null
+++ b/src/conntrack/objopt.c
@@ -0,0 +1,71 @@
+/*
+ * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include "internal.h"
+
+int __setobjopt(struct nf_conntrack *ct, unsigned int option)
+{
+	switch(option) {
+	case NFCT_SOPT_UNDO_SNAT:
+		ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4;
+		ct->snat.max_ip = ct->snat.min_ip;
+		ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4;
+		set_bit(ATTR_SNAT_IPV4, ct->set);
+		break;
+	case NFCT_SOPT_UNDO_DNAT:
+		ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4;
+		ct->dnat.max_ip = ct->dnat.min_ip;
+		ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4;
+		set_bit(ATTR_DNAT_IPV4, ct->set);
+		break;
+	case NFCT_SOPT_UNDO_SPAT:
+		ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port;
+		ct->snat.l4max.all = ct->snat.l4max.all;
+		ct->tuple[__DIR_REPL].l4dst.tcp.port = 
+			ct->tuple[__DIR_ORIG].l4src.tcp.port;
+		set_bit(ATTR_SNAT_PORT, ct->set);
+		break;
+	case NFCT_SOPT_UNDO_DPAT:
+		ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port;
+		ct->dnat.l4max.all = ct->dnat.l4min.all;
+		ct->tuple[__DIR_REPL].l4src.tcp.port =
+			ct->tuple[__DIR_ORIG].l4dst.tcp.port;
+		set_bit(ATTR_DNAT_PORT, ct->set);
+		break;
+	}
+	return 0;
+}
+
+int __getobjopt(const struct nf_conntrack *ct, unsigned int option)
+{
+	int ret = -1;
+
+	switch(option) {
+	case NFCT_GOPT_IS_SNAT:
+		ret = (ct->status & IPS_SRC_NAT_DONE &&
+		       ct->tuple[__DIR_REPL].dst.v4 !=
+		       ct->tuple[__DIR_ORIG].src.v4);
+		break;
+	case NFCT_GOPT_IS_DNAT:
+		ret = (ct->status & IPS_DST_NAT_DONE &&
+		       ct->tuple[__DIR_REPL].src.v4 !=
+		       ct->tuple[__DIR_ORIG].dst.v4);
+		break;
+	case NFCT_GOPT_IS_SPAT:
+		ret = (ct->status & IPS_SRC_NAT_DONE &&
+		       ct->tuple[__DIR_REPL].l4dst.tcp.port !=
+		       ct->tuple[__DIR_ORIG].l4src.tcp.port);
+		break;
+	case NFCT_GOPT_IS_DPAT:
+		ret = (ct->status & IPS_DST_NAT_DONE &&
+		       ct->tuple[__DIR_REPL].l4src.tcp.port !=
+		       ct->tuple[__DIR_ORIG].l4dst.tcp.port);
+		break;
+	}
+
+	return ret;
+}
-- 
cgit v1.2.3