summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-12-17 00:55:40 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-12-17 00:55:40 +0000
commit8b14339d6d26c5ff0ab176edba9bcfb0fa7526e1 (patch)
tree37e4420a8f1c5c0d4240cc97a6286839228f341b
parent10d50dac91b61247f9cdfe687191e1bc959e2d5f (diff)
- add support for secmark
- fix typo s/test_but/test_bit/
-rw-r--r--configure.in2
-rw-r--r--include/internal.h1
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h1
-rw-r--r--include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h11
-rw-r--r--src/conntrack/build.c12
-rw-r--r--src/conntrack/parse.c5
-rw-r--r--src/conntrack/snprintf_default.c12
-rw-r--r--src/conntrack/snprintf_xml.c7
8 files changed, 49 insertions, 2 deletions
diff --git a/configure.in b/configure.in
index 27b720c..cb865d7 100644
--- a/configure.in
+++ b/configure.in
@@ -4,7 +4,7 @@ AC_INIT
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.85)
+AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.86)
AC_PROG_CC
AM_PROG_LIBTOOL
diff --git a/include/internal.h b/include/internal.h
index 0e7d9ae..dea49e3 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -118,6 +118,7 @@ struct nf_conntrack {
u_int32_t timeout;
u_int32_t mark;
+ u_int32_t secmark;
u_int32_t status;
u_int32_t use;
u_int32_t id;
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 3b572aa..b977082 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -110,6 +110,7 @@ enum nf_conntrack_attr {
ATTR_MASTER_PORT_DST, /* u16 bits */
ATTR_MASTER_L3PROTO, /* u8 bits */
ATTR_MASTER_L4PROTO = 44, /* u8 bits */
+ ATTR_SECMARK, /* u32 bits */
ATTR_MAX
};
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index ef9d0a6..7f0fe96 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -41,6 +41,9 @@ enum ctattr_type {
CTA_ID,
CTA_NAT_DST,
CTA_TUPLE_MASTER,
+ CTA_NAT_SEQ_ADJ_ORIG,
+ CTA_NAT_SEQ_ADJ_REPLY,
+ CTA_SECMARK,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)
@@ -123,6 +126,14 @@ enum ctattr_protonat {
};
#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
+enum ctattr_natseq {
+ CTA_NAT_SEQ_CORRECTION_POS,
+ CTA_NAT_SEQ_OFFSET_BEFORE,
+ CTA_NAT_SEQ_OFFSET_AFTER,
+ __CTA_NAT_SEQ_MAX
+};
+#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
+
enum ctattr_expect {
CTA_EXPECT_UNSPEC,
CTA_EXPECT_MASTER,
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 169f289..f5e7353 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -236,6 +236,13 @@ void __build_mark(struct nfnlhdr *req,
nfnl_addattr32(&req->nlh, size, CTA_MARK, htonl(ct->mark));
}
+void __build_secmark(struct nfnlhdr *req,
+ size_t size,
+ const struct nf_conntrack *ct)
+{
+ nfnl_addattr32(&req->nlh, size, CTA_SECMARK, htonl(ct->secmark));
+}
+
int __build_conntrack(struct nfnl_subsys_handle *ssh,
struct nfnlhdr *req,
size_t size,
@@ -282,11 +289,14 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
if (test_bit(ATTR_MARK, ct->set))
__build_mark(req, size, ct);
+ if (test_bit(ATTR_SECMARK, ct->set))
+ __build_secmark(req, size, ct);
+
if (test_bit(ATTR_TCP_STATE, ct->set) ||
(test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
(test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
- test_but(ATTR_TCP_MASK_REPL, ct->set)))
+ test_bit(ATTR_TCP_MASK_REPL, ct->set)))
__build_protoinfo(req, size, ct);
if (test_bit(ATTR_SNAT_IPV4, ct->set) &&
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 75c5072..d5482cc 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -322,6 +322,11 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
set_bit(ATTR_MARK, ct->set);
}
+ if (cda[CTA_SECMARK-1]) {
+ ct->secmark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+ set_bit(ATTR_SECMARK, ct->set);
+ }
+
if (cda[CTA_COUNTERS_ORIG-1])
__parse_counters(cda[CTA_COUNTERS_ORIG-1], ct, __DIR_ORIG);
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 996fe1a..04c2af3 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -194,6 +194,13 @@ int __snprintf_mark(char *buf, unsigned int len, const struct nf_conntrack *ct)
return (snprintf(buf, len, "mark=%u ", ct->mark));
}
+int __snprintf_secmark(char *buf,
+ unsigned int len,
+ const struct nf_conntrack *ct)
+{
+ return (snprintf(buf, len, "secmark=%u ", ct->secmark));
+}
+
int __snprintf_use(char *buf, unsigned int len, const struct nf_conntrack *ct)
{
return (snprintf(buf, len, "use=%u ", ct->use));
@@ -285,6 +292,11 @@ int __snprintf_conntrack_default(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
+ if (test_bit(ATTR_SECMARK, ct->set)) {
+ ret = __snprintf_secmark(buf+offset, len, ct);
+ BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (test_bit(ATTR_USE, ct->set)) {
ret = __snprintf_use(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c
index 56b2016..5f5b6bb 100644
--- a/src/conntrack/snprintf_xml.c
+++ b/src/conntrack/snprintf_xml.c
@@ -45,6 +45,7 @@
* </layer4>
* <timeout>100</timeout>
* <mark>1</mark>
+ * <secmark>0</secmark>
* <use>1</use>
* <assured/>
* </meta>
@@ -307,6 +308,12 @@ int __snprintf_conntrack_xml(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
+ if (test_bit(ATTR_SECMARK, ct->set)) {
+ ret = snprintf(buf+offset, len,
+ "<secmark>%u</secmark>", ct->secmark);
+ BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (test_bit(ATTR_USE, ct->set)) {
ret = snprintf(buf+offset, len, "<use>%u</use>", ct->use);
BUFFER_SIZE(ret, size, len, offset);