From 400ae54438c4b85126f9fab0ae1dc067823b70f7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 18 Apr 2009 19:36:38 +0200
Subject: sync: add support for SCTP state replication

This patch adds initial support for SCTP state replication.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/sync/alarm/conntrackd.conf   |  1 +
 doc/sync/ftfw/conntrackd.conf    |  1 +
 doc/sync/notrack/conntrackd.conf |  1 +
 include/network.h                |  8 +++++++-
 src/build.c                      | 16 +++++++++++++++-
 src/parse.c                      | 16 +++++++++++++++-
 6 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 793e953..4607ad1 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -323,6 +323,7 @@ General {
 		#
 		Protocol Accept {
 			TCP
+			SCTP
 		}
 
 		#
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 6eb4475..3135c6c 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -332,6 +332,7 @@ General {
 		#
 		Protocol Accept {
 			TCP
+			SCTP
 		}
 
 		#
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index e2085f7..ff8a8a2 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -313,6 +313,7 @@ General {
 		#
 		Protocol Accept {
 			TCP
+			SCTP
 		}
 
 		#
diff --git a/include/network.h b/include/network.h
index b182339..06c0463 100644
--- a/include/network.h
+++ b/include/network.h
@@ -199,7 +199,7 @@ enum nta_attr {
 	NTA_IPV6,		/* struct nfct_attr_grp_ipv6 */
 	NTA_L4PROTO,		/* uint8_t */
 	NTA_PORT,		/* struct nfct_attr_grp_port */
-	NTA_STATE = 4,		/* uint8_t */
+	NTA_STATE_TCP = 4,	/* uint8_t */
 	NTA_STATUS,		/* uint32_t */
 	NTA_TIMEOUT,		/* uint32_t */
 	NTA_MARK,		/* uint32_t */
@@ -212,6 +212,7 @@ enum nta_attr {
 	NTA_SPAT_PORT,		/* uint16_t */
 	NTA_DPAT_PORT,		/* uint16_t */
 	NTA_NAT_SEQ_ADJ = 16,	/* struct nta_attr_natseqadj */
+	NTA_STATE_SCTP,		/* struct nta_attr_sctp */
 	NTA_MAX
 };
 
@@ -224,6 +225,11 @@ struct nta_attr_natseqadj {
 	uint32_t repl_seq_offset_after;
 };
 
+struct nta_attr_sctp {
+	uint8_t state;
+	uint32_t vtag_orig, vtag_repl;
+};
+
 void build_payload(const struct nf_conntrack *ct, struct nethdr *n);
 
 int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
diff --git a/src/build.c b/src/build.c
index 63a85db..6b0fad7 100644
--- a/src/build.c
+++ b/src/build.c
@@ -92,6 +92,17 @@ __build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n)
 	addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj));
 }
 
+static inline void 
+__build_sctp(const struct nf_conntrack *ct, struct nethdr *n)
+{
+	struct nta_attr_sctp data = {
+		.state = nfct_get_attr_u8(ct, ATTR_SCTP_STATE),
+		.vtag_orig = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_ORIG)),
+		.vtag_repl = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_REPL)),
+	};
+	addattr(n, NTA_STATE_SCTP, &data, sizeof(struct nta_attr_sctp));
+}
+
 static enum nf_conntrack_attr nat_type[] =
 	{ ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE,
 	  ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS,
@@ -117,7 +128,10 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
 	__build_u32(ct, ATTR_STATUS, n, NTA_STATUS); 
 
 	if (nfct_attr_is_set(ct, ATTR_TCP_STATE))
-		__build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE);
+		__build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE_TCP);
+	else if (nfct_attr_is_set(ct, ATTR_SCTP_STATE))
+		__build_sctp(ct, n);
+
 	if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT))
 		__build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT);
 	if (nfct_attr_is_set(ct, ATTR_MARK))
diff --git a/src/parse.c b/src/parse.c
index 76287fd..d14910a 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -29,6 +29,7 @@ static void parse_u16(struct nf_conntrack *ct, int attr, void *data);
 static void parse_u32(struct nf_conntrack *ct, int attr, void *data);
 static void parse_group(struct nf_conntrack *ct, int attr, void *data);
 static void parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data);
+static void parse_sctp(struct nf_conntrack *ct, int attr, void *data);
 
 struct parser {
 	void 	(*parse)(struct nf_conntrack *ct, int attr, void *data);
@@ -57,7 +58,7 @@ static struct parser h[NTA_MAX] = {
 		.attr	= ATTR_L4PROTO,
 		.size	= NTA_SIZE(sizeof(uint8_t)),
 	},
-	[NTA_STATE] = {
+	[NTA_STATE_TCP] = {
 		.parse	= parse_u8,
 		.attr	= ATTR_TCP_STATE,
 		.size	= NTA_SIZE(sizeof(uint8_t)),
@@ -121,6 +122,10 @@ static struct parser h[NTA_MAX] = {
 		.parse	= parse_nat_seq_adj,
 		.size	= NTA_SIZE(sizeof(struct nta_attr_natseqadj)),
 	},
+	[NTA_STATE_SCTP] = {
+		.parse	= parse_sctp,
+		.size	= NTA_SIZE(sizeof(struct nta_attr_sctp)),
+	},
 };
 
 static void
@@ -168,6 +173,15 @@ parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data)
 			  ntohl(this->orig_seq_correction_pos));
 }
 
+static void
+parse_sctp(struct nf_conntrack *ct, int attr, void *data)
+{
+	struct nta_attr_sctp *this = data;
+	nfct_set_attr_u8(ct, ATTR_SCTP_STATE, this->state);
+	nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_ORIG, ntohl(this->vtag_orig));
+	nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_REPL, ntohl(this->vtag_repl));
+}
+
 int parse_payload(struct nf_conntrack *ct, struct nethdr *net, size_t remain)
 {
 	int len;
-- 
cgit v1.2.3