diff options
| author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-02-09 20:07:36 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-02-09 20:07:36 +0000 |
| commit | 7784ef33db4361269afe9b302fa9dbb4a65aaf35 (patch) | |
| tree | ab49008b2ece72bf0b9bb122b3d40bfc17119855 | |
| parent | 2da4ea01c1913622669e6f638f06483c257797f7 (diff) | |
o add IPv6 information to synchronization messages
o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25)
o remove TODO file from release tarballs
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | configure.in | 2 | ||||
| -rw-r--r-- | src/build.c | 18 | ||||
| -rw-r--r-- | src/parse.c | 19 |
6 files changed, 36 insertions, 9 deletions
@@ -45,6 +45,8 @@ o constify queue_iterate() o use list_del_init() and list_empty() to check if a node is in the list o remove unix socket file on exit o use umask() to set up file permissions +o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25) +o remove TODO file from release tarballs Max Kellermann <max@duempel.org>: diff --git a/Makefile.am b/Makefile.am index 0cd321b..f9fba72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ include Make_global.am AUTOMAKE_OPTIONS = foreign dist-bzip2 1.6 man_MANS = conntrack.8 conntrackd.8 -EXTRA_DIST = $(man_MANS) Make_global.am ChangeLog TODO doc +EXTRA_DIST = $(man_MANS) Make_global.am ChangeLog doc SUBDIRS = extensions src DIST_SUBDIRS = include src extensions @@ -20,7 +20,7 @@ by dificulty levels: [ ] study better keepalived transitions [X] fix ipv6 support [X] add support setup related conntracks - [ ] NAT sequence adjustment support + [X] NAT sequence adjustment support = Open issues that won't be ever resolved = * unsupported stateful iptables matches: diff --git a/configure.in b/configure.in index 6a9d882..920f42f 100644 --- a/configure.in +++ b/configure.in @@ -18,7 +18,7 @@ esac dnl Dependencies LIBNFNETLINK_REQUIRED=0.0.32 -LIBNETFILTER_CONNTRACK_REQUIRED=0.0.88 +LIBNETFILTER_CONNTRACK_REQUIRED=0.0.89 PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,, AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED)) diff --git a/src/build.c b/src/build.c index 3de1c25..d6c8837 100644 --- a/src/build.c +++ b/src/build.c @@ -58,6 +58,14 @@ static void __build_u32(const struct nf_conntrack *ct, addattr(pld, attr, &data, sizeof(uint32_t)); } +static void __build_pointer_be(const struct nf_conntrack *ct, + struct netpld *pld, + int attr, + size_t size) +{ + addattr(pld, attr, nfct_get_attr(ct, attr), size); +} + static void __nat_build_u32(uint32_t data, struct netpld *pld, int attr) { data = htonl(data); @@ -70,13 +78,17 @@ static void __nat_build_u16(uint16_t data, struct netpld *pld, int attr) addattr(pld, attr, &data, sizeof(uint16_t)); } -/* XXX: IPv6 and ICMP not supported */ +/* XXX: ICMP not supported */ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query) { if (nfct_attr_is_set(ct, ATTR_IPV4_SRC)) - __build_u32(ct, pld, ATTR_IPV4_SRC); + __build_pointer_be(ct, pld, ATTR_IPV4_SRC, sizeof(uint32_t)); if (nfct_attr_is_set(ct, ATTR_IPV4_DST)) - __build_u32(ct, pld, ATTR_IPV4_DST); + __build_pointer_be(ct, pld, ATTR_IPV4_DST, sizeof(uint32_t)); + if (nfct_attr_is_set(ct, ATTR_IPV6_SRC)) + __build_pointer_be(ct, pld, ATTR_IPV6_SRC, sizeof(uint32_t)*4); + if (nfct_attr_is_set(ct, ATTR_IPV6_DST)) + __build_pointer_be(ct, pld, ATTR_IPV6_DST, sizeof(uint32_t)*4); if (nfct_attr_is_set(ct, ATTR_L3PROTO)) __build_u8(ct, pld, ATTR_L3PROTO); if (nfct_attr_is_set(ct, ATTR_PORT_SRC)) diff --git a/src/parse.c b/src/parse.c index 5bc71ef..8ef2e8d 100644 --- a/src/parse.c +++ b/src/parse.c @@ -38,11 +38,18 @@ static void parse_u32(struct nf_conntrack *ct, int attr, void *data) nfct_set_attr_u32(ct, attr, ntohl(*value)); } +static void parse_pointer_be(struct nf_conntrack *ct, int attr, void *data) +{ + nfct_set_attr(ct, attr, data); +} + typedef void (*parse)(struct nf_conntrack *ct, int attr, void *data); static parse h[ATTR_MAX] = { - [ATTR_IPV4_SRC] = parse_u32, - [ATTR_IPV4_DST] = parse_u32, + [ATTR_IPV4_SRC] = parse_pointer_be, + [ATTR_IPV4_DST] = parse_pointer_be, + [ATTR_IPV6_SRC] = parse_pointer_be, + [ATTR_IPV6_DST] = parse_pointer_be, [ATTR_L3PROTO] = parse_u8, [ATTR_PORT_SRC] = parse_u16, [ATTR_PORT_DST] = parse_u16, @@ -61,7 +68,13 @@ static parse h[ATTR_MAX] = { [ATTR_MASTER_L3PROTO] = parse_u8, [ATTR_MASTER_PORT_SRC] = parse_u16, [ATTR_MASTER_PORT_DST] = parse_u16, - [ATTR_MASTER_L4PROTO] = parse_u8 + [ATTR_MASTER_L4PROTO] = parse_u8, + [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = parse_u32, + [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = parse_u32, + [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = parse_u32, + [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = parse_u32, + [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = parse_u32, + [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = parse_u32, }; void parse_netpld(struct nf_conntrack *ct, struct netpld *pld, int *query) |