diff options
| author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-07-19 18:35:41 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2007-07-19 18:35:41 +0000 |
| commit | 281a74fc8d2a474f35b07e6b9a82ba8e4be3f627 (patch) | |
| tree | 86a8530326e5cad88279d44ace899fa37f330bba | |
| parent | 0b8d66289f7e96c449bb88e7ec20a5860fba18ee (diff) | |
fix NAT in changes committed in r6904
| -rw-r--r-- | src/build.c | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/src/build.c b/src/build.c index b77dbc2..981548e 100644 --- a/src/build.c +++ b/src/build.c @@ -58,20 +58,21 @@ static void __build_u32(const struct nf_conntrack *ct, addattr(pld, attr, &data, sizeof(u_int32_t)); } +static void __nat_build_u32(u_int32_t data, struct netpld *pld, int attr) +{ + data = htonl(data); + addattr(pld, attr, &data, sizeof(u_int32_t)); +} + +static void __nat_build_u16(u_int16_t data, struct netpld *pld, int attr) +{ + data = htons(data); + addattr(pld, attr, &data, sizeof(u_int16_t)); +} + /* XXX: IPv6 and ICMP not supported */ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query) { - /* undo NAT */ - if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) - nfct_setobjopt(ct, NFCT_SOPT_UNDO_SNAT); - if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) - nfct_setobjopt(ct, NFCT_SOPT_UNDO_DNAT); - if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)) - nfct_setobjopt(ct, NFCT_SOPT_UNDO_SPAT); - if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)) - nfct_setobjopt(ct, NFCT_SOPT_UNDO_DPAT); - - /* build message */ if (nfct_attr_is_set(ct, ATTR_IPV4_SRC)) __build_u32(ct, pld, ATTR_IPV4_SRC); if (nfct_attr_is_set(ct, ATTR_IPV4_DST)) @@ -92,14 +93,6 @@ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query) __build_u8(ct, pld, ATTR_TCP_STATE); } } - if (nfct_attr_is_set(ct, ATTR_SNAT_IPV4)) - __build_u32(ct, pld, ATTR_SNAT_IPV4); - if (nfct_attr_is_set(ct, ATTR_DNAT_IPV4)) - __build_u32(ct, pld, ATTR_DNAT_IPV4); - if (nfct_attr_is_set(ct, ATTR_SNAT_PORT)) - __build_u16(ct, pld, ATTR_SNAT_PORT); - if (nfct_attr_is_set(ct, ATTR_DNAT_PORT)) - __build_u16(ct, pld, ATTR_DNAT_PORT); if (nfct_attr_is_set(ct, ATTR_TIMEOUT)) __build_u32(ct, pld, ATTR_TIMEOUT); if (nfct_attr_is_set(ct, ATTR_MARK)) @@ -107,6 +100,24 @@ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query) if (nfct_attr_is_set(ct, ATTR_STATUS)) __build_u32(ct, pld, ATTR_STATUS); + /* NAT */ + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { + u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST); + __nat_build_u32(data, pld, ATTR_SNAT_IPV4); + } + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) { + u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC); + __nat_build_u32(data, pld, ATTR_DNAT_IPV4); + } + if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)) { + u_int16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST); + __nat_build_u16(data, pld, ATTR_SNAT_PORT); + } + if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)) { + u_int16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC); + __nat_build_u16(data, pld, ATTR_DNAT_PORT); + } + pld->query = query; PLD_HOST2NETWORK(pld); |