diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-30 20:44:25 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-10-30 20:44:25 +0100 |
| commit | 7dd5289076160ee2844978bfd1640ca7aa34f4da (patch) | |
| tree | a91a1c1dcea8238bf01f933352f41526f6581ba0 /include | |
| parent | 215d42fef86577ad74151cda553a20b1bdb58a30 (diff) | |
groups: add attribute group API
This new API allows you to set and get some logical set of
attributes. This is not intended to replace the existing
per-attribute get/set API but to provide more efficient way
to get/set certain attributes. This change includes an example
file (conntrack_grp_create.c) of the use of the attribute group API.
See ATTR_GRP_* for more information on the existing groups.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/bitops.h | 31 | ||||
| -rw-r--r-- | include/internal/extern.h | 4 | ||||
| -rw-r--r-- | include/internal/object.h | 3 | ||||
| -rw-r--r-- | include/internal/types.h | 2 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 56 |
5 files changed, 95 insertions, 1 deletions
diff --git a/include/internal/bitops.h b/include/internal/bitops.h index b1bd848..0c1fde8 100644 --- a/include/internal/bitops.h +++ b/include/internal/bitops.h @@ -24,9 +24,40 @@ static inline void unset_bit_u16(int nr, u_int16_t *addr) addr[nr >> 4] &= ~(1UL << (nr & 15)); } +static inline void +set_bitmask_u32(u_int32_t *buf1, const u_int32_t *buf2, int len) +{ + int i; + + for (i=0; i<len; i++) + buf1[i] |= buf2[i]; +} + +static inline void +unset_bitmask_u32(u_int32_t *buf1, const u_int32_t *buf2, int len) +{ + int i; + + for (i=0; i<len; i++) + buf1[i] &= ~buf2[i]; +} + static inline int test_bit(int nr, const u_int32_t *addr) { return ((1UL << (nr & 31)) & (addr[nr >> 5])) != 0; } +static inline int +test_bitmask_u32(const uint32_t *buf1, const uint32_t *buf2, int len) +{ + int i; + + for (i=0; i<len; i++) { + if ((buf1[i] & buf2[i]) != buf2[i]) { + return 0; + } + } + return 1; +} + #endif diff --git a/include/internal/extern.h b/include/internal/extern.h index a43cde7..d0b079f 100644 --- a/include/internal/extern.h +++ b/include/internal/extern.h @@ -5,8 +5,12 @@ extern set_attr set_attr_array[]; extern get_attr get_attr_array[]; extern copy_attr copy_attr_array[]; extern filter_attr filter_attr_array[]; +extern set_attr_grp set_attr_grp_array[]; +extern get_attr_grp get_attr_grp_array[]; extern set_exp_attr set_exp_attr_array[]; extern get_exp_attr get_exp_attr_array[]; +extern uint32_t attr_grp_bitmask[ATTR_GRP_MAX][__NFCT_BITSET]; + #endif diff --git a/include/internal/object.h b/include/internal/object.h index f68d340..8213f4a 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -146,7 +146,8 @@ struct nf_conntrack { struct __nfct_nat snat; struct __nfct_nat dnat; - u_int32_t set[2]; +#define __NFCT_BITSET 2 + u_int32_t set[__NFCT_BITSET]; }; /* diff --git a/include/internal/types.h b/include/internal/types.h index 790bf7a..433de5b 100644 --- a/include/internal/types.h +++ b/include/internal/types.h @@ -13,6 +13,8 @@ typedef void (*copy_attr)(struct nf_conntrack *d, const struct nf_conntrack *o); typedef void (*filter_attr)(struct nfct_filter *filter, const void *value); typedef int (*getobjopt)(const struct nf_conntrack *ct); typedef void (*setobjopt)(struct nf_conntrack *ct); +typedef void (*set_attr_grp)(struct nf_conntrack *ct, const void *value); +typedef void (*get_attr_grp)(const struct nf_conntrack *ct, void *data); /* * expectation types diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index e66f0f8..2fde9a8 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -124,6 +124,45 @@ enum nf_conntrack_attr { ATTR_MAX }; +/* conntrack attribute groups */ +enum nf_conntrack_attr_grp { + ATTR_GRP_ORIG_IPV4 = 0, /* struct nfct_attr_grp_ipv4 */ + ATTR_GRP_REPL_IPV4, /* struct nfct_attr_grp_ipv4 */ + ATTR_GRP_ORIG_IPV6, /* struct nfct_attr_grp_ipv6 */ + ATTR_GRP_REPL_IPV6, /* struct nfct_attr_grp_ipv6 */ + ATTR_GRP_ORIG_PORT = 4, /* struct nfct_attr_grp_port */ + ATTR_GRP_REPL_PORT, /* struct nfct_attr_grp_port */ + ATTR_GRP_ICMP, /* struct nfct_attr_grp_icmp */ + ATTR_GRP_MASTER_IPV4, /* struct nfct_attr_grp_ipv4 */ + ATTR_GRP_MASTER_IPV6 = 8, /* struct nfct_attr_grp_ipv6 */ + ATTR_GRP_MASTER_PORT, /* struct nfct_attr_grp_port */ + ATTR_GRP_ORIG_COUNTERS, /* struct nfct_attr_grp_ctrs */ + ATTR_GRP_REPL_COUNTERS, /* struct nfct_attr_grp_ctrs */ + ATTR_GRP_MAX +}; + +struct nfct_attr_grp_ipv4 { + u_int32_t src, dst; +}; + +struct nfct_attr_grp_ipv6 { + u_int32_t src[4], dst[4]; +}; + +struct nfct_attr_grp_port { + u_int16_t sport, dport; +}; + +struct nfct_attr_grp_icmp { + u_int16_t id; + u_int8_t code, type; +}; + +struct nfct_attr_grp_ctrs { + u_int64_t packets; + u_int64_t bytes; +}; + /* message type */ enum nf_conntrack_msg_type { NFCT_T_UNKNOWN = 0, @@ -238,6 +277,23 @@ extern int nfct_attr_is_set(const struct nf_conntrack *ct, extern int nfct_attr_unset(struct nf_conntrack *ct, const enum nf_conntrack_attr type); +/* group setter */ +extern void nfct_set_attr_grp(struct nf_conntrack *ct, + const enum nf_conntrack_attr_grp type, + const void *value); +/* group getter */ +extern int nfct_get_attr_grp(const struct nf_conntrack *ct, + const enum nf_conntrack_attr_grp type, + void *data); + +/* group checker */ +extern int nfct_attr_grp_is_set(const struct nf_conntrack *ct, + const enum nf_conntrack_attr_grp type); + +/* unsetter */ +extern int nfct_attr_grp_unset(struct nf_conntrack *ct, + const enum nf_conntrack_attr_grp type); + /* print */ /* output type */ |