summaryrefslogtreecommitdiffstats
path: root/src/conntrack/grp.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-04-29 23:43:04 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-04-29 23:43:04 +0200
commitd5b8311d81719f90a8f8d7f0b85ad320b9d7a0cd (patch)
tree21f97e4d1a53d35ded02a35c6fd587265ddff897 /src/conntrack/grp.c
parent096567100178c1f2d49b0d3e7764e665d547c3fa (diff)
conntrack: fix new ATTR_GRP_[ORIG|REPL]_ADDR_[SRC|DST]
The previous patch was incomplete. This fixes several issues with it like the IPV4 and IPV6 address are mutually exclusive, thus, the getter operation works. No sane way to support the setter operation correctly, thus, it's been documented that it has no effect. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/grp.c')
-rw-r--r--src/conntrack/grp.c101
1 files changed, 61 insertions, 40 deletions
diff --git a/src/conntrack/grp.c b/src/conntrack/grp.c
index 92a523b..e971a33 100644
--- a/src/conntrack/grp.c
+++ b/src/conntrack/grp.c
@@ -1,5 +1,5 @@
/*
- * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org>
+ * (C) 2005-2012 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
@@ -9,75 +9,96 @@
#include "internal/internal.h"
-const uint32_t attr_grp_bitmask[ATTR_GRP_MAX][__NFCT_BITSET] = {
+const struct attr_grp_bitmask attr_grp_bitmask[ATTR_GRP_MAX]= {
[ATTR_GRP_ORIG_IPV4] = {
- [0] = (1 << ATTR_ORIG_IPV4_SRC) |
- (1 << ATTR_ORIG_IPV4_DST) |
- (1 << ATTR_ORIG_L3PROTO),
+ .bitmask[0] = (1 << ATTR_ORIG_IPV4_SRC) |
+ (1 << ATTR_ORIG_IPV4_DST) |
+ (1 << ATTR_ORIG_L3PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_REPL_IPV4] = {
- [0] = (1 << ATTR_REPL_IPV4_SRC) |
- (1 << ATTR_REPL_IPV4_DST) |
- (1 << ATTR_REPL_L3PROTO),
+ .bitmask[0] = (1 << ATTR_REPL_IPV4_SRC) |
+ (1 << ATTR_REPL_IPV4_DST) |
+ (1 << ATTR_REPL_L3PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_ORIG_IPV6] = {
- [0] = (1 << ATTR_ORIG_IPV6_SRC) |
- (1 << ATTR_ORIG_IPV6_DST) |
- (1 << ATTR_ORIG_L3PROTO),
+ .bitmask[0] = (1 << ATTR_ORIG_IPV6_SRC) |
+ (1 << ATTR_ORIG_IPV6_DST) |
+ (1 << ATTR_ORIG_L3PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_REPL_IPV6] = {
- [0] = (1 << ATTR_REPL_IPV6_SRC) |
- (1 << ATTR_REPL_IPV6_DST) |
- (1 << ATTR_REPL_L3PROTO),
+ .bitmask[0] = (1 << ATTR_REPL_IPV6_SRC) |
+ (1 << ATTR_REPL_IPV6_DST) |
+ (1 << ATTR_REPL_L3PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_ORIG_PORT] = {
- [0] = (1 << ATTR_ORIG_PORT_SRC) |
- (1 << ATTR_ORIG_PORT_DST) |
- (1 << ATTR_ORIG_L4PROTO),
+ .bitmask[0] = (1 << ATTR_ORIG_PORT_SRC) |
+ (1 << ATTR_ORIG_PORT_DST) |
+ (1 << ATTR_ORIG_L4PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_REPL_PORT] = {
- [0] = (1 << ATTR_REPL_PORT_SRC) |
- (1 << ATTR_REPL_PORT_DST) |
- (1 << ATTR_REPL_L4PROTO),
+ .bitmask[0] = (1 << ATTR_REPL_PORT_SRC) |
+ (1 << ATTR_REPL_PORT_DST) |
+ (1 << ATTR_REPL_L4PROTO),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_ICMP] = {
- [0] = (1 << ATTR_ICMP_CODE) |
- (1 << ATTR_ICMP_TYPE) |
- (1 << ATTR_ICMP_ID),
+ .bitmask[0] = (1 << ATTR_ICMP_CODE) |
+ (1 << ATTR_ICMP_TYPE) |
+ (1 << ATTR_ICMP_ID),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_MASTER_IPV4] = {
- [1] = (1 << (ATTR_MASTER_IPV4_SRC - 32)) |
- (1 << (ATTR_MASTER_IPV4_DST - 32)) |
- (1 << (ATTR_MASTER_L3PROTO - 32)),
+ .bitmask[1] = (1 << (ATTR_MASTER_IPV4_SRC - 32)) |
+ (1 << (ATTR_MASTER_IPV4_DST - 32)) |
+ (1 << (ATTR_MASTER_L3PROTO - 32)),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_MASTER_IPV6] = {
- [1] = (1 << (ATTR_MASTER_IPV6_SRC - 32)) |
- (1 << (ATTR_MASTER_IPV6_DST - 32)) |
- (1 << (ATTR_MASTER_L3PROTO - 32)),
+ .bitmask[1] = (1 << (ATTR_MASTER_IPV6_SRC - 32)) |
+ (1 << (ATTR_MASTER_IPV6_DST - 32)) |
+ (1 << (ATTR_MASTER_L3PROTO - 32)),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_MASTER_PORT] = {
- [1] = (1 << (ATTR_MASTER_PORT_SRC - 32)) |
- (1 << (ATTR_MASTER_PORT_DST - 32)) |
- (1 << (ATTR_MASTER_L4PROTO - 32)),
+ .bitmask[1] = (1 << (ATTR_MASTER_PORT_SRC - 32)) |
+ (1 << (ATTR_MASTER_PORT_DST - 32)) |
+ (1 << (ATTR_MASTER_L4PROTO - 32)),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_ORIG_COUNTERS] = {
- [0] = (1 << (ATTR_ORIG_COUNTER_PACKETS)) |
- (1 << (ATTR_ORIG_COUNTER_BYTES)),
+ .bitmask[0] = (1 << (ATTR_ORIG_COUNTER_PACKETS)) |
+ (1 << (ATTR_ORIG_COUNTER_BYTES)),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_REPL_COUNTERS] = {
- [0] = (1 << (ATTR_REPL_COUNTER_PACKETS)) |
- (1 << (ATTR_REPL_COUNTER_BYTES)),
+ .bitmask[0] = (1 << (ATTR_REPL_COUNTER_PACKETS)) |
+ (1 << (ATTR_REPL_COUNTER_BYTES)),
+ .type = NFCT_BITMASK_AND,
},
[ATTR_GRP_ORIG_ADDR_SRC] = {
- [0] = (1 << ATTR_ORIG_IPV4_SRC) | (1 << ATTR_ORIG_IPV6_SRC),
+ .bitmask[0] = (1 << ATTR_ORIG_IPV4_SRC) |
+ (1 << ATTR_ORIG_IPV6_SRC),
+ .type = NFCT_BITMASK_OR,
},
[ATTR_GRP_ORIG_ADDR_DST] = {
- [0] = (1 << ATTR_ORIG_IPV4_DST) | (1 << ATTR_ORIG_IPV6_DST),
+ .bitmask[0] = (1 << ATTR_ORIG_IPV4_DST) |
+ (1 << ATTR_ORIG_IPV6_DST),
+ .type = NFCT_BITMASK_OR,
+
},
[ATTR_GRP_REPL_ADDR_SRC] = {
- [1] = (1 << ATTR_REPL_IPV4_SRC) | (1 << ATTR_REPL_IPV6_SRC),
+ .bitmask[0] = (1 << ATTR_REPL_IPV4_SRC) |
+ (1 << ATTR_REPL_IPV6_SRC),
+ .type = NFCT_BITMASK_OR,
},
[ATTR_GRP_REPL_ADDR_DST] = {
- [1] = (1 << ATTR_REPL_IPV4_DST) | (1 << ATTR_REPL_IPV6_DST),
+ .bitmask[0] = (1 << ATTR_REPL_IPV4_DST) |
+ (1 << ATTR_REPL_IPV6_DST),
+ .type = NFCT_BITMASK_OR,
},
};