From fb17dccd91ba9448c2adaca2dcf0f9d665e1e8a4 Mon Sep 17 00:00:00 2001 From: "Ayuso/emailAddress=pablo@netfilter.org" Date: Fri, 21 Dec 2007 18:35:10 +0000 Subject: o add support for related conntracks (requires Linux kernel >= 2.6.22) o update leftover references to `persistent' and `nack' modes --- src/build.c | 14 ++++++++++++++ src/parse.c | 6 ++++++ src/read_config_yy.y | 20 ++++++++++---------- 3 files changed, 30 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/build.c b/src/build.c index 109b26e..5fdc83f 100644 --- a/src/build.c +++ b/src/build.c @@ -102,6 +102,20 @@ void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query) if (nfct_attr_is_set(ct, ATTR_STATUS)) __build_u32(ct, pld, ATTR_STATUS); + /* setup the master conntrack */ + if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_SRC)) + __build_u32(ct, pld, ATTR_MASTER_IPV4_SRC); + if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_DST)) + __build_u32(ct, pld, ATTR_MASTER_IPV4_DST); + if (nfct_attr_is_set(ct, ATTR_MASTER_L3PROTO)) + __build_u8(ct, pld, ATTR_MASTER_L3PROTO); + if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_SRC)) + __build_u16(ct, pld, ATTR_MASTER_PORT_SRC); + if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST)) + __build_u16(ct, pld, ATTR_MASTER_PORT_DST); + if (nfct_attr_is_set(ct, ATTR_MASTER_L4PROTO)) + __build_u8(ct, pld, ATTR_MASTER_L4PROTO); + /* NAT */ if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) { u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST); diff --git a/src/parse.c b/src/parse.c index 8816e7a..0650995 100644 --- a/src/parse.c +++ b/src/parse.c @@ -56,6 +56,12 @@ parse h[ATTR_MAX] = { [ATTR_MARK] = parse_u32, [ATTR_STATUS] = parse_u32, [ATTR_SECMARK] = parse_u32, + [ATTR_MASTER_IPV4_SRC] = parse_u32, + [ATTR_MASTER_IPV4_DST] = parse_u32, + [ATTR_MASTER_L3PROTO] = parse_u8, + [ATTR_MASTER_PORT_SRC] = parse_u16, + [ATTR_MASTER_PORT_DST] = parse_u16, + [ATTR_MASTER_L4PROTO] = parse_u8 }; void parse_netpld(struct nf_conntrack *ct, struct netpld *pld, int *query) diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 795aae9..6201923 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -362,37 +362,37 @@ sync_line: refreshtime | multicast_line | relax_transitions | delay_destroy_msgs - | sync_mode_persistent - | sync_mode_nack + | sync_mode_alarm + | sync_mode_ftfw | listen_to | state_replication | cache_writethrough ; -sync_mode_persistent: T_SYNC_MODE T_ALARM '{' sync_mode_persistent_list '}' +sync_mode_alarm: T_SYNC_MODE T_ALARM '{' sync_mode_alarm_list '}' { conf.flags |= SYNC_MODE_ALARM; }; -sync_mode_nack: T_SYNC_MODE T_FTFW '{' sync_mode_nack_list '}' +sync_mode_ftfw: T_SYNC_MODE T_FTFW '{' sync_mode_ftfw_list '}' { conf.flags |= SYNC_MODE_FTFW; }; -sync_mode_persistent_list: - | sync_mode_persistent_list sync_mode_persistent_line; +sync_mode_alarm_list: + | sync_mode_alarm_list sync_mode_alarm_line; -sync_mode_persistent_line: refreshtime +sync_mode_alarm_line: refreshtime | expiretime | timeout | relax_transitions | delay_destroy_msgs ; -sync_mode_nack_list: - | sync_mode_nack_list sync_mode_nack_line; +sync_mode_ftfw_list: + | sync_mode_ftfw_list sync_mode_ftfw_line; -sync_mode_nack_line: resend_buffer_size +sync_mode_ftfw_line: resend_buffer_size | timeout | window_size ; -- cgit v1.2.3