diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-14 15:14:48 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-24 21:39:44 +0100 |
commit | 89f0ea845ef570e3e9c5eb35236c85d54f4dcd52 (patch) | |
tree | 79533dbd5e2e4a908e813cb4679cce4c0facb2ed /src | |
parent | 3feed855a6b7c9b7d5d27231b4dd3c997eebb1ac (diff) |
src: synproxy support
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/build.c | 16 | ||||
-rw-r--r-- | src/parse.c | 14 |
2 files changed, 30 insertions, 0 deletions
diff --git a/src/build.c b/src/build.c index 5403300..99ff230 100644 --- a/src/build.c +++ b/src/build.c @@ -107,6 +107,17 @@ ct_build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n) addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj)); } +static inline void +ct_build_synproxy(const struct nf_conntrack *ct, struct nethdr *n) +{ + struct nta_attr_synproxy data = { + .isn = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_ISN)), + .its = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_ITS)), + .tsoff = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_TSOFF)), + }; + addattr(n, NTA_SYNPROXY, &data, sizeof(struct nta_attr_synproxy)); +} + static enum nf_conntrack_attr nat_type[] = { ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS, @@ -299,6 +310,11 @@ void ct2msg(const struct nf_conntrack *ct, struct nethdr *n) if (nfct_attr_is_set(ct, ATTR_CONNLABELS)) ct_build_clabel(ct, n); + + if (nfct_attr_is_set(ct, ATTR_SYNPROXY_ISN) && + nfct_attr_is_set(ct, ATTR_SYNPROXY_ITS) && + nfct_attr_is_set(ct, ATTR_SYNPROXY_TSOFF)) + ct_build_synproxy(ct, n); } static void diff --git a/src/parse.c b/src/parse.c index d5d9b59..7e524ed 100644 --- a/src/parse.c +++ b/src/parse.c @@ -34,6 +34,7 @@ static void ct_parse_str(struct nf_conntrack *ct, const struct netattr *, void *data); static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_synproxy(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_clabel(struct nf_conntrack *ct, const struct netattr *, void *data); @@ -200,6 +201,10 @@ static struct ct_parser h[NTA_MAX] = { .attr = ATTR_DNAT_IPV6, .size = NTA_SIZE(sizeof(uint32_t) * 4), }, + [NTA_SYNPROXY] = { + .parse = ct_parse_synproxy, + .size = NTA_SIZE(sizeof(struct nta_attr_synproxy)), + }, }; static void @@ -297,6 +302,15 @@ ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data) ntohl(this->repl_seq_offset_after)); } +static void ct_parse_synproxy(struct nf_conntrack *ct, int attr, void *data) +{ + struct nta_attr_synproxy *this = data; + + nfct_set_attr_u32(ct, ATTR_SYNPROXY_ISN, ntohl(this->isn)); + nfct_set_attr_u32(ct, ATTR_SYNPROXY_ITS, ntohl(this->its)); + nfct_set_attr_u32(ct, ATTR_SYNPROXY_TSOFF, ntohl(this->tsoff)); +} + int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain) { int len; |