From 00c2c9dca32eb8eb8687b42fc6d135f35eaa5ff8 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 4 Jan 2012 11:50:28 +0100 Subject: src: put nf_expect and nf_conntrack into diet Now, struct nf_expect takes only 192 bytes, instead of 1KB. struct nf_conntrack takes 296 bytes instead of 328 bytes. The size of the nf_expect structure has been reduced by rearranging the layout of the nf_conntrack structure. For the nf_conntrack case, this removes the allocation of room for attributes that the master tuple does not use (more specifically, the NATseq bytes). This patch modifies the binary layout of struct nf_conntrack. This should not be a problem since the definition of this object is opaque (it can be only accessed via get/set API). Signed-off-by: Pablo Neira Ayuso --- src/conntrack/api.c | 38 ++++---- src/conntrack/build.c | 183 +++++++++++++++++++-------------------- src/conntrack/compare.c | 61 ++++++------- src/conntrack/copy.c | 98 ++++++++++----------- src/conntrack/getter.c | 66 +++++++------- src/conntrack/grp_getter.c | 42 ++++----- src/conntrack/grp_setter.c | 64 +++++++------- src/conntrack/objopt.c | 85 +++++++++--------- src/conntrack/parse.c | 94 ++++++++++---------- src/conntrack/setter.c | 76 ++++++++-------- src/conntrack/snprintf_default.c | 58 ++++++------- src/conntrack/snprintf_xml.c | 104 ++++++++++++---------- 12 files changed, 481 insertions(+), 488 deletions(-) (limited to 'src/conntrack') diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 738aa51..d3d9bdb 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -377,7 +377,7 @@ void nfct_set_attr(struct nf_conntrack *ct, if (set_attr_array[type]) { set_attr_array[type](ct, value); - set_bit(type, ct->set); + set_bit(type, ct->head.set); } } @@ -451,7 +451,7 @@ const void *nfct_get_attr(const struct nf_conntrack *ct, return NULL; } - if (!test_bit(type, ct->set)) { + if (!test_bit(type, ct->head.set)) { errno = ENODATA; return NULL; } @@ -542,7 +542,7 @@ int nfct_attr_is_set(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - return test_bit(type, ct->set); + return test_bit(type, ct->head.set); } /** @@ -567,7 +567,7 @@ int nfct_attr_is_set_array(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - if (!test_bit(type_array[i], ct->set)) + if (!test_bit(type_array[i], ct->head.set)) return 0; } return 1; @@ -590,7 +590,7 @@ int nfct_attr_unset(struct nf_conntrack *ct, errno = EINVAL; return -1; } - unset_bit(type, ct->set); + unset_bit(type, ct->head.set); return 0; } @@ -615,7 +615,7 @@ void nfct_set_attr_grp(struct nf_conntrack *ct, if (set_attr_grp_array[type]) { set_attr_grp_array[type](ct, data); - set_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + set_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); } } @@ -638,7 +638,7 @@ int nfct_get_attr_grp(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - if (!test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET)) { + if (!test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET)) { errno = ENODATA; return -1; } @@ -663,7 +663,7 @@ int nfct_attr_grp_is_set(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - return test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + return test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); } /** @@ -683,7 +683,7 @@ int nfct_attr_grp_unset(struct nf_conntrack *ct, errno = EINVAL; return -1; } - unset_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET); + unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); return 0; } @@ -1128,10 +1128,10 @@ void nfct_copy(struct nf_conntrack *ct1, } if (flags == NFCT_CP_ALL) { for (i=0; iset)) { + if (test_bit(i, ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[i](ct1, ct2); - set_bit(i, ct1->set); + set_bit(i, ct1->head.set); } } return; @@ -1154,10 +1154,10 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_ORIG) { for (i=0; i<__CP_ORIG_MAX; i++) { - if (test_bit(cp_orig_mask[i], ct2->set)) { + if (test_bit(cp_orig_mask[i], ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[cp_orig_mask[i]](ct1, ct2); - set_bit(cp_orig_mask[i], ct1->set); + set_bit(cp_orig_mask[i], ct1->head.set); } } } @@ -1176,20 +1176,20 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_REPL) { for (i=0; i<__CP_REPL_MAX; i++) { - if (test_bit(cp_repl_mask[i], ct2->set)) { + if (test_bit(cp_repl_mask[i], ct2->head.set)) { assert(copy_attr_array[i]); copy_attr_array[cp_repl_mask[i]](ct1, ct2); - set_bit(cp_repl_mask[i], ct1->set); + set_bit(cp_repl_mask[i], ct1->head.set); } } } if (flags & NFCT_CP_META) { for (i=ATTR_TCP_STATE; iset)) { + if (test_bit(i, ct2->head.set)) { assert(copy_attr_array[i]), copy_attr_array[i](ct1, ct2); - set_bit(i, ct1->set); + set_bit(i, ct1->head.set); } } } @@ -1207,10 +1207,10 @@ void nfct_copy_attr(struct nf_conntrack *ct1, const struct nf_conntrack *ct2, const enum nf_conntrack_attr type) { - if (test_bit(type, ct2->set)) { + if (test_bit(type, ct2->head.set)) { assert(copy_attr_array[type]); copy_attr_array[type](ct1, ct2); - set_bit(type, ct1->set); + set_bit(type, ct1->head.set); } } diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 6e85d32..3ff2e13 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -106,45 +106,45 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, { struct nfattr *nest, *nest_proto; - switch(ct->tuple[__DIR_ORIG].protonum) { + switch(ct->head.orig.protonum) { case IPPROTO_TCP: /* Preliminary attribute check to avoid sending an empty * CTA_PROTOINFO_TCP nest, which results in EINVAL in * Linux kernel <= 2.6.25. */ - if (!(test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) || - test_bit(ATTR_TCP_FLAGS_REPL, ct->set) || - test_bit(ATTR_TCP_MASK_ORIG, ct->set) || - test_bit(ATTR_TCP_MASK_REPL, ct->set) || - test_bit(ATTR_TCP_WSCALE_ORIG, ct->set) || - test_bit(ATTR_TCP_WSCALE_REPL, ct->set))) { + if (!(test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) || + test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) || + test_bit(ATTR_TCP_MASK_ORIG, ct->head.set) || + test_bit(ATTR_TCP_MASK_REPL, ct->head.set) || + test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set) || + test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); - if (test_bit(ATTR_TCP_STATE, ct->set)) + if (test_bit(ATTR_TCP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, &ct->protoinfo.tcp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && - test_bit(ATTR_TCP_MASK_ORIG, ct->set)) + if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, &ct->protoinfo.tcp.flags[0], sizeof(struct nf_ct_tcp_flags)); - if (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && - test_bit(ATTR_TCP_MASK_REPL, ct->set)) + if (test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) && + test_bit(ATTR_TCP_MASK_REPL, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_FLAGS_REPLY, &ct->protoinfo.tcp.flags[1], sizeof(struct nf_ct_tcp_flags)); - if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->set)) + if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, &ct->protoinfo.tcp.wscale[__DIR_ORIG], sizeof(u_int8_t)); - if (test_bit(ATTR_TCP_WSCALE_REPL, ct->set)) + if (test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_WSCALE_REPLY, &ct->protoinfo.tcp.wscale[__DIR_REPL], @@ -154,23 +154,23 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, break; case IPPROTO_SCTP: /* See comment above on TCP. */ - if (!(test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) || - test_bit(ATTR_SCTP_VTAG_REPL, ct->set))) { + if (!(test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set) || + test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP); - if (test_bit(ATTR_SCTP_STATE, ct->set)) + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_SCTP_STATE, &ct->protoinfo.sctp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set)) + if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set)) nfnl_addattr32(&req->nlh, size, CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, htonl(ct->protoinfo.sctp.vtag[__DIR_ORIG])); - if (test_bit(ATTR_SCTP_VTAG_REPL, ct->set)) + if (test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set)) nfnl_addattr32(&req->nlh, size, CTA_PROTOINFO_SCTP_VTAG_REPLY, htonl(ct->protoinfo.sctp.vtag[__DIR_REPL])); @@ -179,24 +179,24 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size, break; case IPPROTO_DCCP: /* See comment above on TCP. */ - if (!(test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_DCCP_ROLE, ct->set) || - test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set))) { + if (!(test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_ROLE, ct->head.set) || + test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set))) { break; } nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO); nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP); - if (test_bit(ATTR_DCCP_STATE, ct->set)) + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_DCCP_STATE, &ct->protoinfo.dccp.state, sizeof(u_int8_t)); - if (test_bit(ATTR_DCCP_ROLE, ct->set)) + if (test_bit(ATTR_DCCP_ROLE, ct->head.set)) nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_DCCP_ROLE, &ct->protoinfo.dccp.role, sizeof(u_int8_t)); - if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set)) { + if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set)) { /* FIXME: use __cpu_to_be64() instead which is the * correct operation. This is a semantic abuse but * we have no function to do it in libnfnetlink. */ @@ -224,15 +224,15 @@ __nat_seq_adj(struct nfnlhdr *req, nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_CORRECTION_POS, - htonl(ct->tuple[dir].natseq.correction_pos)); + htonl(ct->natseq[dir].correction_pos)); nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_OFFSET_BEFORE, - htonl(ct->tuple[dir].natseq.offset_before)); + htonl(ct->natseq[dir].offset_before)); nfnl_addattr32(&req->nlh, size, CTA_NAT_SEQ_OFFSET_AFTER, - htonl(ct->tuple[dir].natseq.offset_after)); + htonl(ct->natseq[dir].offset_after)); } static void @@ -259,7 +259,7 @@ static void __build_protonat(struct nfnlhdr *req, nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO); - switch (ct->tuple[__DIR_ORIG].protonum) { + switch (ct->head.orig.protonum) { case IPPROTO_TCP: case IPPROTO_UDP: nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_PORT_MIN, @@ -405,9 +405,9 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, u_int16_t flags, const struct nf_conntrack *ct) { - u_int8_t l3num = ct->tuple[__DIR_ORIG].l3protonum; + u_int8_t l3num = ct->head.orig.l3protonum; - if (!test_bit(ATTR_ORIG_L3PROTO, ct->set)) { + if (!test_bit(ATTR_ORIG_L3PROTO, ct->head.set)) { errno = EINVAL; return -1; } @@ -416,48 +416,43 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags); - if (test_bit(ATTR_ORIG_IPV4_SRC, ct->set) || - test_bit(ATTR_ORIG_IPV4_DST, ct->set) || - test_bit(ATTR_ORIG_IPV6_SRC, ct->set) || - test_bit(ATTR_ORIG_IPV6_DST, ct->set) || - test_bit(ATTR_ORIG_PORT_SRC, ct->set) || - test_bit(ATTR_ORIG_PORT_DST, ct->set) || - test_bit(ATTR_ORIG_L3PROTO, ct->set) || - test_bit(ATTR_ORIG_L4PROTO, ct->set) || - test_bit(ATTR_ICMP_TYPE, ct->set) || - test_bit(ATTR_ICMP_CODE, ct->set) || - test_bit(ATTR_ICMP_ID, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_ORIG], - CTA_TUPLE_ORIG); - - if (test_bit(ATTR_REPL_IPV4_SRC, ct->set) || - test_bit(ATTR_REPL_IPV4_DST, ct->set) || - test_bit(ATTR_REPL_IPV6_SRC, ct->set) || - test_bit(ATTR_REPL_IPV6_DST, ct->set) || - test_bit(ATTR_REPL_PORT_SRC, ct->set) || - test_bit(ATTR_REPL_PORT_DST, ct->set) || - test_bit(ATTR_REPL_L3PROTO, ct->set) || - test_bit(ATTR_REPL_L4PROTO, ct->set) || - test_bit(ATTR_ICMP_TYPE, ct->set) || - test_bit(ATTR_ICMP_CODE, ct->set) || - test_bit(ATTR_ICMP_ID, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_REPL], - CTA_TUPLE_REPLY); - - if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) || - test_bit(ATTR_MASTER_IPV4_DST, ct->set) || - test_bit(ATTR_MASTER_IPV6_SRC, ct->set) || - test_bit(ATTR_MASTER_IPV6_DST, ct->set) || - test_bit(ATTR_MASTER_PORT_SRC, ct->set) || - test_bit(ATTR_MASTER_PORT_DST, ct->set) || - test_bit(ATTR_MASTER_L3PROTO, ct->set) || - test_bit(ATTR_MASTER_L4PROTO, ct->set)) - __build_tuple(req, size, - &ct->tuple[__DIR_MASTER], CTA_TUPLE_MASTER); - - if (test_bit(ATTR_STATUS, ct->set)) + if (test_bit(ATTR_ORIG_IPV4_SRC, ct->head.set) || + test_bit(ATTR_ORIG_IPV4_DST, ct->head.set) || + test_bit(ATTR_ORIG_IPV6_SRC, ct->head.set) || + test_bit(ATTR_ORIG_IPV6_DST, ct->head.set) || + test_bit(ATTR_ORIG_PORT_SRC, ct->head.set) || + test_bit(ATTR_ORIG_PORT_DST, ct->head.set) || + test_bit(ATTR_ORIG_L3PROTO, ct->head.set) || + test_bit(ATTR_ORIG_L4PROTO, ct->head.set) || + test_bit(ATTR_ICMP_TYPE, ct->head.set) || + test_bit(ATTR_ICMP_CODE, ct->head.set) || + test_bit(ATTR_ICMP_ID, ct->head.set)) + __build_tuple(req, size, &ct->head.orig, CTA_TUPLE_ORIG); + + if (test_bit(ATTR_REPL_IPV4_SRC, ct->head.set) || + test_bit(ATTR_REPL_IPV4_DST, ct->head.set) || + test_bit(ATTR_REPL_IPV6_SRC, ct->head.set) || + test_bit(ATTR_REPL_IPV6_DST, ct->head.set) || + test_bit(ATTR_REPL_PORT_SRC, ct->head.set) || + test_bit(ATTR_REPL_PORT_DST, ct->head.set) || + test_bit(ATTR_REPL_L3PROTO, ct->head.set) || + test_bit(ATTR_REPL_L4PROTO, ct->head.set) || + test_bit(ATTR_ICMP_TYPE, ct->head.set) || + test_bit(ATTR_ICMP_CODE, ct->head.set) || + test_bit(ATTR_ICMP_ID, ct->head.set)) + __build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY); + + if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) || + test_bit(ATTR_MASTER_IPV4_DST, ct->head.set) || + test_bit(ATTR_MASTER_IPV6_SRC, ct->head.set) || + test_bit(ATTR_MASTER_IPV6_DST, ct->head.set) || + test_bit(ATTR_MASTER_PORT_SRC, ct->head.set) || + test_bit(ATTR_MASTER_PORT_DST, ct->head.set) || + test_bit(ATTR_MASTER_L3PROTO, ct->head.set) || + test_bit(ATTR_MASTER_L4PROTO, ct->head.set)) + __build_tuple(req, size, &ct->master, CTA_TUPLE_MASTER); + + if (test_bit(ATTR_STATUS, ct->head.set)) __build_status(req, size, ct); else { /* build IPS_CONFIRMED if we're creating a new conntrack */ @@ -465,47 +460,47 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, __build_status(req, size, ct); } - if (test_bit(ATTR_TIMEOUT, ct->set)) + if (test_bit(ATTR_TIMEOUT, ct->head.set)) __build_timeout(req, size, ct); - if (test_bit(ATTR_MARK, ct->set)) + if (test_bit(ATTR_MARK, ct->head.set)) __build_mark(req, size, ct); - if (test_bit(ATTR_SECMARK, ct->set)) + if (test_bit(ATTR_SECMARK, ct->head.set)) __build_secmark(req, size, ct); __build_protoinfo(req, size, ct); - if (test_bit(ATTR_SNAT_IPV4, ct->set) && - test_bit(ATTR_SNAT_PORT, ct->set)) + if (test_bit(ATTR_SNAT_IPV4, ct->head.set) && + test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat(req, size, ct); - else if (test_bit(ATTR_SNAT_IPV4, ct->set)) + else if (test_bit(ATTR_SNAT_IPV4, ct->head.set)) __build_snat_ipv4(req, size, ct); - else if (test_bit(ATTR_SNAT_PORT, ct->set)) + else if (test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat_port(req, size, ct); - if (test_bit(ATTR_DNAT_IPV4, ct->set) && - test_bit(ATTR_DNAT_PORT, ct->set)) + if (test_bit(ATTR_DNAT_IPV4, ct->head.set) && + test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat(req, size, ct); - else if (test_bit(ATTR_DNAT_IPV4, ct->set)) + else if (test_bit(ATTR_DNAT_IPV4, ct->head.set)) __build_dnat_ipv4(req, size, ct); - else if (test_bit(ATTR_DNAT_PORT, ct->set)) + else if (test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat_port(req, size, ct); - if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set) && - test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set) && - test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set)) + if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set) && + test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set) && + test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set)) __build_nat_seq_adj(req, size, ct, __DIR_ORIG); - if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set) && - test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set) && - test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set)) + if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set) && + test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set) && + test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set)) __build_nat_seq_adj(req, size, ct, __DIR_REPL); - if (test_bit(ATTR_HELPER_NAME, ct->set)) + if (test_bit(ATTR_HELPER_NAME, ct->head.set)) __build_helper_name(req, size, ct); - if (test_bit(ATTR_ZONE, ct->set)) + if (test_bit(ATTR_ZONE, ct->head.set)) __build_zone(req, size, ct); return 0; diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index cc0afc9..f94f1b9 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -17,10 +17,10 @@ static int __cmp(int attr, const struct nf_conntrack *ct2, unsigned int flags)) { - if (test_bit(attr, ct1->set) && test_bit(attr, ct2->set)) { + if (test_bit(attr, ct1->head.set) && test_bit(attr, ct2->head.set)) { return cmp(ct1, ct2, flags); } else if (flags & NFCT_CMP_MASK && - test_bit(attr, ct1->set)) { + test_bit(attr, ct1->head.set)) { return 0; } else if (flags & NFCT_CMP_STRICT) { return 0; @@ -33,8 +33,7 @@ cmp_orig_l3proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l3protonum == - ct2->tuple[__DIR_ORIG].l3protonum); + return (ct1->head.orig.l3protonum == ct2->head.orig.l3protonum); } static int @@ -42,8 +41,7 @@ cmp_icmp_id(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4src.icmp.id == - ct2->tuple[__DIR_ORIG].l4src.icmp.id); + return (ct1->head.orig.l4src.icmp.id == ct2->head.orig.l4src.icmp.id); } static int @@ -51,8 +49,8 @@ cmp_icmp_type(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.icmp.type == - ct2->tuple[__DIR_ORIG].l4dst.icmp.type); + return (ct1->head.orig.l4dst.icmp.type == + ct2->head.orig.l4dst.icmp.type); } static int @@ -60,8 +58,8 @@ cmp_icmp_code(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.icmp.code == - ct2->tuple[__DIR_ORIG].l4dst.icmp.code); + return (ct1->head.orig.l4dst.icmp.code == + ct2->head.orig.l4dst.icmp.code); } static int @@ -69,8 +67,7 @@ cmp_orig_port_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4src.all == - ct2->tuple[__DIR_ORIG].l4src.all); + return (ct1->head.orig.l4src.all == ct2->head.orig.l4src.all); } static int @@ -78,8 +75,7 @@ cmp_orig_port_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].l4dst.all == - ct2->tuple[__DIR_ORIG].l4dst.all); + return (ct1->head.orig.l4dst.all == ct2->head.orig.l4dst.all); } static int @@ -87,10 +83,10 @@ cmp_orig_l4proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - if (ct1->tuple[__DIR_ORIG].protonum != ct2->tuple[__DIR_ORIG].protonum) + if (ct1->head.orig.protonum != ct2->head.orig.protonum) return 0; - switch(ct1->tuple[__DIR_ORIG].protonum) { + switch(ct1->head.orig.protonum) { case IPPROTO_ICMP: case IPPROTO_ICMPV6: if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id)) @@ -121,22 +117,21 @@ cmp_orig_ipv4_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].src.v4 == ct2->tuple[__DIR_ORIG].src.v4);} + return (ct1->head.orig.src.v4 == ct2->head.orig.src.v4);} static int cmp_orig_ipv4_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_ORIG].dst.v4 == ct2->tuple[__DIR_ORIG].dst.v4);} + return (ct1->head.orig.dst.v4 == ct2->head.orig.dst.v4);} static int cmp_orig_ipv6_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_ORIG].src.v6, - &ct2->tuple[__DIR_ORIG].src.v6, + return (memcmp(&ct1->head.orig.src.v6, &ct2->head.orig.src.v6, sizeof(struct in6_addr)) == 0); } @@ -145,8 +140,7 @@ cmp_orig_ipv6_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_ORIG].dst.v6, - &ct2->tuple[__DIR_ORIG].dst.v6, + return (memcmp(&ct1->head.orig.dst.v6, &ct2->head.orig.dst.v6, sizeof(struct in6_addr)) == 0); } @@ -175,8 +169,7 @@ cmp_repl_l3proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l3protonum == - ct2->tuple[__DIR_REPL].l3protonum); + return (ct1->repl.l3protonum == ct2->repl.l3protonum); } static int @@ -184,8 +177,7 @@ cmp_repl_port_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l4src.all == - ct2->tuple[__DIR_REPL].l4src.all); + return (ct1->repl.l4src.all == ct2->repl.l4src.all); } static int @@ -193,8 +185,7 @@ cmp_repl_port_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].l4dst.all == - ct2->tuple[__DIR_REPL].l4dst.all); + return (ct1->repl.l4dst.all == ct2->repl.l4dst.all); } static int @@ -202,10 +193,10 @@ cmp_repl_l4proto(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - if (ct1->tuple[__DIR_REPL].protonum != ct2->tuple[__DIR_REPL].protonum) + if (ct1->repl.protonum != ct2->repl.protonum) return 0; - switch(ct1->tuple[__DIR_REPL].protonum) { + switch(ct1->repl.protonum) { case IPPROTO_ICMP: case IPPROTO_ICMPV6: if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id)) @@ -236,22 +227,21 @@ cmp_repl_ipv4_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].src.v4 == ct2->tuple[__DIR_REPL].src.v4);} + return (ct1->repl.src.v4 == ct2->repl.src.v4);} static int cmp_repl_ipv4_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (ct1->tuple[__DIR_REPL].dst.v4 == ct2->tuple[__DIR_REPL].dst.v4);} + return (ct1->repl.dst.v4 == ct2->repl.dst.v4);} static int cmp_repl_ipv6_src(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_REPL].src.v6, - &ct2->tuple[__DIR_REPL].src.v6, + return (memcmp(&ct1->repl.src.v6, &ct2->repl.src.v6, sizeof(struct in6_addr)) == 0); } @@ -260,8 +250,7 @@ cmp_repl_ipv6_dst(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) { - return (memcmp(&ct1->tuple[__DIR_REPL].dst.v6, - &ct2->tuple[__DIR_REPL].dst.v6, + return (memcmp(&ct1->repl.dst.v6, &ct2->repl.dst.v6, sizeof(struct in6_addr)) == 0); } diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 459741b..3c47b15 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -12,184 +12,178 @@ static void copy_attr_orig_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].src.v4 = orig->tuple[__DIR_ORIG].src.v4; + dest->head.orig.src.v4 = orig->head.orig.src.v4; } static void copy_attr_orig_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].dst.v4 = orig->tuple[__DIR_ORIG].dst.v4; + dest->head.orig.dst.v4 = orig->head.orig.dst.v4; } static void copy_attr_repl_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].src.v4 = orig->tuple[__DIR_REPL].src.v4; + dest->repl.src.v4 = orig->repl.src.v4; } static void copy_attr_repl_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].dst.v4 = orig->tuple[__DIR_REPL].dst.v4; + dest->repl.dst.v4 = orig->repl.dst.v4; } static void copy_attr_orig_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_ORIG].src, - &orig->tuple[__DIR_ORIG].src, + memcpy(&dest->head.orig.src, + &orig->head.orig.src, sizeof(union __nfct_address)); } static void copy_attr_orig_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_ORIG].dst, - &orig->tuple[__DIR_ORIG].dst, + memcpy(&dest->head.orig.dst, + &orig->head.orig.dst, sizeof(union __nfct_address)); } static void copy_attr_repl_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_REPL].src, - &orig->tuple[__DIR_REPL].src, + memcpy(&dest->repl.src, + &orig->repl.src, sizeof(union __nfct_address)); } static void copy_attr_repl_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_REPL].dst, - &orig->tuple[__DIR_REPL].dst, + memcpy(&dest->repl.dst, + &orig->repl.dst, sizeof(union __nfct_address)); } static void copy_attr_orig_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4src.all = orig->tuple[__DIR_ORIG].l4src.all; + dest->head.orig.l4src.all = orig->head.orig.l4src.all; } static void copy_attr_orig_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.all = orig->tuple[__DIR_ORIG].l4dst.all; + dest->head.orig.l4dst.all = orig->head.orig.l4dst.all; } static void copy_attr_repl_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l4src.all = orig->tuple[__DIR_REPL].l4src.all; + dest->repl.l4src.all = orig->repl.l4src.all; } static void copy_attr_repl_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l4dst.all = orig->tuple[__DIR_REPL].l4dst.all; + dest->repl.l4dst.all = orig->repl.l4dst.all; } static void copy_attr_icmp_type(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.icmp.type = - orig->tuple[__DIR_ORIG].l4dst.icmp.type; + dest->head.orig.l4dst.icmp.type = + orig->head.orig.l4dst.icmp.type; } static void copy_attr_icmp_code(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4dst.icmp.code = - orig->tuple[__DIR_ORIG].l4dst.icmp.code; + dest->head.orig.l4dst.icmp.code = + orig->head.orig.l4dst.icmp.code; } static void copy_attr_icmp_id(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l4src.icmp.id = - orig->tuple[__DIR_ORIG].l4src.icmp.id; + dest->head.orig.l4src.icmp.id = + orig->head.orig.l4src.icmp.id; } static void copy_attr_orig_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].l3protonum = orig->tuple[__DIR_ORIG].l3protonum; + dest->head.orig.l3protonum = orig->head.orig.l3protonum; } static void copy_attr_repl_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].l3protonum = orig->tuple[__DIR_REPL].l3protonum; + dest->repl.l3protonum = orig->repl.l3protonum; } static void copy_attr_orig_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].protonum = orig->tuple[__DIR_ORIG].protonum; + dest->head.orig.protonum = orig->head.orig.protonum; } static void copy_attr_repl_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].protonum = orig->tuple[__DIR_REPL].protonum; + dest->repl.protonum = orig->repl.protonum; } static void copy_attr_master_ipv4_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].src.v4 = orig->tuple[__DIR_MASTER].src.v4; + dest->master.src.v4 = orig->master.src.v4; } static void copy_attr_master_ipv4_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].dst.v4 = orig->tuple[__DIR_MASTER].dst.v4; + dest->master.dst.v4 = orig->master.dst.v4; } static void copy_attr_master_ipv6_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_MASTER].src, - &orig->tuple[__DIR_MASTER].src, + memcpy(&dest->master.src, &orig->master.src, sizeof(union __nfct_address)); } static void copy_attr_master_ipv6_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - memcpy(&dest->tuple[__DIR_MASTER].dst, - &orig->tuple[__DIR_MASTER].dst, + memcpy(&dest->master.dst, &orig->master.dst, sizeof(union __nfct_address)); } static void copy_attr_master_port_src(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l4src.all = - orig->tuple[__DIR_MASTER].l4src.all; + dest->master.l4src.all = orig->master.l4src.all; } static void copy_attr_master_port_dst(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l4dst.all = - orig->tuple[__DIR_MASTER].l4dst.all; + dest->master.l4dst.all = orig->master.l4dst.all; } static void copy_attr_master_l3proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].l3protonum = - orig->tuple[__DIR_MASTER].l3protonum; + dest->master.l3protonum = orig->master.l3protonum; } static void copy_attr_master_l4proto(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_MASTER].protonum = - orig->tuple[__DIR_MASTER].protonum; + dest->master.protonum = orig->master.protonum; } static void copy_attr_tcp_state(struct nf_conntrack *dest, @@ -365,43 +359,43 @@ static void copy_attr_id(struct nf_conntrack *dest, static void copy_attr_orig_cor_pos(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.correction_pos = - orig->tuple[__DIR_ORIG].natseq.correction_pos; + dest->natseq[__DIR_ORIG].correction_pos = + orig->natseq[__DIR_ORIG].correction_pos; } static void copy_attr_orig_off_bfr(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.offset_before = - orig->tuple[__DIR_ORIG].natseq.offset_before; + dest->natseq[__DIR_ORIG].offset_before = + orig->natseq[__DIR_ORIG].offset_before; } static void copy_attr_orig_off_aft(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_ORIG].natseq.offset_after = - orig->tuple[__DIR_ORIG].natseq.offset_after; + dest->natseq[__DIR_ORIG].offset_after = + orig->natseq[__DIR_ORIG].offset_after; } static void copy_attr_repl_cor_pos(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.correction_pos = - orig->tuple[__DIR_REPL].natseq.correction_pos; + dest->natseq[__DIR_REPL].correction_pos = + orig->natseq[__DIR_REPL].correction_pos; } static void copy_attr_repl_off_bfr(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.offset_before = - orig->tuple[__DIR_REPL].natseq.offset_before; + dest->natseq[__DIR_REPL].offset_before = + orig->natseq[__DIR_REPL].offset_before; } static void copy_attr_repl_off_aft(struct nf_conntrack *dest, const struct nf_conntrack *orig) { - dest->tuple[__DIR_REPL].natseq.offset_after = - orig->tuple[__DIR_REPL].natseq.offset_after; + dest->natseq[__DIR_REPL].offset_after = + orig->natseq[__DIR_REPL].offset_after; } static void copy_attr_helper_name(struct nf_conntrack *dest, diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c index c94fe2e..5e0a450 100644 --- a/src/conntrack/getter.c +++ b/src/conntrack/getter.c @@ -11,137 +11,137 @@ static const void *get_attr_orig_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].src.v4; + return &ct->head.orig.src.v4; } static const void *get_attr_orig_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].dst.v4; + return &ct->head.orig.dst.v4; } static const void *get_attr_repl_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].src.v4; + return &ct->repl.src.v4; } static const void *get_attr_repl_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].dst.v4; + return &ct->repl.dst.v4; } static const void *get_attr_orig_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].src.v6; + return &ct->head.orig.src.v6; } static const void *get_attr_orig_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].dst.v6; + return &ct->head.orig.dst.v6; } static const void *get_attr_repl_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].src.v6; + return &ct->repl.src.v6; } static const void *get_attr_repl_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].dst.v6; + return &ct->repl.dst.v6; } static const void *get_attr_orig_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4src.all; + return &ct->head.orig.l4src.all; } static const void *get_attr_orig_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.all; + return &ct->head.orig.l4dst.all; } static const void *get_attr_repl_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l4src.all; + return &ct->repl.l4src.all; } static const void *get_attr_repl_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l4dst.all; + return &ct->repl.l4dst.all; } static const void *get_attr_icmp_type(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.icmp.type; + return &ct->head.orig.l4dst.icmp.type; } static const void *get_attr_icmp_code(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4dst.icmp.code; + return &ct->head.orig.l4dst.icmp.code; } static const void *get_attr_icmp_id(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l4src.icmp.id; + return &ct->head.orig.l4src.icmp.id; } static const void *get_attr_orig_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].l3protonum; + return &ct->head.orig.l3protonum; } static const void *get_attr_repl_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].l3protonum; + return &ct->repl.l3protonum; } static const void *get_attr_orig_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].protonum; + return &ct->head.orig.protonum; } static const void *get_attr_repl_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].protonum; + return &ct->repl.protonum; } static const void *get_attr_master_ipv4_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].src.v4; + return &ct->master.src.v4; } static const void *get_attr_master_ipv4_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].dst.v4; + return &ct->master.dst.v4; } static const void *get_attr_master_ipv6_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].src.v6; + return &ct->master.src.v6; } static const void *get_attr_master_ipv6_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].dst.v6; + return &ct->master.dst.v6; } static const void *get_attr_master_port_src(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l4src.all; + return &ct->master.l4src.all; } static const void *get_attr_master_port_dst(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l4dst.all; + return &ct->master.l4dst.all; } static const void *get_attr_master_l3proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].l3protonum; + return &ct->master.l3protonum; } static const void *get_attr_master_l4proto(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_MASTER].protonum; + return &ct->master.protonum; } static const void *get_attr_tcp_state(const struct nf_conntrack *ct) @@ -266,32 +266,32 @@ static const void *get_attr_id(const struct nf_conntrack *ct) static const void *get_attr_orig_cor_pos(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.correction_pos; + return &ct->natseq[__DIR_ORIG].correction_pos; } static const void *get_attr_orig_off_bfr(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.offset_before; + return &ct->natseq[__DIR_ORIG].offset_before; } static const void *get_attr_orig_off_aft(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_ORIG].natseq.offset_after; + return &ct->natseq[__DIR_ORIG].offset_after; } static const void *get_attr_repl_cor_pos(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.correction_pos; + return &ct->natseq[__DIR_REPL].correction_pos; } static const void *get_attr_repl_off_bfr(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.offset_before; + return &ct->natseq[__DIR_REPL].offset_before; } static const void *get_attr_repl_off_aft(const struct nf_conntrack *ct) { - return &ct->tuple[__DIR_REPL].natseq.offset_after; + return &ct->natseq[__DIR_REPL].offset_after; } static const void *get_attr_helper_name(const struct nf_conntrack *ct) diff --git a/src/conntrack/grp_getter.c b/src/conntrack/grp_getter.c index db5b67d..a8d43cf 100644 --- a/src/conntrack/grp_getter.c +++ b/src/conntrack/grp_getter.c @@ -12,72 +12,72 @@ static void get_attr_grp_orig_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_ORIG].src.v4; - this->dst = ct->tuple[__DIR_ORIG].dst.v4; + this->src = ct->head.orig.src.v4; + this->dst = ct->head.orig.dst.v4; } static void get_attr_grp_repl_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_REPL].src.v4; - this->dst = ct->tuple[__DIR_REPL].dst.v4; + this->src = ct->repl.src.v4; + this->dst = ct->repl.dst.v4; } static void get_attr_grp_orig_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_ORIG].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_ORIG].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->head.orig.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->head.orig.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_repl_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_REPL].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_REPL].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->repl.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->repl.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_orig_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_ORIG].l4src.all; - this->dport = ct->tuple[__DIR_ORIG].l4dst.all; + this->sport = ct->head.orig.l4src.all; + this->dport = ct->head.orig.l4dst.all; } static void get_attr_grp_repl_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_REPL].l4src.all; - this->dport = ct->tuple[__DIR_REPL].l4dst.all; + this->sport = ct->repl.l4src.all; + this->dport = ct->repl.l4dst.all; } static void get_attr_grp_icmp(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_icmp *this = data; - this->type = ct->tuple[__DIR_ORIG].l4dst.icmp.type; - this->code = ct->tuple[__DIR_ORIG].l4dst.icmp.code; - this->id = ct->tuple[__DIR_ORIG].l4src.icmp.id; + this->type = ct->head.orig.l4dst.icmp.type; + this->code = ct->head.orig.l4dst.icmp.code; + this->id = ct->head.orig.l4src.icmp.id; } static void get_attr_grp_master_ipv4(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv4 *this = data; - this->src = ct->tuple[__DIR_MASTER].src.v4; - this->dst = ct->tuple[__DIR_MASTER].dst.v4; + this->src = ct->master.src.v4; + this->dst = ct->master.dst.v4; } static void get_attr_grp_master_ipv6(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_ipv6 *this = data; - memcpy(this->src, &ct->tuple[__DIR_MASTER].src.v6, sizeof(u_int32_t)*4); - memcpy(this->dst, &ct->tuple[__DIR_MASTER].dst.v6, sizeof(u_int32_t)*4); + memcpy(this->src, &ct->master.src.v6, sizeof(u_int32_t)*4); + memcpy(this->dst, &ct->master.dst.v6, sizeof(u_int32_t)*4); } static void get_attr_grp_master_port(const struct nf_conntrack *ct, void *data) { struct nfct_attr_grp_port *this = data; - this->sport = ct->tuple[__DIR_MASTER].l4src.all; - this->dport = ct->tuple[__DIR_MASTER].l4dst.all; + this->sport = ct->master.l4src.all; + this->dport = ct->master.l4dst.all; } static void get_attr_grp_orig_ctrs(const struct nf_conntrack *ct, void *data) diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c index 324aa4c..0492a84 100644 --- a/src/conntrack/grp_setter.c +++ b/src/conntrack/grp_setter.c @@ -40,47 +40,47 @@ static const u_int8_t invmap_icmpv6[] = { static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_ORIG].src.v4 = this->src; - ct->tuple[__DIR_ORIG].dst.v4 = this->dst; - ct->tuple[__DIR_ORIG].l3protonum = AF_INET; + ct->head.orig.src.v4 = this->src; + ct->head.orig.dst.v4 = this->dst; + ct->head.orig.l3protonum = AF_INET; } static void set_attr_grp_repl_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_REPL].src.v4 = this->src; - ct->tuple[__DIR_REPL].dst.v4 = this->dst; - ct->tuple[__DIR_REPL].l3protonum = AF_INET; + ct->repl.src.v4 = this->src; + ct->repl.dst.v4 = this->dst; + ct->repl.l3protonum = AF_INET; } static void set_attr_grp_orig_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_ORIG].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_ORIG].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_ORIG].l3protonum = AF_INET6; + memcpy(&ct->head.orig.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->head.orig.l3protonum = AF_INET6; } static void set_attr_grp_repl_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_REPL].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_REPL].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_REPL].l3protonum = AF_INET6; + memcpy(&ct->repl.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->repl.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->repl.l3protonum = AF_INET6; } static void set_attr_grp_orig_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_ORIG].l4src.all = this->sport; - ct->tuple[__DIR_ORIG].l4dst.all = this->dport; + ct->head.orig.l4src.all = this->sport; + ct->head.orig.l4dst.all = this->dport; } static void set_attr_grp_repl_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_REPL].l4src.all = this->sport; - ct->tuple[__DIR_REPL].l4dst.all = this->dport; + ct->repl.l4src.all = this->sport; + ct->repl.l4dst.all = this->dport; } static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) @@ -88,9 +88,9 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) u_int8_t rtype; const struct nfct_attr_grp_icmp *this = value; - ct->tuple[__DIR_ORIG].l4dst.icmp.type = this->type; + ct->head.orig.l4dst.icmp.type = this->type; - switch(ct->tuple[__DIR_ORIG].l3protonum) { + switch(ct->head.orig.l3protonum) { case AF_INET: rtype = invmap_icmp[this->type]; break; @@ -104,38 +104,38 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) } if (rtype) - ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1; + ct->repl.l4dst.icmp.type = rtype - 1; else - ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* -EINVAL */ + ct->repl.l4dst.icmp.type = 255; /* -EINVAL */ - ct->tuple[__DIR_ORIG].l4dst.icmp.code = this->code; - ct->tuple[__DIR_REPL].l4dst.icmp.code = this->code; + ct->head.orig.l4dst.icmp.code = this->code; + ct->repl.l4dst.icmp.code = this->code; - ct->tuple[__DIR_ORIG].l4src.icmp.id = this->id; - ct->tuple[__DIR_REPL].l4src.icmp.id = this->id; + ct->head.orig.l4src.icmp.id = this->id; + ct->repl.l4src.icmp.id = this->id; } static void set_attr_grp_master_ipv4(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv4 *this = value; - ct->tuple[__DIR_MASTER].src.v4 = this->src; - ct->tuple[__DIR_MASTER].dst.v4 = this->dst; - ct->tuple[__DIR_MASTER].l3protonum = AF_INET; + ct->master.src.v4 = this->src; + ct->master.dst.v4 = this->dst; + ct->master.l3protonum = AF_INET; } static void set_attr_grp_master_ipv6(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_ipv6 *this = value; - memcpy(&ct->tuple[__DIR_MASTER].src.v6, this->src, sizeof(u_int32_t)*4); - memcpy(&ct->tuple[__DIR_MASTER].dst.v6, this->dst, sizeof(u_int32_t)*4); - ct->tuple[__DIR_MASTER].l3protonum = AF_INET6; + memcpy(&ct->master.src.v6, this->src, sizeof(u_int32_t)*4); + memcpy(&ct->master.dst.v6, this->dst, sizeof(u_int32_t)*4); + ct->master.l3protonum = AF_INET6; } static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value) { const struct nfct_attr_grp_port *this = value; - ct->tuple[__DIR_MASTER].l4src.all = this->sport; - ct->tuple[__DIR_MASTER].l4dst.all = this->dport; + ct->master.l4src.all = this->sport; + ct->master.l4dst.all = this->dport; } static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value) diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index d2035fb..5898746 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -11,27 +11,34 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) { - int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG; + struct __nfct_tuple *this = NULL, *other = NULL; - ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum; - ct->tuple[dir].protonum = ct->tuple[other].protonum; + switch(dir) { + case __DIR_ORIG: + this = &ct->head.orig; + other = &ct->repl; + break; + case __DIR_REPL: + this = &ct->repl; + other = &ct->head.orig; + break; + } + + this->l3protonum = other->l3protonum; + this->protonum = other->protonum; - memcpy(&ct->tuple[dir].src.v6, - &ct->tuple[other].dst.v6, - sizeof(union __nfct_address)); - memcpy(&ct->tuple[dir].dst.v6, - &ct->tuple[other].src.v6, - sizeof(union __nfct_address)); + memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address)); + memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address)); - switch(ct->tuple[dir].protonum) { + switch(this->protonum) { case IPPROTO_UDP: case IPPROTO_TCP: case IPPROTO_SCTP: case IPPROTO_DCCP: case IPPROTO_GRE: case IPPROTO_UDPLITE: - ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all; - ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all; + this->l4src.all = other->l4dst.all; + this->l4dst.all = other->l4src.all; break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: @@ -40,41 +47,41 @@ static void __autocomplete(struct nf_conntrack *ct, int dir) } /* XXX: this is safe but better convert bitset to uint64_t */ - ct->set[0] |= TS_ORIG | TS_REPL; + ct->head.set[0] |= TS_ORIG | TS_REPL; } static void setobjopt_undo_snat(struct nf_conntrack *ct) { - ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4; + ct->snat.min_ip = ct->repl.dst.v4; ct->snat.max_ip = ct->snat.min_ip; - ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4; - set_bit(ATTR_SNAT_IPV4, ct->set); + ct->repl.dst.v4 = ct->head.orig.src.v4; + set_bit(ATTR_SNAT_IPV4, ct->head.set); } static void setobjopt_undo_dnat(struct nf_conntrack *ct) { - ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4; + ct->dnat.min_ip = ct->repl.src.v4; ct->dnat.max_ip = ct->dnat.min_ip; - ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4; - set_bit(ATTR_DNAT_IPV4, ct->set); + ct->repl.src.v4 = ct->head.orig.dst.v4; + set_bit(ATTR_DNAT_IPV4, ct->head.set); } static void setobjopt_undo_spat(struct nf_conntrack *ct) { - ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port; + ct->snat.l4min.all = ct->repl.l4dst.tcp.port; ct->snat.l4max.all = ct->snat.l4min.all; - ct->tuple[__DIR_REPL].l4dst.tcp.port = - ct->tuple[__DIR_ORIG].l4src.tcp.port; - set_bit(ATTR_SNAT_PORT, ct->set); + ct->repl.l4dst.tcp.port = + ct->head.orig.l4src.tcp.port; + set_bit(ATTR_SNAT_PORT, ct->head.set); } static void setobjopt_undo_dpat(struct nf_conntrack *ct) { - ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port; + ct->dnat.l4min.all = ct->repl.l4src.tcp.port; ct->dnat.l4max.all = ct->dnat.l4min.all; - ct->tuple[__DIR_REPL].l4src.tcp.port = - ct->tuple[__DIR_ORIG].l4dst.tcp.port; - set_bit(ATTR_DNAT_PORT, ct->set); + ct->repl.l4src.tcp.port = + ct->head.orig.l4dst.tcp.port; + set_bit(ATTR_DNAT_PORT, ct->head.set); } static void setobjopt_setup_orig(struct nf_conntrack *ct) @@ -107,34 +114,34 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option) static int getobjopt_is_snat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].dst.v4 != - ct->tuple[__DIR_ORIG].src.v4); + ct->repl.dst.v4 != + ct->head.orig.src.v4); } static int getobjopt_is_dnat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].src.v4 != - ct->tuple[__DIR_ORIG].dst.v4); + ct->repl.src.v4 != + ct->head.orig.dst.v4); } static int getobjopt_is_spat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_SRC_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4dst.tcp.port != - ct->tuple[__DIR_ORIG].l4src.tcp.port); + ct->repl.l4dst.tcp.port != + ct->head.orig.l4src.tcp.port); } static int getobjopt_is_dpat(const struct nf_conntrack *ct) { - return ((test_bit(ATTR_STATUS, ct->set) ? + return ((test_bit(ATTR_STATUS, ct->head.set) ? ct->status & IPS_DST_NAT_DONE : 1) && - ct->tuple[__DIR_REPL].l4src.tcp.port != - ct->tuple[__DIR_ORIG].l4dst.tcp.port); + ct->repl.l4src.tcp.port != + ct->head.orig.l4dst.tcp.port); } static const getobjopt getobjopt_array[__NFCT_GOPT_MAX] = { diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index cb2a8dc..b9f9a99 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -199,37 +199,37 @@ static void __parse_protoinfo_tcp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_TCP_STATE-1]) { ct->protoinfo.tcp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); - set_bit(ATTR_TCP_STATE, ct->set); + set_bit(ATTR_TCP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]) { memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG], NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]), sizeof(u_int8_t)); - set_bit(ATTR_TCP_WSCALE_ORIG, ct->set); + set_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]) { memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL], NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]), sizeof(u_int8_t)); - set_bit(ATTR_TCP_WSCALE_REPL, ct->set); + set_bit(ATTR_TCP_WSCALE_REPL, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) { memcpy(&ct->protoinfo.tcp.flags[0], NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]), sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_ORIG, ct->set); - set_bit(ATTR_TCP_MASK_ORIG, ct->set); + set_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set); + set_bit(ATTR_TCP_MASK_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) { memcpy(&ct->protoinfo.tcp.flags[1], NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]), sizeof(struct nf_ct_tcp_flags)); - set_bit(ATTR_TCP_FLAGS_REPL, ct->set); - set_bit(ATTR_TCP_MASK_REPL, ct->set); + set_bit(ATTR_TCP_FLAGS_REPL, ct->head.set); + set_bit(ATTR_TCP_MASK_REPL, ct->head.set); } } @@ -243,19 +243,19 @@ static void __parse_protoinfo_sctp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_SCTP_STATE-1]) { ct->protoinfo.sctp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_STATE-1]); - set_bit(ATTR_SCTP_STATE, ct->set); + set_bit(ATTR_SCTP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1]) { ct->protoinfo.sctp.vtag[__DIR_ORIG] = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1])); - set_bit(ATTR_SCTP_VTAG_ORIG, ct->set); + set_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set); } if (tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1]) { ct->protoinfo.sctp.vtag[__DIR_REPL] = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1])); - set_bit(ATTR_SCTP_VTAG_REPL, ct->set); + set_bit(ATTR_SCTP_VTAG_REPL, ct->head.set); } } @@ -270,12 +270,12 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr, if (tb[CTA_PROTOINFO_DCCP_STATE-1]) { ct->protoinfo.dccp.state = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]); - set_bit(ATTR_DCCP_STATE, ct->set); + set_bit(ATTR_DCCP_STATE, ct->head.set); } if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) { ct->protoinfo.dccp.role = *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]); - set_bit(ATTR_DCCP_ROLE, ct->set); + set_bit(ATTR_DCCP_ROLE, ct->head.set); } if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]) { u_int64_t tmp; @@ -283,7 +283,7 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr, NFA_DATA(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]), sizeof(tmp)); ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp); - set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set); + set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set); } } @@ -328,10 +328,10 @@ static void __parse_counters(const struct nfattr *attr, switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set); + set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_PACKETS, ct->set); + set_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set); break; } } @@ -352,10 +352,10 @@ static void __parse_counters(const struct nfattr *attr, switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_COUNTER_BYTES, ct->set); + set_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_COUNTER_BYTES, ct->set); + set_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set); break; } } @@ -369,40 +369,40 @@ __parse_nat_seq(const struct nfattr *attr, struct nf_conntrack *ct, int dir) nfnl_parse_nested(tb, CTA_NAT_SEQ_MAX, attr); if (tb[CTA_NAT_SEQ_CORRECTION_POS-1]) { - ct->tuple[dir].natseq.correction_pos = - ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1])); + ct->natseq[dir].correction_pos = + ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set); break; } } if (tb[CTA_NAT_SEQ_OFFSET_BEFORE-1]) { - ct->tuple[dir].natseq.offset_before = + ct->natseq[dir].offset_before = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_BEFORE-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set); break; } } if (tb[CTA_NAT_SEQ_OFFSET_AFTER-1]) { - ct->tuple[dir].natseq.offset_after = + ct->natseq[dir].offset_after = ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_AFTER-1])); switch(dir) { case __DIR_ORIG: - set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set); + set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set); break; case __DIR_REPL: - set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set); + set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set); break; } } @@ -421,7 +421,7 @@ __parse_helper(const struct nfattr *attr, struct nf_conntrack *ct) NFA_DATA(tb[CTA_HELP_NAME-1]), NFCT_HELPER_NAME_MAX); ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0'; - set_bit(ATTR_HELPER_NAME, ct->set); + set_bit(ATTR_HELPER_NAME, ct->head.set); } static void @@ -435,7 +435,7 @@ __parse_secctx(const struct nfattr *attr, struct nf_conntrack *ct) ct->secctx = strdup(NFA_DATA(tb[CTA_SECCTX_NAME-1])); if (ct->secctx) - set_bit(ATTR_SECCTX, ct->set); + set_bit(ATTR_SECCTX, ct->head.set); } int __parse_message_type(const struct nlmsghdr *nlh) @@ -465,13 +465,13 @@ __parse_timestamp(const struct nfattr *attr, struct nf_conntrack *ct) u_int64_t tmp; memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_START-1]), sizeof(tmp)); ct->timestamp.start = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_START, ct->set); + set_bit(ATTR_TIMESTAMP_START, ct->head.set); } if (tb[CTA_TIMESTAMP_STOP-1]) { u_int64_t tmp; memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_STOP-1]), sizeof(tmp)); ct->timestamp.stop = __be64_to_cpu(tmp); - set_bit(ATTR_TIMESTAMP_STOP, ct->set); + set_bit(ATTR_TIMESTAMP_STOP, ct->head.set); } } @@ -482,27 +482,27 @@ void __parse_conntrack(const struct nlmsghdr *nlh, struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); if (cda[CTA_TUPLE_ORIG-1]) { - ct->tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_ORIG_L3PROTO, ct->set); + ct->head.orig.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_ORIG_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_ORIG-1], - &ct->tuple[__DIR_ORIG], __DIR_ORIG, ct->set); + &ct->head.orig, __DIR_ORIG, ct->head.set); } if (cda[CTA_TUPLE_REPLY-1]) { - ct->tuple[__DIR_REPL].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_REPL_L3PROTO, ct->set); + ct->repl.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_REPL_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_REPLY-1], - &ct->tuple[__DIR_REPL], __DIR_REPL, ct->set); + &ct->repl, __DIR_REPL, ct->head.set); } if (cda[CTA_TUPLE_MASTER-1]) { - ct->tuple[__DIR_MASTER].l3protonum = nfhdr->nfgen_family; - set_bit(ATTR_MASTER_L3PROTO, ct->set); + ct->master.l3protonum = nfhdr->nfgen_family; + set_bit(ATTR_MASTER_L3PROTO, ct->head.set); __parse_tuple(cda[CTA_TUPLE_MASTER-1], - &ct->tuple[__DIR_MASTER], __DIR_MASTER, ct->set); + &ct->master, __DIR_MASTER, ct->head.set); } if (cda[CTA_NAT_SEQ_ADJ_ORIG-1]) @@ -513,7 +513,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_STATUS-1]) { ct->status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1])); - set_bit(ATTR_STATUS, ct->set); + set_bit(ATTR_STATUS, ct->head.set); } if (cda[CTA_PROTOINFO-1]) @@ -521,17 +521,17 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_TIMEOUT-1]) { ct->timeout = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1])); - set_bit(ATTR_TIMEOUT, ct->set); + set_bit(ATTR_TIMEOUT, ct->head.set); } if (cda[CTA_MARK-1]) { ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1])); - set_bit(ATTR_MARK, ct->set); + set_bit(ATTR_MARK, ct->head.set); } if (cda[CTA_SECMARK-1]) { ct->secmark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_SECMARK-1])); - set_bit(ATTR_SECMARK, ct->set); + set_bit(ATTR_SECMARK, ct->head.set); } if (cda[CTA_COUNTERS_ORIG-1]) @@ -542,12 +542,12 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_USE-1]) { ct->use = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_USE-1])); - set_bit(ATTR_USE, ct->set); + set_bit(ATTR_USE, ct->head.set); } if (cda[CTA_ID-1]) { ct->id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_ID-1])); - set_bit(ATTR_ID, ct->set); + set_bit(ATTR_ID, ct->head.set); } if (cda[CTA_HELP-1]) @@ -555,7 +555,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_ZONE-1]) { ct->zone = ntohs(*(u_int16_t *)NFA_DATA(cda[CTA_ZONE-1])); - set_bit(ATTR_ZONE, ct->set); + set_bit(ATTR_ZONE, ct->head.set); } if (cda[CTA_SECCTX-1]) diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 3969859..626d4df 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -39,71 +39,71 @@ static const u_int8_t invmap_icmpv6[] = { static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].src.v4 = *((u_int32_t *) value); + ct->head.orig.src.v4 = *((u_int32_t *) value); } static void set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].dst.v4 = *((u_int32_t *) value); + ct->head.orig.dst.v4 = *((u_int32_t *) value); } static void set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].src.v4 = *((u_int32_t *) value); + ct->repl.src.v4 = *((u_int32_t *) value); } static void set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].dst.v4 = *((u_int32_t *) value); + ct->repl.dst.v4 = *((u_int32_t *) value); } static void set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_ORIG].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_ORIG].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->head.orig.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_REPL].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->repl.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_REPL].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->repl.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_orig_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4src.all = *((u_int16_t *) value); + ct->head.orig.l4src.all = *((u_int16_t *) value); } static void set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4dst.all = *((u_int16_t *) value); + ct->head.orig.l4dst.all = *((u_int16_t *) value); } static void set_attr_repl_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l4src.all = *((u_int16_t *) value); + ct->repl.l4src.all = *((u_int16_t *) value); } static void set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l4dst.all = *((u_int16_t *) value); + ct->repl.l4dst.all = *((u_int16_t *) value); } static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value) { u_int8_t rtype; - ct->tuple[__DIR_ORIG].l4dst.icmp.type = *((u_int8_t *) value); + ct->head.orig.l4dst.icmp.type = *((u_int8_t *) value); - switch(ct->tuple[__DIR_ORIG].l3protonum) { + switch(ct->head.orig.l3protonum) { case AF_INET: rtype = invmap_icmp[*((u_int8_t *) value)]; break; @@ -117,42 +117,42 @@ static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value) } if (rtype) - ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1; + ct->repl.l4dst.icmp.type = rtype - 1; else - ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* will fail with -EINVAL */ + ct->repl.l4dst.icmp.type = 255; /* will fail with -EINVAL */ } static void set_attr_icmp_code(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4dst.icmp.code = *((u_int8_t *) value); - ct->tuple[__DIR_REPL].l4dst.icmp.code = *((u_int8_t *) value); + ct->head.orig.l4dst.icmp.code = *((u_int8_t *) value); + ct->repl.l4dst.icmp.code = *((u_int8_t *) value); } static void set_attr_icmp_id(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l4src.icmp.id = *((u_int16_t *) value); - ct->tuple[__DIR_REPL].l4src.icmp.id = *((u_int16_t *) value); + ct->head.orig.l4src.icmp.id = *((u_int16_t *) value); + ct->repl.l4src.icmp.id = *((u_int16_t *) value); } static void set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].l3protonum = *((u_int8_t *) value); + ct->head.orig.l3protonum = *((u_int8_t *) value); } static void set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].l3protonum = *((u_int8_t *) value); + ct->repl.l3protonum = *((u_int8_t *) value); } static void set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].protonum = *((u_int8_t *) value); + ct->head.orig.protonum = *((u_int8_t *) value); } static void set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].protonum = *((u_int8_t *) value); + ct->repl.protonum = *((u_int8_t *) value); } static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value) @@ -242,72 +242,72 @@ static void set_attr_id(struct nf_conntrack *ct, const void *value) static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value); + ct->master.src.v4 = *((u_int32_t *) value); } static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value); + ct->master.dst.v4 = *((u_int32_t *) value); } static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->master.dst.v6, value, sizeof(u_int32_t)*4); } static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value) { - memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4); + memcpy(&ct->master.src.v6, value, sizeof(u_int32_t)*4); } static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value); + ct->master.l4src.all = *((u_int16_t *) value); } static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value); + ct->master.l4dst.all = *((u_int16_t *) value); } static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value); + ct->master.l3protonum = *((u_int8_t *) value); } static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value); + ct->master.protonum = *((u_int8_t *) value); } static void set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.correction_pos = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].correction_pos = *((u_int32_t *) value); } static void set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.offset_before = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].offset_before = *((u_int32_t *) value); } static void set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_ORIG].natseq.offset_after = *((u_int32_t *) value); + ct->natseq[__DIR_ORIG].offset_after = *((u_int32_t *) value); } static void set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.correction_pos = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].correction_pos = *((u_int32_t *) value); } static void set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.offset_before = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].offset_before = *((u_int32_t *) value); } static void set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value) { - ct->tuple[__DIR_REPL].natseq.offset_after = *((u_int32_t *) value); + ct->natseq[__DIR_REPL].offset_after = *((u_int32_t *) value); } static void set_attr_helper_name(struct nf_conntrack *ct, const void *value) diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c index 158e404..206b9c0 100644 --- a/src/conntrack/snprintf_default.c +++ b/src/conntrack/snprintf_default.c @@ -14,9 +14,9 @@ static int __snprintf_l3protocol(char *buf, const struct nf_conntrack *ct) { return (snprintf(buf, len, "%-8s %u ", - l3proto2str[ct->tuple[__DIR_ORIG].l3protonum] == NULL ? - "unknown" : l3proto2str[ct->tuple[__DIR_ORIG].l3protonum], - ct->tuple[__DIR_ORIG].l3protonum)); + l3proto2str[ct->head.orig.l3protonum] == NULL ? + "unknown" : l3proto2str[ct->head.orig.l3protonum], + ct->head.orig.l3protonum)); } int __snprintf_protocol(char *buf, @@ -24,9 +24,9 @@ int __snprintf_protocol(char *buf, const struct nf_conntrack *ct) { return (snprintf(buf, len, "%-8s %u ", - proto2str[ct->tuple[__DIR_ORIG].protonum] == NULL ? - "unknown" : proto2str[ct->tuple[__DIR_ORIG].protonum], - ct->tuple[__DIR_ORIG].protonum)); + proto2str[ct->head.orig.protonum] == NULL ? + "unknown" : proto2str[ct->head.orig.protonum], + ct->head.orig.protonum)); } static int __snprintf_timeout(char *buf, @@ -314,103 +314,103 @@ int __snprintf_conntrack_default(char *buf, ret = __snprintf_protocol(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_TIMEOUT, ct->set)) { + if (test_bit(ATTR_TIMEOUT, ct->head.set)) { ret = __snprintf_timeout(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set)) { ret = __snprintf_protoinfo(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SCTP_STATE, ct->set)) { + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) { ret = __snprintf_protoinfo_sctp(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_DCCP_STATE, ct->set)) { + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) { ret = __snprintf_protoinfo_dccp(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &ct->head.orig, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_ORIG]); + ret = __snprintf_proto(buf+offset, len, &ct->head.orig); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) { ret = __snprintf_counters(buf+offset, len, ct, __DIR_ORIG); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set)) { + if (test_bit(ATTR_STATUS, ct->head.set)) { ret = __snprintf_status_not_seen_reply(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_REPL], + ret = __snprintf_address(buf+offset, len, &ct->repl, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_REPL]); + ret = __snprintf_proto(buf+offset, len, &ct->repl); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_REPL_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set)) { ret = __snprintf_counters(buf+offset, len, ct, __DIR_REPL); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set)) { + if (test_bit(ATTR_STATUS, ct->head.set)) { ret = __snprintf_status_assured(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_MARK, ct->set)) { + if (test_bit(ATTR_MARK, ct->head.set)) { ret = __snprintf_mark(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECMARK, ct->set)) { + if (test_bit(ATTR_SECMARK, ct->head.set)) { ret = __snprintf_secmark(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECCTX, ct->set)) { + if (test_bit(ATTR_SECCTX, ct->head.set)) { ret = __snprintf_secctx(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ZONE, ct->set)) { + if (test_bit(ATTR_ZONE, ct->head.set)) { ret = __snprintf_zone(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_delta(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } if (flags & NFCT_OF_TIMESTAMP) { - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_start(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_timestamp_stop(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } } - if (test_bit(ATTR_USE, ct->set)) { + if (test_bit(ATTR_USE, ct->head.set)) { ret = __snprintf_use(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->set)) { + if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->head.set)) { ret = __snprintf_id(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c index 72e2787..63c814a 100644 --- a/src/conntrack/snprintf_xml.c +++ b/src/conntrack/snprintf_xml.c @@ -298,8 +298,16 @@ static int __snprintf_tuple_xml(char *buf, { int ret; unsigned int size = 0, offset = 0; - const struct __nfct_tuple *tuple = &ct->tuple[dir]; + const struct __nfct_tuple *tuple = NULL; + switch(dir) { + case __DIR_ORIG: + tuple = &ct->head.orig; + break; + case __DIR_REPL: + tuple = &ct->repl; + break; + } ret = snprintf(buf, len, "", dir == __DIR_ORIG ? "original" : "reply"); BUFFER_SIZE(ret, size, len, offset); @@ -332,8 +340,8 @@ static int __snprintf_tuple_xml(char *buf, ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) && - test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) { + if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) && + test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); @@ -382,24 +390,24 @@ int __snprintf_conntrack_xml(char *buf, ret = __snprintf_tuple_xml(buf+offset, len, ct, __DIR_REPL); BUFFER_SIZE(ret, size, len, offset); - if (test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_TIMEOUT, ct->set) || - test_bit(ATTR_MARK, ct->set) || - test_bit(ATTR_SECMARK, ct->set) || - test_bit(ATTR_ZONE, ct->set) || - test_bit(ATTR_USE, ct->set) || - test_bit(ATTR_STATUS, ct->set) || - test_bit(ATTR_ID, ct->set) || - test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_TIMEOUT, ct->head.set) || + test_bit(ATTR_MARK, ct->head.set) || + test_bit(ATTR_SECMARK, ct->head.set) || + test_bit(ATTR_ZONE, ct->head.set) || + test_bit(ATTR_USE, ct->head.set) || + test_bit(ATTR_STATUS, ct->head.set) || + test_bit(ATTR_ID, ct->head.set) || + test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "%s", ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ? states[ct->protoinfo.tcp.state] : @@ -407,7 +415,7 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SCTP_STATE, ct->set)) { + if (test_bit(ATTR_SCTP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "%s", ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ? states[ct->protoinfo.sctp.state] : @@ -415,7 +423,7 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_DCCP_STATE, ct->set)) { + if (test_bit(ATTR_DCCP_STATE, ct->head.set)) { ret = snprintf(buf+offset, len, "%s", ct->protoinfo.sctp.state < DCCP_CONNTRACK_MAX ? states[ct->protoinfo.dccp.state] : @@ -423,97 +431,97 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMEOUT, ct->set)) { + if (test_bit(ATTR_TIMEOUT, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->timeout); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_MARK, ct->set)) { + if (test_bit(ATTR_MARK, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->mark); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECMARK, ct->set)) { + if (test_bit(ATTR_SECMARK, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->secmark); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_SECCTX, ct->set)) { + if (test_bit(ATTR_SECCTX, ct->head.set)) { ret = snprintf(buf+offset, len, "%s", ct->secctx); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ZONE, ct->set)) { + if (test_bit(ATTR_ZONE, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->zone); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_USE, ct->set)) { + if (test_bit(ATTR_USE, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->use); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_ID, ct->set)) { + if (test_bit(ATTR_ID, ct->head.set)) { ret = snprintf(buf+offset, len, "%u", ct->id); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set) + if (test_bit(ATTR_STATUS, ct->head.set) && ct->status & IPS_ASSURED) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_STATUS, ct->set) + if (test_bit(ATTR_STATUS, ct->head.set) && !(ct->status & IPS_SEEN_REPLY)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } if (flags & NFCT_OF_TIMESTAMP) { - if (test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_timestamp_start(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_timestamp_stop(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } } - if (test_bit(ATTR_TIMESTAMP_START, ct->set) && - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) && + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = __snprintf_deltatime(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); - } else if (test_bit(ATTR_TIMESTAMP_START, ct->set)) { + } else if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) { ret = __snprintf_deltatime_now(buf+offset, len, ct); BUFFER_SIZE(ret, size, len, offset); } - if (test_bit(ATTR_TCP_STATE, ct->set) || - test_bit(ATTR_SCTP_STATE, ct->set) || - test_bit(ATTR_DCCP_STATE, ct->set) || - test_bit(ATTR_TIMEOUT, ct->set) || - test_bit(ATTR_MARK, ct->set) || - test_bit(ATTR_SECMARK, ct->set) || - test_bit(ATTR_ZONE, ct->set) || - test_bit(ATTR_USE, ct->set) || - test_bit(ATTR_STATUS, ct->set) || - test_bit(ATTR_ID, ct->set) || - test_bit(ATTR_TIMESTAMP_START, ct->set) || - test_bit(ATTR_TIMESTAMP_STOP, ct->set)) { + if (test_bit(ATTR_TCP_STATE, ct->head.set) || + test_bit(ATTR_SCTP_STATE, ct->head.set) || + test_bit(ATTR_DCCP_STATE, ct->head.set) || + test_bit(ATTR_TIMEOUT, ct->head.set) || + test_bit(ATTR_MARK, ct->head.set) || + test_bit(ATTR_SECMARK, ct->head.set) || + test_bit(ATTR_ZONE, ct->head.set) || + test_bit(ATTR_USE, ct->head.set) || + test_bit(ATTR_STATUS, ct->head.set) || + test_bit(ATTR_ID, ct->head.set) || + test_bit(ATTR_TIMESTAMP_START, ct->head.set) || + test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) { ret = snprintf(buf+offset, len, ""); BUFFER_SIZE(ret, size, len, offset); } -- cgit v1.2.3