summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-02-06 22:51:32 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-02-06 23:44:06 +0100
commit678ec919ffe3072468cb56de6eabf8cb8f7e9bdb (patch)
tree181dac32a7f2ddb19e47fe848c7247f9a5a9c61c
parentc9983354fa65c835643f85567f57cc8e9992cd29 (diff)
expect: add expectfn support
This patch allows you to set expectfn. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--include/internal/object.h3
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h1
-rw-r--r--include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h1
-rw-r--r--src/expect/build.c9
-rw-r--r--src/expect/getter.c6
-rw-r--r--src/expect/parse.c5
-rw-r--r--src/expect/setter.c7
7 files changed, 32 insertions, 0 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 2bba5f7..94433bf 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -264,6 +264,8 @@ struct nfct_filter {
* expectation object
*/
+#define __NFCT_EXPECTFN_MAX 24 /* maximum symbol length. */
+
struct nf_expect {
struct nfct_tuple_head master;
struct nfct_tuple_head expected;
@@ -277,6 +279,7 @@ struct nf_expect {
u_int32_t class;
char helper_name[NFCT_HELPER_NAME_MAX];
u_int32_t nat_dir;
+ char expectfn[__NFCT_EXPECTFN_MAX];
u_int32_t set[1];
};
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 28656ec..538dc2d 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -513,6 +513,7 @@ enum nf_expect_attr {
ATTR_EXP_CLASS, /* u32 bits */
ATTR_EXP_NAT_TUPLE, /* pointer to conntrack object */
ATTR_EXP_NAT_DIR, /* u8 bits */
+ ATTR_EXP_FN, /* string */
ATTR_EXP_MAX
};
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 3faf04f..2175799 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -178,6 +178,7 @@ enum ctattr_expect {
CTA_EXPECT_FLAGS,
CTA_EXPECT_CLASS,
CTA_EXPECT_NAT,
+ CTA_EXPECT_FN,
__CTA_EXPECT_MAX
};
#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
diff --git a/src/expect/build.c b/src/expect/build.c
index 8cf2edd..a544ded 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -42,6 +42,13 @@ static void __build_helper_name(struct nfnlhdr *req, size_t size,
exp->helper_name, strlen(exp->helper_name));
}
+static void __build_expectfn(struct nfnlhdr *req,
+ size_t size, const struct nf_expect *exp)
+{
+ nfnl_addattr_l(&req->nlh, size, CTA_EXPECT_FN,
+ exp->expectfn, strlen(exp->expectfn)+1);
+}
+
int __build_expect(struct nfnl_subsys_handle *ssh,
struct nfnlhdr *req,
size_t size,
@@ -95,6 +102,8 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
__build_class(req, size, exp);
if (test_bit(ATTR_EXP_HELPER_NAME, exp->set))
__build_helper_name(req, size, exp);
+ if (test_bit(ATTR_EXP_FN, exp->set))
+ __build_expectfn(req, size, exp);
return 0;
}
diff --git a/src/expect/getter.c b/src/expect/getter.c
index 937e793..47087a7 100644
--- a/src/expect/getter.c
+++ b/src/expect/getter.c
@@ -59,6 +59,11 @@ static const void *get_exp_attr_nat_tuple(const struct nf_expect *exp)
return &exp->nat;
}
+static const void *get_exp_attr_expectfn(const struct nf_expect *exp)
+{
+ return exp->expectfn;
+}
+
const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_MASTER] = get_exp_attr_master,
[ATTR_EXP_EXPECTED] = get_exp_attr_expected,
@@ -70,4 +75,5 @@ const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_CLASS] = get_exp_attr_class,
[ATTR_EXP_NAT_TUPLE] = get_exp_attr_nat_tuple,
[ATTR_EXP_NAT_DIR] = get_exp_attr_nat_dir,
+ [ATTR_EXP_FN] = get_exp_attr_expectfn,
};
diff --git a/src/expect/parse.c b/src/expect/parse.c
index 5796072..c29a110 100644
--- a/src/expect/parse.c
+++ b/src/expect/parse.c
@@ -109,4 +109,9 @@ void __parse_expect(const struct nlmsghdr *nlh,
set_bit(ATTR_EXP_NAT_DIR, exp->set);
}
}
+ if (cda[CTA_EXPECT_FN-1]) {
+ strcpy(exp->expectfn, NFA_DATA(cda[CTA_EXPECT_FN-1]));
+ exp->expectfn[__NFCT_EXPECTFN_MAX-1] = '\0';
+ set_bit(ATTR_EXP_FN, exp->set);
+ }
}
diff --git a/src/expect/setter.c b/src/expect/setter.c
index 47843f8..2cf29c2 100644
--- a/src/expect/setter.c
+++ b/src/expect/setter.c
@@ -60,6 +60,12 @@ static void set_exp_attr_nat_tuple(struct nf_expect *exp, const void *value)
exp->nat = *((struct nfct_tuple_head *) value);
}
+static void set_exp_attr_expectfn(struct nf_expect *exp, const void *value)
+{
+ strncpy(exp->expectfn, value, __NFCT_EXPECTFN_MAX);
+ exp->expectfn[__NFCT_EXPECTFN_MAX-1] = '\0';
+}
+
const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_MASTER] = set_exp_attr_master,
[ATTR_EXP_EXPECTED] = set_exp_attr_expected,
@@ -71,4 +77,5 @@ const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
[ATTR_EXP_CLASS] = set_exp_attr_class,
[ATTR_EXP_NAT_TUPLE] = set_exp_attr_nat_tuple,
[ATTR_EXP_NAT_DIR] = set_exp_attr_nat_dir,
+ [ATTR_EXP_FN] = set_exp_attr_expectfn,
};