expect: add NAT support

This patch adds ATTR_EXP_NAT_TUPLE and ATTR_EXP_NAT_DIR attributes.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

4 files changed, 55 insertions, 0 deletions

diff --git a/src/expect/build.c b/src/expect/build.c
index ffc7b84..8cf2edd 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -74,6 +74,17 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
 		__build_tuple(req, size, &exp->mask.orig, CTA_EXPECT_MASK);
 	}
 
+	if (test_bit(ATTR_EXP_NAT_TUPLE, exp->set) &&
+	    test_bit(ATTR_EXP_NAT_DIR, exp->set)) {
+		struct nfattr *nest;
+
+		nest = nfnl_nest(&req->nlh, size, CTA_EXPECT_NAT);
+		__build_tuple(req, size, &exp->nat.orig, CTA_EXPECT_NAT_TUPLE);
+		nfnl_addattr32(&req->nlh, size, CTA_EXPECT_NAT_DIR,
+				htonl(exp->nat_dir));
+		nfnl_nest_end(&req->nlh, nest);
+	}
+
 	if (test_bit(ATTR_EXP_TIMEOUT, exp->set))
 		__build_timeout(req, size, exp);
 	if (test_bit(ATTR_EXP_FLAGS, exp->set))
diff --git a/src/expect/getter.c b/src/expect/getter.c
index 06c3bca..937e793 100644
--- a/src/expect/getter.c
+++ b/src/expect/getter.c
@@ -49,6 +49,16 @@ static const void *get_exp_attr_helper_name(const struct nf_expect *exp)
 	return exp->helper_name;
 }
 
+static const void *get_exp_attr_nat_dir(const struct nf_expect *exp)
+{
+	return &exp->nat_dir;
+}
+
+static const void *get_exp_attr_nat_tuple(const struct nf_expect *exp)
+{
+	return &exp->nat;
+}
+
 const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
 	[ATTR_EXP_MASTER]		= get_exp_attr_master,
 	[ATTR_EXP_EXPECTED]		= get_exp_attr_expected,
@@ -58,4 +68,6 @@ const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = {
 	[ATTR_EXP_FLAGS]		= get_exp_attr_flags,
 	[ATTR_EXP_HELPER_NAME]		= get_exp_attr_helper_name,
 	[ATTR_EXP_CLASS]		= get_exp_attr_class,
+	[ATTR_EXP_NAT_TUPLE]		= get_exp_attr_nat_tuple,
+	[ATTR_EXP_NAT_DIR]		= get_exp_attr_nat_dir,
 };
diff --git a/src/expect/parse.c b/src/expect/parse.c
index 8b6dd5f..5796072 100644
--- a/src/expect/parse.c
+++ b/src/expect/parse.c
@@ -89,4 +89,24 @@ void __parse_expect(const struct nlmsghdr *nlh,
 		      ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_CLASS-1]));
 		set_bit(ATTR_EXP_CLASS, exp->set);
 	}
+	if (cda[CTA_EXPECT_NAT-1]) {
+		struct nfattr *tb[CTA_EXPECT_NAT_MAX];
+
+		nfnl_parse_nested(tb, CTA_EXPECT_NAT_MAX,
+					cda[CTA_EXPECT_NAT-1]);
+
+		if (tb[CTA_EXPECT_NAT_TUPLE-1]) {
+			__parse_tuple(tb[CTA_EXPECT_NAT_TUPLE-1],
+				      &exp->nat.orig,
+				      __DIR_ORIG,
+				      exp->nat.set);
+			set_bit(ATTR_EXP_NAT_TUPLE, exp->set);
+		}
+		if (tb[CTA_EXPECT_NAT_DIR-1]) {
+			exp->nat_dir =
+			      ntohl(*((u_int32_t *)
+				NFA_DATA(tb[CTA_EXPECT_NAT_DIR-1])));
+			set_bit(ATTR_EXP_NAT_DIR, exp->set);
+		}
+	}
 }
diff --git a/src/expect/setter.c b/src/expect/setter.c
index b78f4f6..47843f8 100644
--- a/src/expect/setter.c
+++ b/src/expect/setter.c
@@ -50,6 +50,16 @@ static void set_exp_attr_helper_name(struct nf_expect *exp, const void *value)
 	exp->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
 }
 
+static void set_exp_attr_nat_dir(struct nf_expect *exp, const void *value)
+{
+	exp->nat_dir = *((u_int32_t *) value);
+}
+
+static void set_exp_attr_nat_tuple(struct nf_expect *exp, const void *value)
+{
+	exp->nat = *((struct nfct_tuple_head *) value);
+}
+
 const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
 	[ATTR_EXP_MASTER]		= set_exp_attr_master,
 	[ATTR_EXP_EXPECTED]		= set_exp_attr_expected,
@@ -59,4 +69,6 @@ const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = {
 	[ATTR_EXP_FLAGS]		= set_exp_attr_flags,
 	[ATTR_EXP_HELPER_NAME]		= set_exp_attr_helper_name,
 	[ATTR_EXP_CLASS]		= set_exp_attr_class,
+	[ATTR_EXP_NAT_TUPLE]		= set_exp_attr_nat_tuple,
+	[ATTR_EXP_NAT_DIR]		= set_exp_attr_nat_dir,
 };