From cf7130ab75b3e11142cf1bb749ef97f69a190148 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 3 May 2010 15:44:30 +0200 Subject: ct: add zone support Add Patrick's zone support for libnetfilter_conntrack. Signed-off-by: Pablo Neira Ayuso --- src/conntrack/build.c | 10 ++++++++++ src/conntrack/compare.c | 10 ++++++++++ src/conntrack/copy.c | 7 +++++++ src/conntrack/getter.c | 6 ++++++ src/conntrack/parse.c | 5 +++++ src/conntrack/setter.c | 6 ++++++ src/conntrack/snprintf_default.c | 11 +++++++++++ src/conntrack/snprintf_xml.c | 5 +++++ 8 files changed, 60 insertions(+) (limited to 'src') diff --git a/src/conntrack/build.c b/src/conntrack/build.c index e8bb9ac..043c401 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -365,6 +365,13 @@ static void __build_helper_name(struct nfnlhdr *req, nfnl_nest_end(&req->nlh, nest); } +static void __build_zone(struct nfnlhdr *req, + size_t size, + const struct nf_conntrack *ct) +{ + nfnl_addattr16(&req->nlh, size, CTA_ZONE, htons(ct->zone)); +} + int __build_conntrack(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, @@ -472,5 +479,8 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, if (test_bit(ATTR_HELPER_NAME, ct->set)) __build_helper_name(req, size, ct); + if (test_bit(ATTR_ZONE, ct->set)) + __build_zone(req, size, ct); + return 0; } diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index ba3fdf8..134cefd 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -360,6 +360,14 @@ cmp_dccp_state(const struct nf_conntrack *ct1, return (ct1->protoinfo.dccp.state == ct2->protoinfo.dccp.state); } +static int +cmp_zone(const struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + return (ct1->zone == ct2->zone); +} + static int cmp_meta(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) @@ -378,6 +386,8 @@ static int cmp_meta(const struct nf_conntrack *ct1, return 0; if (!__cmp(ATTR_DCCP_STATE, ct1, ct2, flags, cmp_dccp_state)) return 0; + if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone)) + return 0; return 1; } diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 7f7514d..dc31f07 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -409,6 +409,12 @@ static void copy_attr_helper_name(struct nf_conntrack *dest, dest->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0'; } +static void copy_attr_zone(struct nf_conntrack *dest, + const struct nf_conntrack *orig) +{ + dest->zone = orig->zone; +} + copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst, @@ -471,4 +477,5 @@ copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_DCCP_HANDSHAKE_SEQ] = copy_attr_dccp_handshake_seq, [ATTR_TCP_WSCALE_ORIG] = copy_attr_tcp_wscale_orig, [ATTR_TCP_WSCALE_REPL] = copy_attr_tcp_wscale_repl, + [ATTR_ZONE] = copy_attr_zone, }; diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c index 507a3a2..e288d62 100644 --- a/src/conntrack/getter.c +++ b/src/conntrack/getter.c @@ -312,6 +312,11 @@ static const void *get_attr_dccp_handshake_seq(const struct nf_conntrack *ct) return &ct->protoinfo.dccp.handshake_seq; } +static const void *get_attr_zone(const struct nf_conntrack *ct) +{ + return &ct->zone; +} + get_attr get_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = get_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = get_attr_orig_ipv4_dst, @@ -374,4 +379,5 @@ get_attr get_attr_array[ATTR_MAX] = { [ATTR_DCCP_HANDSHAKE_SEQ] = get_attr_dccp_handshake_seq, [ATTR_TCP_WSCALE_ORIG] = get_attr_tcp_wscale_orig, [ATTR_TCP_WSCALE_REPL] = get_attr_tcp_wscale_repl, + [ATTR_ZONE] = get_attr_zone, }; diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index 60dabe4..b7fe0f6 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -516,4 +516,9 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_HELP-1]) __parse_helper(cda[CTA_HELP-1], ct); + + if (cda[CTA_ZONE-1]) { + ct->zone = ntohs(*(u_int16_t *)NFA_DATA(cda[CTA_ZONE-1])); + set_bit(ATTR_ZONE, ct->set); + } } diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index dd87860..5554e1d 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -330,6 +330,11 @@ set_attr_dccp_handshake_seq(struct nf_conntrack *ct, const void *value) ct->protoinfo.dccp.handshake_seq = *((u_int64_t *) value); } +static void set_attr_zone(struct nf_conntrack *ct, const void *value) +{ + ct->zone = *((u_int16_t *) value); +} + static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {} set_attr set_attr_array[ATTR_MAX] = { @@ -392,4 +397,5 @@ set_attr set_attr_array[ATTR_MAX] = { [ATTR_DCCP_STATE] = set_attr_dccp_state, [ATTR_DCCP_ROLE] = set_attr_dccp_role, [ATTR_DCCP_HANDSHAKE_SEQ] = set_attr_dccp_handshake_seq, + [ATTR_ZONE] = set_attr_zone, }; diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c index c89cce5..ce5a477 100644 --- a/src/conntrack/snprintf_default.c +++ b/src/conntrack/snprintf_default.c @@ -219,6 +219,12 @@ __snprintf_id(char *buf, unsigned int len, const struct nf_conntrack *ct) return (snprintf(buf, len, "id=%u ", ct->id)); } +static int +__snprintf_zone(char *buf, unsigned int len, const struct nf_conntrack *ct) +{ + return (snprintf(buf, len, "zone=%u ", ct->zone)); +} + int __snprintf_conntrack_default(char *buf, unsigned int len, const struct nf_conntrack *ct, @@ -325,6 +331,11 @@ int __snprintf_conntrack_default(char *buf, BUFFER_SIZE(ret, size, len, offset); } + if (test_bit(ATTR_ZONE, ct->set)) { + ret = __snprintf_zone(buf+offset, len, ct); + BUFFER_SIZE(ret, size, len, offset); + } + /* Delete the last blank space */ size--; diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c index aa9a9ec..a518617 100644 --- a/src/conntrack/snprintf_xml.c +++ b/src/conntrack/snprintf_xml.c @@ -342,6 +342,11 @@ int __snprintf_conntrack_xml(char *buf, BUFFER_SIZE(ret, size, len, offset); } + if (test_bit(ATTR_ZONE, ct->set)) { + ret = snprintf(buf+offset, len, "%u", ct->zone); + BUFFER_SIZE(ret, size, len, offset); + } + if (test_bit(ATTR_USE, ct->set)) { ret = snprintf(buf+offset, len, "%u", ct->use); BUFFER_SIZE(ret, size, len, offset); -- cgit v1.2.3