summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-04-26 16:38:02 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-04-27 15:00:19 +0200
commit096567100178c1f2d49b0d3e7764e665d547c3fa (patch)
tree2f2f60a66d786043041436fbabef605f28e79695
parent3a39278a56d12ad13a41973cd0b50238206f11ef (diff)
conntrack: add new ATTR_GRP_[ORIG|REPL]_ADDR_[SRC|DST] attribute
This allows you to set and to get the address for both IPv4 and IPV6 using the same interface. This can simplify much redundant code that needs to support both protocols. This relies on some fixed layout union: union nfct_attr_grp_addr { u_int32_t ip; u_int32_t ip6[4]; u_int32_t addr[4]; }; But I don't see this library will support anything different from IPv4 and IPv6 as layer 3 protocol. If that happens and some point, we can add some new attribute group and deprecate this one. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h10
-rw-r--r--src/conntrack/grp.c12
-rw-r--r--src/conntrack/grp_getter.c34
-rw-r--r--src/conntrack/grp_setter.c32
4 files changed, 87 insertions, 1 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index a4a60cb..5518418 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -149,6 +149,10 @@ enum nf_conntrack_attr_grp {
ATTR_GRP_MASTER_PORT, /* struct nfct_attr_grp_port */
ATTR_GRP_ORIG_COUNTERS, /* struct nfct_attr_grp_ctrs */
ATTR_GRP_REPL_COUNTERS, /* struct nfct_attr_grp_ctrs */
+ ATTR_GRP_ORIG_ADDR_SRC = 12, /* union nfct_attr_grp_addr */
+ ATTR_GRP_ORIG_ADDR_DST, /* union nfct_attr_grp_addr */
+ ATTR_GRP_REPL_ADDR_SRC, /* union nfct_attr_grp_addr */
+ ATTR_GRP_REPL_ADDR_DST, /* union nfct_attr_grp_addr */
ATTR_GRP_MAX
};
@@ -174,6 +178,12 @@ struct nfct_attr_grp_ctrs {
u_int64_t bytes;
};
+union nfct_attr_grp_addr {
+ u_int32_t ip;
+ u_int32_t ip6[4];
+ u_int32_t addr[4];
+};
+
/* message type */
enum nf_conntrack_msg_type {
NFCT_T_UNKNOWN = 0,
diff --git a/src/conntrack/grp.c b/src/conntrack/grp.c
index 295444d..92a523b 100644
--- a/src/conntrack/grp.c
+++ b/src/conntrack/grp.c
@@ -68,4 +68,16 @@ const uint32_t attr_grp_bitmask[ATTR_GRP_MAX][__NFCT_BITSET] = {
[0] = (1 << (ATTR_REPL_COUNTER_PACKETS)) |
(1 << (ATTR_REPL_COUNTER_BYTES)),
},
+ [ATTR_GRP_ORIG_ADDR_SRC] = {
+ [0] = (1 << ATTR_ORIG_IPV4_SRC) | (1 << ATTR_ORIG_IPV6_SRC),
+ },
+ [ATTR_GRP_ORIG_ADDR_DST] = {
+ [0] = (1 << ATTR_ORIG_IPV4_DST) | (1 << ATTR_ORIG_IPV6_DST),
+ },
+ [ATTR_GRP_REPL_ADDR_SRC] = {
+ [1] = (1 << ATTR_REPL_IPV4_SRC) | (1 << ATTR_REPL_IPV6_SRC),
+ },
+ [ATTR_GRP_REPL_ADDR_DST] = {
+ [1] = (1 << ATTR_REPL_IPV4_DST) | (1 << ATTR_REPL_IPV6_DST),
+ },
};
diff --git a/src/conntrack/grp_getter.c b/src/conntrack/grp_getter.c
index a8d43cf..9770340 100644
--- a/src/conntrack/grp_getter.c
+++ b/src/conntrack/grp_getter.c
@@ -94,6 +94,34 @@ static void get_attr_grp_repl_ctrs(const struct nf_conntrack *ct, void *data)
this->bytes = ct->counters[__DIR_REPL].bytes;
}
+static void
+get_attr_grp_orig_addr_src(const struct nf_conntrack *ct, void *data)
+{
+ union nfct_attr_grp_addr *this = data;
+ memcpy(&this->addr, &ct->head.orig.src, sizeof(ct->head.orig.src));
+}
+
+static void
+get_attr_grp_orig_addr_dst(const struct nf_conntrack *ct, void *data)
+{
+ union nfct_attr_grp_addr *this = data;
+ memcpy(&this->addr, &ct->head.orig.dst, sizeof(ct->head.orig.dst));
+}
+
+static void
+get_attr_grp_repl_addr_src(const struct nf_conntrack *ct, void *data)
+{
+ union nfct_attr_grp_addr *this = data;
+ memcpy(&this->addr, &ct->repl.src, sizeof(ct->repl.src));
+}
+
+static void
+get_attr_grp_repl_addr_dst(const struct nf_conntrack *ct, void *data)
+{
+ union nfct_attr_grp_addr *this = data;
+ memcpy(&this->addr, &ct->repl.dst, sizeof(ct->repl.dst));
+}
+
const get_attr_grp get_attr_grp_array[ATTR_GRP_MAX] = {
[ATTR_GRP_ORIG_IPV4] = get_attr_grp_orig_ipv4,
[ATTR_GRP_REPL_IPV4] = get_attr_grp_repl_ipv4,
@@ -106,5 +134,9 @@ const get_attr_grp get_attr_grp_array[ATTR_GRP_MAX] = {
[ATTR_GRP_MASTER_IPV6] = get_attr_grp_master_ipv6,
[ATTR_GRP_MASTER_PORT] = get_attr_grp_master_port,
[ATTR_GRP_ORIG_COUNTERS] = get_attr_grp_orig_ctrs,
- [ATTR_GRP_REPL_COUNTERS] = get_attr_grp_repl_ctrs
+ [ATTR_GRP_REPL_COUNTERS] = get_attr_grp_repl_ctrs,
+ [ATTR_GRP_ORIG_ADDR_SRC] = get_attr_grp_orig_addr_src,
+ [ATTR_GRP_ORIG_ADDR_DST] = get_attr_grp_orig_addr_dst,
+ [ATTR_GRP_REPL_ADDR_SRC] = get_attr_grp_repl_addr_src,
+ [ATTR_GRP_REPL_ADDR_DST] = get_attr_grp_repl_addr_dst,
};
diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c
index 0492a84..b451eef 100644
--- a/src/conntrack/grp_setter.c
+++ b/src/conntrack/grp_setter.c
@@ -138,6 +138,34 @@ static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value)
ct->master.l4dst.all = this->dport;
}
+static void
+set_attr_grp_orig_addr_src(struct nf_conntrack *ct, const void *value)
+{
+ const union nfct_attr_grp_addr *this = value;
+ memcpy(&ct->head.orig.src, &this->addr, sizeof(&ct->head.orig.src));
+}
+
+static void
+set_attr_grp_orig_addr_dst(struct nf_conntrack *ct, const void *value)
+{
+ const union nfct_attr_grp_addr *this = value;
+ memcpy(&ct->head.orig.dst, &this->addr, sizeof(&ct->head.orig.src));
+}
+
+static void
+set_attr_grp_repl_addr_src(struct nf_conntrack *ct, const void *value)
+{
+ const union nfct_attr_grp_addr *this = value;
+ memcpy(&ct->repl.src, &this->addr, sizeof(&ct->repl.src));
+}
+
+static void
+set_attr_grp_repl_addr_dst(struct nf_conntrack *ct, const void *value)
+{
+ const union nfct_attr_grp_addr *this = value;
+ memcpy(&ct->repl.dst, &this->addr, sizeof(&ct->repl.dst));
+}
+
static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value)
{
}
@@ -155,4 +183,8 @@ const set_attr_grp set_attr_grp_array[ATTR_GRP_MAX] = {
[ATTR_GRP_MASTER_PORT] = set_attr_grp_master_port,
[ATTR_GRP_ORIG_COUNTERS] = set_attr_grp_do_nothing,
[ATTR_GRP_REPL_COUNTERS] = set_attr_grp_do_nothing,
+ [ATTR_GRP_ORIG_ADDR_SRC] = set_attr_grp_orig_addr_src,
+ [ATTR_GRP_ORIG_ADDR_DST] = set_attr_grp_orig_addr_dst,
+ [ATTR_GRP_REPL_ADDR_SRC] = set_attr_grp_repl_addr_src,
+ [ATTR_GRP_REPL_ADDR_DST] = set_attr_grp_repl_addr_dst,
};