summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-12-08 18:37:19 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-12-08 18:37:19 +0000
commitd167a7b1f5307c73a39b5a209e0f9bc54cd2d989 (patch)
treeb33f6637cf8ae2981266b4723ee9d60cc4476d7e
parentd6acf4bdeff295896a5a16c6da2e493fccb64ff2 (diff)
Add support for conntrack master setup
-rw-r--r--configure.in2
-rw-r--r--include/internal.h3
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h10
-rw-r--r--include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h1
-rw-r--r--src/conntrack/build.c11
-rw-r--r--src/conntrack/parse.c25
-rw-r--r--src/conntrack/setter.c48
-rw-r--r--utils/Makefile.am7
8 files changed, 103 insertions, 4 deletions
diff --git a/configure.in b/configure.in
index fd06448..27b720c 100644
--- a/configure.in
+++ b/configure.in
@@ -4,7 +4,7 @@ AC_INIT
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.83)
+AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.85)
AC_PROG_CC
AM_PROG_LIBTOOL
diff --git a/include/internal.h b/include/internal.h
index cf2d7a1..1cda181 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -90,7 +90,8 @@ struct __nfct_tuple {
#define __DIR_ORIG 0
#define __DIR_REPL 1
-#define __DIR_MAX __DIR_REPL+1
+#define __DIR_MASTER 2
+#define __DIR_MAX __DIR_MASTER+1
union __nfct_protoinfo {
struct {
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 54c98b3..3b572aa 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -101,7 +101,15 @@ enum nf_conntrack_attr {
ATTR_TCP_FLAGS_ORIG, /* u8 bits */
ATTR_TCP_FLAGS_REPL, /* u8 bits */
ATTR_TCP_MASK_ORIG, /* u8 bits */
- ATTR_TCP_MASK_REPL, /* u8 bits */
+ ATTR_TCP_MASK_REPL = 36, /* u8 bits */
+ ATTR_MASTER_IPV4_SRC, /* u32 bits */
+ ATTR_MASTER_IPV4_DST, /* u32 bits */
+ ATTR_MASTER_IPV6_SRC, /* u128 bits */
+ ATTR_MASTER_IPV6_DST = 40, /* u128 bits */
+ ATTR_MASTER_PORT_SRC, /* u16 bits */
+ ATTR_MASTER_PORT_DST, /* u16 bits */
+ ATTR_MASTER_L3PROTO, /* u8 bits */
+ ATTR_MASTER_L4PROTO = 44, /* u8 bits */
ATTR_MAX
};
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 71baee1..ef9d0a6 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -40,6 +40,7 @@ enum ctattr_type {
CTA_USE,
CTA_ID,
CTA_NAT_DST,
+ CTA_TUPLE_MASTER,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index d66d038..4ebc207 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -251,6 +251,17 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
__build_tuple(req, size, &ct->tuple[__DIR_ORIG], CTA_TUPLE_ORIG);
__build_tuple(req, size, &ct->tuple[__DIR_REPL], CTA_TUPLE_REPLY);
+ if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) ||
+ test_bit(ATTR_MASTER_IPV4_DST, ct->set) ||
+ test_bit(ATTR_MASTER_IPV6_SRC, ct->set) ||
+ test_bit(ATTR_MASTER_IPV6_DST, ct->set) ||
+ test_bit(ATTR_MASTER_PORT_SRC, ct->set) ||
+ test_bit(ATTR_MASTER_PORT_DST, ct->set) ||
+ test_bit(ATTR_MASTER_L3PROTO, ct->set) ||
+ test_bit(ATTR_MASTER_L4PROTO, ct->set))
+ __build_tuple(req, size,
+ &ct->tuple[__DIR_MASTER], CTA_TUPLE_MASTER);
+
if (test_bit(ATTR_STATUS, ct->set))
__build_status(req, size, ct);
else {
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 9fbada4..75c5072 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -25,6 +25,9 @@ static void __parse_ip(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_IPV4_SRC, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_IPV4_SRC, set);
+ break;
}
}
@@ -37,6 +40,9 @@ static void __parse_ip(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_IPV4_DST, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_IPV4_DST, set);
+ break;
}
}
@@ -50,6 +56,9 @@ static void __parse_ip(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_IPV6_SRC, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_IPV6_SRC, set);
+ break;
}
}
@@ -63,6 +72,9 @@ static void __parse_ip(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_IPV6_DST, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_IPV6_DST, set);
+ break;
}
}
}
@@ -85,6 +97,9 @@ static void __parse_proto(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_L4PROTO, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_L4PROTO, set);
+ break;
}
}
@@ -98,6 +113,9 @@ static void __parse_proto(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_PORT_SRC, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_PORT_SRC, set);
+ break;
}
}
@@ -111,6 +129,9 @@ static void __parse_proto(const struct nfattr *attr,
case __DIR_REPL:
set_bit(ATTR_REPL_PORT_DST, set);
break;
+ case __DIR_MASTER:
+ set_bit(ATTR_MASTER_PORT_DST, set);
+ break;
}
}
@@ -279,6 +300,10 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
__parse_tuple(cda[CTA_TUPLE_REPLY-1],
&ct->tuple[__DIR_REPL], __DIR_REPL, ct->set);
+ if (cda[CTA_TUPLE_MASTER-1])
+ __parse_tuple(cda[CTA_TUPLE_MASTER-1],
+ &ct->tuple[__DIR_MASTER], __DIR_MASTER, ct->set);
+
if (cda[CTA_STATUS-1]) {
ct->status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
set_bit(ATTR_STATUS, ct->set);
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index afbf9be..19bec22 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -162,6 +162,46 @@ static void set_attr_status(struct nf_conntrack *ct, const void *value)
ct->status = *((u_int32_t *) value);
}
+static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value);
+}
+
+static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value);
+}
+
+static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value)
+{
+ memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4);
+}
+
+static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value)
+{
+ memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4);
+}
+
+static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value);
+}
+
+static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value);
+}
+
+static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value);
+}
+
+static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value)
+{
+ ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value);
+}
+
set_attr set_attr_array[] = {
[ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst,
@@ -194,4 +234,12 @@ set_attr set_attr_array[] = {
[ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl,
[ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig,
[ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl,
+ [ATTR_MASTER_IPV4_SRC] = set_attr_master_ipv4_src,
+ [ATTR_MASTER_IPV4_DST] = set_attr_master_ipv4_dst,
+ [ATTR_MASTER_IPV6_SRC] = set_attr_master_ipv6_src,
+ [ATTR_MASTER_IPV6_DST] = set_attr_master_ipv6_dst,
+ [ATTR_MASTER_PORT_SRC] = set_attr_master_port_src,
+ [ATTR_MASTER_PORT_DST] = set_attr_master_port_dst,
+ [ATTR_MASTER_L3PROTO] = set_attr_master_l3proto,
+ [ATTR_MASTER_L4PROTO] = set_attr_master_l4proto,
};
diff --git a/utils/Makefile.am b/utils/Makefile.am
index 2081ac8..6a8d280 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -4,7 +4,8 @@ noinst_PROGRAMS = expect_dump expect_create expect_get expect_delete \
expect_flush expect_events \
conntrack_create conntrack_dump conntrack_update \
conntrack_delete conntrack_flush conntrack_create_nat \
- conntrack_get conntrack_events
+ conntrack_get conntrack_events \
+ conntrack_master
conntrack_create_SOURCES = conntrack_create.c
conntrack_create_LDADD = ../src/libnetfilter_conntrack.la
@@ -38,6 +39,10 @@ conntrack_events_SOURCES = conntrack_events.c
conntrack_events_LDADD = ../src/libnetfilter_conntrack.la
conntrack_events_LDFLAGS = -dynamic -ldl
+conntrack_master_SOURCES = conntrack_master.c
+conntrack_master_LDADD = ../src/libnetfilter_conntrack.la
+conntrack_master_LDFLAGS = -dynamic -ldl
+
expect_dump_SOURCES = expect_dump.c
expect_dump_LDADD = ../src/libnetfilter_conntrack.la
expect_dump_LDFLAGS = -dynamic -ldl