From 10d50dac91b61247f9cdfe687191e1bc959e2d5f Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sat, 15 Dec 2007 17:00:53 +0000 Subject: - add missing getter for TCP flags/mask - add TCP flags/mask attributes if they are set, otherwise skip --- src/conntrack/build.c | 24 +++++++++++++++++------- src/conntrack/getter.c | 24 ++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 4ebc207..169f289 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -97,12 +97,18 @@ void __build_protoinfo(struct nfnlhdr *req, nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, &ct->protoinfo.tcp.state, sizeof(u_int8_t)); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, - &ct->protoinfo.tcp.flags[0], sizeof(u_int16_t)); - nfnl_addattr_l(&req->nlh, size, - CTA_PROTOINFO_TCP_FLAGS_REPLY, - &ct->protoinfo.tcp.flags[1], sizeof(u_int16_t)); + if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, + &ct->protoinfo.tcp.flags[0], + sizeof(u_int16_t)); + if (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && + test_bit(ATTR_TCP_MASK_REPL, ct->set)) + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_REPLY, + &ct->protoinfo.tcp.flags[1], + sizeof(u_int16_t)); nfnl_nest_end(&req->nlh, nest_proto); nfnl_nest_end(&req->nlh, nest); break; @@ -276,7 +282,11 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, if (test_bit(ATTR_MARK, ct->set)) __build_mark(req, size, ct); - if (test_bit(ATTR_TCP_STATE, ct->set)) + if (test_bit(ATTR_TCP_STATE, ct->set) || + (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) && + test_bit(ATTR_TCP_MASK_ORIG, ct->set)) || + (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) && + test_but(ATTR_TCP_MASK_REPL, ct->set))) __build_protoinfo(req, size, ct); if (test_bit(ATTR_SNAT_IPV4, ct->set) && diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c index 40d65a1..cb3718a 100644 --- a/src/conntrack/getter.c +++ b/src/conntrack/getter.c @@ -107,6 +107,26 @@ static const void *get_attr_tcp_state(const struct nf_conntrack *ct) return &ct->protoinfo.tcp.state; } +static const void *get_attr_tcp_flags_orig(const struct nf_conntrack *ct) +{ + return &ct->protoinfo.tcp.flags[__DIR_ORIG].value; +} + +static const void *get_attr_tcp_mask_orig(const struct nf_conntrack *ct) +{ + return &ct->protoinfo.tcp.flags[__DIR_ORIG].mask; +} + +static const void *get_attr_tcp_flags_repl(const struct nf_conntrack *ct) +{ + return &ct->protoinfo.tcp.flags[__DIR_REPL].value; +} + +static const void *get_attr_tcp_mask_repl(const struct nf_conntrack *ct) +{ + return &ct->protoinfo.tcp.flags[__DIR_REPL].mask; +} + static const void *get_attr_snat_ipv4(const struct nf_conntrack *ct) { return &ct->snat.min_ip; @@ -200,4 +220,8 @@ get_attr get_attr_array[] = { [ATTR_REPL_COUNTER_BYTES] = get_attr_repl_counter_bytes, [ATTR_USE] = get_attr_use, [ATTR_STATUS] = get_attr_status, + [ATTR_TCP_FLAGS_ORIG] = get_attr_tcp_flags_orig, + [ATTR_TCP_FLAGS_REPL] = get_attr_tcp_flags_repl, + [ATTR_TCP_MASK_ORIG] = get_attr_tcp_mask_orig, + [ATTR_TCP_MASK_REPL] = get_attr_tcp_mask_repl, }; -- cgit v1.2.3