diff options
author | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-13 00:38:09 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org> | 2008-04-13 00:38:09 +0000 |
commit | c3704c0e73d0dda9d9d5919af22831a439fbc611 (patch) | |
tree | 85dd4d2f6e0308a196b097273d6e28cfe038d792 /src/conntrack/copy.c | |
parent | 721a93769a15c0f579a389ad58d82d14d13f7f93 (diff) |
- add nfct_cmp (replacement for nfct_compare a bit more flexible)
- add nfct_copy
- conditional build of original and reply tuples
- fix secmark parsing
Diffstat (limited to 'src/conntrack/copy.c')
-rw-r--r-- | src/conntrack/copy.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c new file mode 100644 index 0000000..e03abc8 --- /dev/null +++ b/src/conntrack/copy.c @@ -0,0 +1,57 @@ +/* + * (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This software may be used and distributed according to the terms + * of the GNU General Public License, incorporated herein by reference. + */ + +#include "internal.h" + +#define TS_ORIG \ +({ \ + ((1 << ATTR_ORIG_IPV4_SRC) | (1 << ATTR_ORIG_IPV4_DST) | \ + (1 << ATTR_ORIG_IPV6_SRC) | (1 << ATTR_ORIG_IPV6_DST) | \ + (1 << ATTR_ORIG_PORT_SRC) | (1 << ATTR_ORIG_PORT_DST) | \ + (1 << ATTR_ORIG_L3PROTO) | (1 << ATTR_ORIG_L4PROTO) | \ + (1 << ATTR_ICMP_TYPE) | (1 << ATTR_ICMP_CODE) | \ + (1 << ATTR_ICMP_ID)); \ +}) + +#define TS_REPL \ +({ \ + ((1 << ATTR_REPL_IPV4_SRC) | (1 << ATTR_REPL_IPV4_DST) | \ + (1 << ATTR_REPL_IPV6_SRC) | (1 << ATTR_REPL_IPV6_DST) | \ + (1 << ATTR_REPL_PORT_SRC) | (1 << ATTR_REPL_PORT_DST) | \ + (1 << ATTR_REPL_L3PROTO) | (1 << ATTR_REPL_L4PROTO) | \ + (1 << ATTR_ICMP_TYPE) | (1 << ATTR_ICMP_CODE) | \ + (1 << ATTR_ICMP_ID)); \ +}) + +#define TUPLE_SET(dir) (dir == __DIR_ORIG ? TS_ORIG : TS_REPL) + +void __copy_tuple(struct nf_conntrack *ct2, + const struct nf_conntrack *ct1, + int dir) +{ + memcpy(&ct2->tuple[dir].src, + &ct1->tuple[dir].src, + sizeof(union __nfct_address)); + + memcpy(&ct2->tuple[dir].dst, + &ct1->tuple[dir].dst, + sizeof(union __nfct_address)); + + ct2->tuple[dir].l3protonum = ct1->tuple[dir].l3protonum; + ct2->tuple[dir].protonum = ct1->tuple[dir].protonum; + + memcpy(&ct2->tuple[dir].l4src, + &ct1->tuple[dir].l4src, + sizeof(union __nfct_l4)); + + memcpy(&ct2->tuple[dir].l4dst, + &ct1->tuple[dir].l4dst, + sizeof(union __nfct_l4)); + + /* XXX: this is safe but better convert bitset to uint64_t */ + ct2->set[0] |= ct1->set[0] & TUPLE_SET(__DIR_ORIG); +} |