summaryrefslogtreecommitdiffstats
path: root/src/conntrack
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-07-14 17:16:08 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-07-14 17:16:08 +0200
commit19f35b21dbe2bb4386eeced4e0d87f3b2e1dd8bf (patch)
treecb78ecd7c55d040c6a017890b94851a54db95bc6 /src/conntrack
parentdd73e5708cc2cd127ba03fd5a82fb96b3928e7fb (diff)
src: add support for DCCP 64-bits sequence number tracking
From: Pablo Neira Ayuso <pablo@netfilter.org> This patch adds the support for the DCCP sequence number tracking that is included in the upcoming Linux kernel 2.6.31. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack')
-rw-r--r--src/conntrack/api.c29
-rw-r--r--src/conntrack/build.c5
-rw-r--r--src/conntrack/copy.c7
-rw-r--r--src/conntrack/getter.c6
-rw-r--r--src/conntrack/parse.c5
-rw-r--r--src/conntrack/setter.c6
6 files changed, 58 insertions, 0 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 0639b5f..56a3a8a 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -341,6 +341,19 @@ void nfct_set_attr_u32(struct nf_conntrack *ct,
}
/**
+ * nfct_set_attr_u64 - set the value of a certain conntrack attribute
+ * @ct: pointer to a valid conntrack
+ * @type: attribute type
+ * @value: unsigned 64 bits attribute value
+ */
+void nfct_set_attr_u64(struct nf_conntrack *ct,
+ const enum nf_conntrack_attr type,
+ u_int64_t value)
+{
+ nfct_set_attr(ct, type, &value);
+}
+
+/**
* nfct_get_attr - get a conntrack attribute
* ct: pointer to a valid conntrack
* @type: attribute type
@@ -417,6 +430,22 @@ u_int32_t nfct_get_attr_u32(const struct nf_conntrack *ct,
}
/**
+ * nfct_get_attr_u64 - get attribute of unsigned 32-bits long
+ * @ct: pointer to a valid conntrack
+ * @type: attribute type
+ *
+ * Returns the value of the requested attribute, if the attribute is not
+ * set, 0 is returned. In order to check if the attribute is set or not,
+ * use nfct_attr_is_set.
+ */
+u_int64_t nfct_get_attr_u64(const struct nf_conntrack *ct,
+ const enum nf_conntrack_attr type)
+{
+ const u_int64_t *ret = nfct_get_attr(ct, type);
+ return ret == NULL ? 0 : *ret;
+}
+
+/**
* nfct_attr_is_set - check if a certain attribute is set
* @ct: pointer to a valid conntrack object
* @type: attribute type
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index c739396..4f2307f 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -160,6 +160,11 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
CTA_PROTOINFO_DCCP_ROLE,
&ct->protoinfo.dccp.role,
sizeof(u_int8_t));
+ if (test_bit(ATTR_DCCP_SEQ, ct->set))
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_SEQ,
+ &ct->protoinfo.dccp.seq,
+ sizeof(u_int64_t));
nfnl_nest_end(&req->nlh, nest_proto);
nfnl_nest_end(&req->nlh, nest);
default:
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 90eea03..a76edf4 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -256,6 +256,12 @@ static void copy_attr_dccp_role(struct nf_conntrack *dest,
dest->protoinfo.dccp.role = orig->protoinfo.dccp.role;
}
+static void copy_attr_dccp_seq(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.dccp.seq = orig->protoinfo.dccp.seq;
+}
+
static void copy_attr_snat_ipv4(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
@@ -448,4 +454,5 @@ copy_attr copy_attr_array[ATTR_MAX] = {
[ATTR_HELPER_NAME] = copy_attr_helper_name,
[ATTR_DCCP_STATE] = copy_attr_dccp_state,
[ATTR_DCCP_ROLE] = copy_attr_dccp_role,
+ [ATTR_DCCP_SEQ] = copy_attr_dccp_seq,
};
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index 6e50a5b..4314058 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -297,6 +297,11 @@ static const void *get_attr_dccp_role(const struct nf_conntrack *ct)
return &ct->protoinfo.dccp.role;
}
+static const void *get_attr_dccp_seq(const struct nf_conntrack *ct)
+{
+ return &ct->protoinfo.dccp.seq;
+}
+
get_attr get_attr_array[ATTR_MAX] = {
[ATTR_ORIG_IPV4_SRC] = get_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = get_attr_orig_ipv4_dst,
@@ -356,4 +361,5 @@ get_attr get_attr_array[ATTR_MAX] = {
[ATTR_HELPER_NAME] = get_attr_helper_name,
[ATTR_DCCP_STATE] = get_attr_dccp_state,
[ATTR_DCCP_ROLE] = get_attr_dccp_role,
+ [ATTR_DCCP_SEQ] = get_attr_dccp_seq,
};
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 98e4d7d..99dc913 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -261,6 +261,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]);
set_bit(ATTR_DCCP_ROLE, ct->set);
}
+ if (tb[CTA_PROTOINFO_DCCP_SEQ-1]) {
+ ct->protoinfo.dccp.seq =
+ *(u_int64_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]);
+ set_bit(ATTR_DCCP_SEQ, ct->set);
+ }
}
static void __parse_protoinfo(const struct nfattr *attr,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 3fe74c5..da7d4b1 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -324,6 +324,11 @@ static void set_attr_dccp_role(struct nf_conntrack *ct, const void *value)
ct->protoinfo.dccp.role = *((u_int8_t *) value);
}
+static void set_attr_dccp_seq(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.dccp.seq = *((u_int64_t *) value);
+}
+
static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
set_attr set_attr_array[ATTR_MAX] = {
@@ -385,4 +390,5 @@ set_attr set_attr_array[ATTR_MAX] = {
[ATTR_HELPER_NAME] = set_attr_helper_name,
[ATTR_DCCP_STATE] = set_attr_dccp_state,
[ATTR_DCCP_ROLE] = set_attr_dccp_role,
+ [ATTR_DCCP_SEQ] = set_attr_dccp_seq,
};