summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/internal/object.h38
-rw-r--r--src/conntrack/api.c38
-rw-r--r--src/conntrack/build.c183
-rw-r--r--src/conntrack/compare.c61
-rw-r--r--src/conntrack/copy.c98
-rw-r--r--src/conntrack/getter.c66
-rw-r--r--src/conntrack/grp_getter.c42
-rw-r--r--src/conntrack/grp_setter.c64
-rw-r--r--src/conntrack/objopt.c85
-rw-r--r--src/conntrack/parse.c94
-rw-r--r--src/conntrack/setter.c76
-rw-r--r--src/conntrack/snprintf_default.c58
-rw-r--r--src/conntrack/snprintf_xml.c104
-rw-r--r--src/expect/build.c19
-rw-r--r--src/expect/parse.c12
-rw-r--r--src/expect/setter.c6
-rw-r--r--src/expect/snprintf_default.c17
17 files changed, 524 insertions, 537 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 880f7c1..64f7721 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -109,18 +109,12 @@ struct __nfct_tuple {
u_int8_t protonum;
union __nfct_l4_src l4src;
union __nfct_l4_dst l4dst;
-
- struct {
- u_int32_t correction_pos;
- u_int32_t offset_before;
- u_int32_t offset_after;
- } natseq;
};
#define __DIR_ORIG 0
#define __DIR_REPL 1
+#define __DIR_MAX __DIR_REPL+1
#define __DIR_MASTER 2
-#define __DIR_MAX __DIR_MASTER+1
union __nfct_protoinfo {
struct {
@@ -152,9 +146,18 @@ struct __nfct_nat {
union __nfct_l4_src l4min, l4max;
};
+struct nfct_tuple_head {
+ struct __nfct_tuple orig;
+
+#define __NFCT_BITSET 3
+ u_int32_t set[__NFCT_BITSET];
+};
+
struct nf_conntrack {
- struct __nfct_tuple tuple[__DIR_MAX];
-
+ struct nfct_tuple_head head;
+ struct __nfct_tuple repl;
+ struct __nfct_tuple master;
+
u_int32_t timeout;
u_int32_t mark;
u_int32_t secmark;
@@ -174,13 +177,15 @@ struct nf_conntrack {
struct __nfct_nat dnat;
struct {
+ u_int32_t correction_pos;
+ u_int32_t offset_before;
+ u_int32_t offset_after;
+ } natseq[__DIR_MAX];
+
+ struct {
u_int64_t start;
u_int64_t stop;
} timestamp;
-
-/* we've got more than 64 attributes now, we need 96 bits to store them. */
-#define __NFCT_BITSET 3
- u_int32_t set[__NFCT_BITSET];
};
/*
@@ -260,9 +265,10 @@ struct nfct_filter {
*/
struct nf_expect {
- struct nf_conntrack master;
- struct nf_conntrack expected;
- struct nf_conntrack mask;
+ struct nfct_tuple_head master;
+ struct nfct_tuple_head expected;
+ struct nfct_tuple_head mask;
+
u_int32_t timeout;
u_int32_t id;
u_int16_t zone;
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 738aa51..d3d9bdb 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -377,7 +377,7 @@ void nfct_set_attr(struct nf_conntrack *ct,
if (set_attr_array[type]) {
set_attr_array[type](ct, value);
- set_bit(type, ct->set);
+ set_bit(type, ct->head.set);
}
}
@@ -451,7 +451,7 @@ const void *nfct_get_attr(const struct nf_conntrack *ct,
return NULL;
}
- if (!test_bit(type, ct->set)) {
+ if (!test_bit(type, ct->head.set)) {
errno = ENODATA;
return NULL;
}
@@ -542,7 +542,7 @@ int nfct_attr_is_set(const struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- return test_bit(type, ct->set);
+ return test_bit(type, ct->head.set);
}
/**
@@ -567,7 +567,7 @@ int nfct_attr_is_set_array(const struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- if (!test_bit(type_array[i], ct->set))
+ if (!test_bit(type_array[i], ct->head.set))
return 0;
}
return 1;
@@ -590,7 +590,7 @@ int nfct_attr_unset(struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- unset_bit(type, ct->set);
+ unset_bit(type, ct->head.set);
return 0;
}
@@ -615,7 +615,7 @@ void nfct_set_attr_grp(struct nf_conntrack *ct,
if (set_attr_grp_array[type]) {
set_attr_grp_array[type](ct, data);
- set_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET);
+ set_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
}
}
@@ -638,7 +638,7 @@ int nfct_get_attr_grp(const struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- if (!test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET)) {
+ if (!test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET)) {
errno = ENODATA;
return -1;
}
@@ -663,7 +663,7 @@ int nfct_attr_grp_is_set(const struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- return test_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET);
+ return test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
}
/**
@@ -683,7 +683,7 @@ int nfct_attr_grp_unset(struct nf_conntrack *ct,
errno = EINVAL;
return -1;
}
- unset_bitmask_u32(ct->set, attr_grp_bitmask[type], __NFCT_BITSET);
+ unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET);
return 0;
}
@@ -1128,10 +1128,10 @@ void nfct_copy(struct nf_conntrack *ct1,
}
if (flags == NFCT_CP_ALL) {
for (i=0; i<ATTR_MAX; i++) {
- if (test_bit(i, ct2->set)) {
+ if (test_bit(i, ct2->head.set)) {
assert(copy_attr_array[i]);
copy_attr_array[i](ct1, ct2);
- set_bit(i, ct1->set);
+ set_bit(i, ct1->head.set);
}
}
return;
@@ -1154,10 +1154,10 @@ void nfct_copy(struct nf_conntrack *ct1,
if (flags & NFCT_CP_ORIG) {
for (i=0; i<__CP_ORIG_MAX; i++) {
- if (test_bit(cp_orig_mask[i], ct2->set)) {
+ if (test_bit(cp_orig_mask[i], ct2->head.set)) {
assert(copy_attr_array[i]);
copy_attr_array[cp_orig_mask[i]](ct1, ct2);
- set_bit(cp_orig_mask[i], ct1->set);
+ set_bit(cp_orig_mask[i], ct1->head.set);
}
}
}
@@ -1176,20 +1176,20 @@ void nfct_copy(struct nf_conntrack *ct1,
if (flags & NFCT_CP_REPL) {
for (i=0; i<__CP_REPL_MAX; i++) {
- if (test_bit(cp_repl_mask[i], ct2->set)) {
+ if (test_bit(cp_repl_mask[i], ct2->head.set)) {
assert(copy_attr_array[i]);
copy_attr_array[cp_repl_mask[i]](ct1, ct2);
- set_bit(cp_repl_mask[i], ct1->set);
+ set_bit(cp_repl_mask[i], ct1->head.set);
}
}
}
if (flags & NFCT_CP_META) {
for (i=ATTR_TCP_STATE; i<ATTR_MAX; i++) {
- if (test_bit(i, ct2->set)) {
+ if (test_bit(i, ct2->head.set)) {
assert(copy_attr_array[i]),
copy_attr_array[i](ct1, ct2);
- set_bit(i, ct1->set);
+ set_bit(i, ct1->head.set);
}
}
}
@@ -1207,10 +1207,10 @@ void nfct_copy_attr(struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
const enum nf_conntrack_attr type)
{
- if (test_bit(type, ct2->set)) {
+ if (test_bit(type, ct2->head.set)) {
assert(copy_attr_array[type]);
copy_attr_array[type](ct1, ct2);
- set_bit(type, ct1->set);
+ set_bit(type, ct1->head.set);
}
}
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 6e85d32..3ff2e13 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -106,45 +106,45 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
{
struct nfattr *nest, *nest_proto;
- switch(ct->tuple[__DIR_ORIG].protonum) {
+ switch(ct->head.orig.protonum) {
case IPPROTO_TCP:
/* Preliminary attribute check to avoid sending an empty
* CTA_PROTOINFO_TCP nest, which results in EINVAL in
* Linux kernel <= 2.6.25. */
- if (!(test_bit(ATTR_TCP_STATE, ct->set) ||
- test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) ||
- test_bit(ATTR_TCP_FLAGS_REPL, ct->set) ||
- test_bit(ATTR_TCP_MASK_ORIG, ct->set) ||
- test_bit(ATTR_TCP_MASK_REPL, ct->set) ||
- test_bit(ATTR_TCP_WSCALE_ORIG, ct->set) ||
- test_bit(ATTR_TCP_WSCALE_REPL, ct->set))) {
+ if (!(test_bit(ATTR_TCP_STATE, ct->head.set) ||
+ test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) ||
+ test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) ||
+ test_bit(ATTR_TCP_MASK_ORIG, ct->head.set) ||
+ test_bit(ATTR_TCP_MASK_REPL, ct->head.set) ||
+ test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set) ||
+ test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set))) {
break;
}
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
- if (test_bit(ATTR_TCP_STATE, ct->set))
+ if (test_bit(ATTR_TCP_STATE, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_TCP_STATE,
&ct->protoinfo.tcp.state,
sizeof(u_int8_t));
- if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
- test_bit(ATTR_TCP_MASK_ORIG, ct->set))
+ if (test_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set) &&
+ test_bit(ATTR_TCP_MASK_ORIG, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
&ct->protoinfo.tcp.flags[0],
sizeof(struct nf_ct_tcp_flags));
- if (test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
- test_bit(ATTR_TCP_MASK_REPL, ct->set))
+ if (test_bit(ATTR_TCP_FLAGS_REPL, ct->head.set) &&
+ test_bit(ATTR_TCP_MASK_REPL, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_TCP_FLAGS_REPLY,
&ct->protoinfo.tcp.flags[1],
sizeof(struct nf_ct_tcp_flags));
- if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->set))
+ if (test_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
&ct->protoinfo.tcp.wscale[__DIR_ORIG],
sizeof(u_int8_t));
- if (test_bit(ATTR_TCP_WSCALE_REPL, ct->set))
+ if (test_bit(ATTR_TCP_WSCALE_REPL, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_TCP_WSCALE_REPLY,
&ct->protoinfo.tcp.wscale[__DIR_REPL],
@@ -154,23 +154,23 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
break;
case IPPROTO_SCTP:
/* See comment above on TCP. */
- if (!(test_bit(ATTR_SCTP_STATE, ct->set) ||
- test_bit(ATTR_SCTP_VTAG_ORIG, ct->set) ||
- test_bit(ATTR_SCTP_VTAG_REPL, ct->set))) {
+ if (!(test_bit(ATTR_SCTP_STATE, ct->head.set) ||
+ test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set) ||
+ test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set))) {
break;
}
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_SCTP);
- if (test_bit(ATTR_SCTP_STATE, ct->set))
+ if (test_bit(ATTR_SCTP_STATE, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_SCTP_STATE,
&ct->protoinfo.sctp.state,
sizeof(u_int8_t));
- if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->set))
+ if (test_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set))
nfnl_addattr32(&req->nlh, size,
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
htonl(ct->protoinfo.sctp.vtag[__DIR_ORIG]));
- if (test_bit(ATTR_SCTP_VTAG_REPL, ct->set))
+ if (test_bit(ATTR_SCTP_VTAG_REPL, ct->head.set))
nfnl_addattr32(&req->nlh, size,
CTA_PROTOINFO_SCTP_VTAG_REPLY,
htonl(ct->protoinfo.sctp.vtag[__DIR_REPL]));
@@ -179,24 +179,24 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
break;
case IPPROTO_DCCP:
/* See comment above on TCP. */
- if (!(test_bit(ATTR_DCCP_STATE, ct->set) ||
- test_bit(ATTR_DCCP_ROLE, ct->set) ||
- test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set))) {
+ if (!(test_bit(ATTR_DCCP_STATE, ct->head.set) ||
+ test_bit(ATTR_DCCP_ROLE, ct->head.set) ||
+ test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set))) {
break;
}
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
- if (test_bit(ATTR_DCCP_STATE, ct->set))
+ if (test_bit(ATTR_DCCP_STATE, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_DCCP_STATE,
&ct->protoinfo.dccp.state,
sizeof(u_int8_t));
- if (test_bit(ATTR_DCCP_ROLE, ct->set))
+ if (test_bit(ATTR_DCCP_ROLE, ct->head.set))
nfnl_addattr_l(&req->nlh, size,
CTA_PROTOINFO_DCCP_ROLE,
&ct->protoinfo.dccp.role,
sizeof(u_int8_t));
- if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set)) {
+ if (test_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set)) {
/* FIXME: use __cpu_to_be64() instead which is the
* correct operation. This is a semantic abuse but
* we have no function to do it in libnfnetlink. */
@@ -224,15 +224,15 @@ __nat_seq_adj(struct nfnlhdr *req,
nfnl_addattr32(&req->nlh,
size,
CTA_NAT_SEQ_CORRECTION_POS,
- htonl(ct->tuple[dir].natseq.correction_pos));
+ htonl(ct->natseq[dir].correction_pos));
nfnl_addattr32(&req->nlh,
size,
CTA_NAT_SEQ_OFFSET_BEFORE,
- htonl(ct->tuple[dir].natseq.offset_before));
+ htonl(ct->natseq[dir].offset_before));
nfnl_addattr32(&req->nlh,
size,
CTA_NAT_SEQ_OFFSET_AFTER,
- htonl(ct->tuple[dir].natseq.offset_after));
+ htonl(ct->natseq[dir].offset_after));
}
static void
@@ -259,7 +259,7 @@ static void __build_protonat(struct nfnlhdr *req,
nest = nfnl_nest(&req->nlh, size, CTA_NAT_PROTO);
- switch (ct->tuple[__DIR_ORIG].protonum) {
+ switch (ct->head.orig.protonum) {
case IPPROTO_TCP:
case IPPROTO_UDP:
nfnl_addattr_l(&req->nlh, size, CTA_PROTONAT_PORT_MIN,
@@ -405,9 +405,9 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
u_int16_t flags,
const struct nf_conntrack *ct)
{
- u_int8_t l3num = ct->tuple[__DIR_ORIG].l3protonum;
+ u_int8_t l3num = ct->head.orig.l3protonum;
- if (!test_bit(ATTR_ORIG_L3PROTO, ct->set)) {
+ if (!test_bit(ATTR_ORIG_L3PROTO, ct->head.set)) {
errno = EINVAL;
return -1;
}
@@ -416,48 +416,43 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags);
- if (test_bit(ATTR_ORIG_IPV4_SRC, ct->set) ||
- test_bit(ATTR_ORIG_IPV4_DST, ct->set) ||
- test_bit(ATTR_ORIG_IPV6_SRC, ct->set) ||
- test_bit(ATTR_ORIG_IPV6_DST, ct->set) ||
- test_bit(ATTR_ORIG_PORT_SRC, ct->set) ||
- test_bit(ATTR_ORIG_PORT_DST, ct->set) ||
- test_bit(ATTR_ORIG_L3PROTO, ct->set) ||
- test_bit(ATTR_ORIG_L4PROTO, ct->set) ||
- test_bit(ATTR_ICMP_TYPE, ct->set) ||
- test_bit(ATTR_ICMP_CODE, ct->set) ||
- test_bit(ATTR_ICMP_ID, ct->set))
- __build_tuple(req, size,
- &ct->tuple[__DIR_ORIG],
- CTA_TUPLE_ORIG);
-
- if (test_bit(ATTR_REPL_IPV4_SRC, ct->set) ||
- test_bit(ATTR_REPL_IPV4_DST, ct->set) ||
- test_bit(ATTR_REPL_IPV6_SRC, ct->set) ||
- test_bit(ATTR_REPL_IPV6_DST, ct->set) ||
- test_bit(ATTR_REPL_PORT_SRC, ct->set) ||
- test_bit(ATTR_REPL_PORT_DST, ct->set) ||
- test_bit(ATTR_REPL_L3PROTO, ct->set) ||
- test_bit(ATTR_REPL_L4PROTO, ct->set) ||
- test_bit(ATTR_ICMP_TYPE, ct->set) ||
- test_bit(ATTR_ICMP_CODE, ct->set) ||
- test_bit(ATTR_ICMP_ID, ct->set))
- __build_tuple(req, size,
- &ct->tuple[__DIR_REPL],
- CTA_TUPLE_REPLY);
-
- if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) ||
- test_bit(ATTR_MASTER_IPV4_DST, ct->set) ||
- test_bit(ATTR_MASTER_IPV6_SRC, ct->set) ||
- test_bit(ATTR_MASTER_IPV6_DST, ct->set) ||
- test_bit(ATTR_MASTER_PORT_SRC, ct->set) ||
- test_bit(ATTR_MASTER_PORT_DST, ct->set) ||
- test_bit(ATTR_MASTER_L3PROTO, ct->set) ||
- test_bit(ATTR_MASTER_L4PROTO, ct->set))
- __build_tuple(req, size,
- &ct->tuple[__DIR_MASTER], CTA_TUPLE_MASTER);
-
- if (test_bit(ATTR_STATUS, ct->set))
+ if (test_bit(ATTR_ORIG_IPV4_SRC, ct->head.set) ||
+ test_bit(ATTR_ORIG_IPV4_DST, ct->head.set) ||
+ test_bit(ATTR_ORIG_IPV6_SRC, ct->head.set) ||
+ test_bit(ATTR_ORIG_IPV6_DST, ct->head.set) ||
+ test_bit(ATTR_ORIG_PORT_SRC, ct->head.set) ||
+ test_bit(ATTR_ORIG_PORT_DST, ct->head.set) ||
+ test_bit(ATTR_ORIG_L3PROTO, ct->head.set) ||
+ test_bit(ATTR_ORIG_L4PROTO, ct->head.set) ||
+ test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
+ test_bit(ATTR_ICMP_CODE, ct->head.set) ||
+ test_bit(ATTR_ICMP_ID, ct->head.set))
+ __build_tuple(req, size, &ct->head.orig, CTA_TUPLE_ORIG);
+
+ if (test_bit(ATTR_REPL_IPV4_SRC, ct->head.set) ||
+ test_bit(ATTR_REPL_IPV4_DST, ct->head.set) ||
+ test_bit(ATTR_REPL_IPV6_SRC, ct->head.set) ||
+ test_bit(ATTR_REPL_IPV6_DST, ct->head.set) ||
+ test_bit(ATTR_REPL_PORT_SRC, ct->head.set) ||
+ test_bit(ATTR_REPL_PORT_DST, ct->head.set) ||
+ test_bit(ATTR_REPL_L3PROTO, ct->head.set) ||
+ test_bit(ATTR_REPL_L4PROTO, ct->head.set) ||
+ test_bit(ATTR_ICMP_TYPE, ct->head.set) ||
+ test_bit(ATTR_ICMP_CODE, ct->head.set) ||
+ test_bit(ATTR_ICMP_ID, ct->head.set))
+ __build_tuple(req, size, &ct->repl, CTA_TUPLE_REPLY);
+
+ if (test_bit(ATTR_MASTER_IPV4_SRC, ct->head.set) ||
+ test_bit(ATTR_MASTER_IPV4_DST, ct->head.set) ||
+ test_bit(ATTR_MASTER_IPV6_SRC, ct->head.set) ||
+ test_bit(ATTR_MASTER_IPV6_DST, ct->head.set) ||
+ test_bit(ATTR_MASTER_PORT_SRC, ct->head.set) ||
+ test_bit(ATTR_MASTER_PORT_DST, ct->head.set) ||
+ test_bit(ATTR_MASTER_L3PROTO, ct->head.set) ||
+ test_bit(ATTR_MASTER_L4PROTO, ct->head.set))
+ __build_tuple(req, size, &ct->master, CTA_TUPLE_MASTER);
+
+ if (test_bit(ATTR_STATUS, ct->head.set))
__build_status(req, size, ct);
else {
/* build IPS_CONFIRMED if we're creating a new conntrack */
@@ -465,47 +460,47 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
__build_status(req, size, ct);
}
- if (test_bit(ATTR_TIMEOUT, ct->set))
+ if (test_bit(ATTR_TIMEOUT, ct->head.set))
__build_timeout(req, size, ct);
- if (test_bit(ATTR_MARK, ct->set))
+ if (test_bit(ATTR_MARK, ct->head.set))
__build_mark(req, size, ct);
- if (test_bit(ATTR_SECMARK, ct->set))
+ if (test_bit(ATTR_SECMARK, ct->head.set))
__build_secmark(req, size, ct);
__build_protoinfo(req, size, ct);
- if (test_bit(ATTR_SNAT_IPV4, ct->set) &&
- test_bit(ATTR_SNAT_PORT, ct->set))
+ if (test_bit(ATTR_SNAT_IPV4, ct->head.set) &&
+ test_bit(ATTR_SNAT_PORT, ct->head.set))
__build_snat(req, size, ct);
- else if (test_bit(ATTR_SNAT_IPV4, ct->set))
+ else if (test_bit(ATTR_SNAT_IPV4, ct->head.set))
__build_snat_ipv4(req, size, ct);
- else if (test_bit(ATTR_SNAT_PORT, ct->set))
+ else if (test_bit(ATTR_SNAT_PORT, ct->head.set))
__build_snat_port(req, size, ct);
- if (test_bit(ATTR_DNAT_IPV4, ct->set) &&
- test_bit(ATTR_DNAT_PORT, ct->set))
+ if (test_bit(ATTR_DNAT_IPV4, ct->head.set) &&
+ test_bit(ATTR_DNAT_PORT, ct->head.set))
__build_dnat(req, size, ct);
- else if (test_bit(ATTR_DNAT_IPV4, ct->set))
+ else if (test_bit(ATTR_DNAT_IPV4, ct->head.set))
__build_dnat_ipv4(req, size, ct);
- else if (test_bit(ATTR_DNAT_PORT, ct->set))
+ else if (test_bit(ATTR_DNAT_PORT, ct->head.set))
__build_dnat_port(req, size, ct);
- if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set) &&
- test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set) &&
- test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set))
+ if (test_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set) &&
+ test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set) &&
+ test_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set))
__build_nat_seq_adj(req, size, ct, __DIR_ORIG);
- if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set) &&
- test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set) &&
- test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set))
+ if (test_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set) &&
+ test_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set) &&
+ test_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set))
__build_nat_seq_adj(req, size, ct, __DIR_REPL);
- if (test_bit(ATTR_HELPER_NAME, ct->set))
+ if (test_bit(ATTR_HELPER_NAME, ct->head.set))
__build_helper_name(req, size, ct);
- if (test_bit(ATTR_ZONE, ct->set))
+ if (test_bit(ATTR_ZONE, ct->head.set))
__build_zone(req, size, ct);
return 0;
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index cc0afc9..f94f1b9 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -17,10 +17,10 @@ static int __cmp(int attr,
const struct nf_conntrack *ct2,
unsigned int flags))
{
- if (test_bit(attr, ct1->set) && test_bit(attr, ct2->set)) {
+ if (test_bit(attr, ct1->head.set) && test_bit(attr, ct2->head.set)) {
return cmp(ct1, ct2, flags);
} else if (flags & NFCT_CMP_MASK &&
- test_bit(attr, ct1->set)) {
+ test_bit(attr, ct1->head.set)) {
return 0;
} else if (flags & NFCT_CMP_STRICT) {
return 0;
@@ -33,8 +33,7 @@ cmp_orig_l3proto(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l3protonum ==
- ct2->tuple[__DIR_ORIG].l3protonum);
+ return (ct1->head.orig.l3protonum == ct2->head.orig.l3protonum);
}
static int
@@ -42,8 +41,7 @@ cmp_icmp_id(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l4src.icmp.id ==
- ct2->tuple[__DIR_ORIG].l4src.icmp.id);
+ return (ct1->head.orig.l4src.icmp.id == ct2->head.orig.l4src.icmp.id);
}
static int
@@ -51,8 +49,8 @@ cmp_icmp_type(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l4dst.icmp.type ==
- ct2->tuple[__DIR_ORIG].l4dst.icmp.type);
+ return (ct1->head.orig.l4dst.icmp.type ==
+ ct2->head.orig.l4dst.icmp.type);
}
static int
@@ -60,8 +58,8 @@ cmp_icmp_code(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l4dst.icmp.code ==
- ct2->tuple[__DIR_ORIG].l4dst.icmp.code);
+ return (ct1->head.orig.l4dst.icmp.code ==
+ ct2->head.orig.l4dst.icmp.code);
}
static int
@@ -69,8 +67,7 @@ cmp_orig_port_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l4src.all ==
- ct2->tuple[__DIR_ORIG].l4src.all);
+ return (ct1->head.orig.l4src.all == ct2->head.orig.l4src.all);
}
static int
@@ -78,8 +75,7 @@ cmp_orig_port_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].l4dst.all ==
- ct2->tuple[__DIR_ORIG].l4dst.all);
+ return (ct1->head.orig.l4dst.all == ct2->head.orig.l4dst.all);
}
static int
@@ -87,10 +83,10 @@ cmp_orig_l4proto(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- if (ct1->tuple[__DIR_ORIG].protonum != ct2->tuple[__DIR_ORIG].protonum)
+ if (ct1->head.orig.protonum != ct2->head.orig.protonum)
return 0;
- switch(ct1->tuple[__DIR_ORIG].protonum) {
+ switch(ct1->head.orig.protonum) {
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id))
@@ -121,22 +117,21 @@ cmp_orig_ipv4_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].src.v4 == ct2->tuple[__DIR_ORIG].src.v4);}
+ return (ct1->head.orig.src.v4 == ct2->head.orig.src.v4);}
static int
cmp_orig_ipv4_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_ORIG].dst.v4 == ct2->tuple[__DIR_ORIG].dst.v4);}
+ return (ct1->head.orig.dst.v4 == ct2->head.orig.dst.v4);}
static int
cmp_orig_ipv6_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (memcmp(&ct1->tuple[__DIR_ORIG].src.v6,
- &ct2->tuple[__DIR_ORIG].src.v6,
+ return (memcmp(&ct1->head.orig.src.v6, &ct2->head.orig.src.v6,
sizeof(struct in6_addr)) == 0);
}
@@ -145,8 +140,7 @@ cmp_orig_ipv6_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (memcmp(&ct1->tuple[__DIR_ORIG].dst.v6,
- &ct2->tuple[__DIR_ORIG].dst.v6,
+ return (memcmp(&ct1->head.orig.dst.v6, &ct2->head.orig.dst.v6,
sizeof(struct in6_addr)) == 0);
}
@@ -175,8 +169,7 @@ cmp_repl_l3proto(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_REPL].l3protonum ==
- ct2->tuple[__DIR_REPL].l3protonum);
+ return (ct1->repl.l3protonum == ct2->repl.l3protonum);
}
static int
@@ -184,8 +177,7 @@ cmp_repl_port_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_REPL].l4src.all ==
- ct2->tuple[__DIR_REPL].l4src.all);
+ return (ct1->repl.l4src.all == ct2->repl.l4src.all);
}
static int
@@ -193,8 +185,7 @@ cmp_repl_port_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_REPL].l4dst.all ==
- ct2->tuple[__DIR_REPL].l4dst.all);
+ return (ct1->repl.l4dst.all == ct2->repl.l4dst.all);
}
static int
@@ -202,10 +193,10 @@ cmp_repl_l4proto(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- if (ct1->tuple[__DIR_REPL].protonum != ct2->tuple[__DIR_REPL].protonum)
+ if (ct1->repl.protonum != ct2->repl.protonum)
return 0;
- switch(ct1->tuple[__DIR_REPL].protonum) {
+ switch(ct1->repl.protonum) {
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
if (!__cmp(ATTR_ICMP_ID, ct1, ct2, flags, cmp_icmp_id))
@@ -236,22 +227,21 @@ cmp_repl_ipv4_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_REPL].src.v4 == ct2->tuple[__DIR_REPL].src.v4);}
+ return (ct1->repl.src.v4 == ct2->repl.src.v4);}
static int
cmp_repl_ipv4_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (ct1->tuple[__DIR_REPL].dst.v4 == ct2->tuple[__DIR_REPL].dst.v4);}
+ return (ct1->repl.dst.v4 == ct2->repl.dst.v4);}
static int
cmp_repl_ipv6_src(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (memcmp(&ct1->tuple[__DIR_REPL].src.v6,
- &ct2->tuple[__DIR_REPL].src.v6,
+ return (memcmp(&ct1->repl.src.v6, &ct2->repl.src.v6,
sizeof(struct in6_addr)) == 0);
}
@@ -260,8 +250,7 @@ cmp_repl_ipv6_dst(const struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
unsigned int flags)
{
- return (memcmp(&ct1->tuple[__DIR_REPL].dst.v6,
- &ct2->tuple[__DIR_REPL].dst.v6,
+ return (memcmp(&ct1->repl.dst.v6, &ct2->repl.dst.v6,
sizeof(struct in6_addr)) == 0);
}
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 459741b..3c47b15 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -12,184 +12,178 @@
static void copy_attr_orig_ipv4_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].src.v4 = orig->tuple[__DIR_ORIG].src.v4;
+ dest->head.orig.src.v4 = orig->head.orig.src.v4;
}
static void copy_attr_orig_ipv4_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].dst.v4 = orig->tuple[__DIR_ORIG].dst.v4;
+ dest->head.orig.dst.v4 = orig->head.orig.dst.v4;
}
static void copy_attr_repl_ipv4_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].src.v4 = orig->tuple[__DIR_REPL].src.v4;
+ dest->repl.src.v4 = orig->repl.src.v4;
}
static void copy_attr_repl_ipv4_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].dst.v4 = orig->tuple[__DIR_REPL].dst.v4;
+ dest->repl.dst.v4 = orig->repl.dst.v4;
}
static void copy_attr_orig_ipv6_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_ORIG].src,
- &orig->tuple[__DIR_ORIG].src,
+ memcpy(&dest->head.orig.src,
+ &orig->head.orig.src,
sizeof(union __nfct_address));
}
static void copy_attr_orig_ipv6_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_ORIG].dst,
- &orig->tuple[__DIR_ORIG].dst,
+ memcpy(&dest->head.orig.dst,
+ &orig->head.orig.dst,
sizeof(union __nfct_address));
}
static void copy_attr_repl_ipv6_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_REPL].src,
- &orig->tuple[__DIR_REPL].src,
+ memcpy(&dest->repl.src,
+ &orig->repl.src,
sizeof(union __nfct_address));
}
static void copy_attr_repl_ipv6_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_REPL].dst,
- &orig->tuple[__DIR_REPL].dst,
+ memcpy(&dest->repl.dst,
+ &orig->repl.dst,
sizeof(union __nfct_address));
}
static void copy_attr_orig_port_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l4src.all = orig->tuple[__DIR_ORIG].l4src.all;
+ dest->head.orig.l4src.all = orig->head.orig.l4src.all;
}
static void copy_attr_orig_port_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l4dst.all = orig->tuple[__DIR_ORIG].l4dst.all;
+ dest->head.orig.l4dst.all = orig->head.orig.l4dst.all;
}
static void copy_attr_repl_port_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].l4src.all = orig->tuple[__DIR_REPL].l4src.all;
+ dest->repl.l4src.all = orig->repl.l4src.all;
}
static void copy_attr_repl_port_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].l4dst.all = orig->tuple[__DIR_REPL].l4dst.all;
+ dest->repl.l4dst.all = orig->repl.l4dst.all;
}
static void copy_attr_icmp_type(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l4dst.icmp.type =
- orig->tuple[__DIR_ORIG].l4dst.icmp.type;
+ dest->head.orig.l4dst.icmp.type =
+ orig->head.orig.l4dst.icmp.type;
}
static void copy_attr_icmp_code(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l4dst.icmp.code =
- orig->tuple[__DIR_ORIG].l4dst.icmp.code;
+ dest->head.orig.l4dst.icmp.code =
+ orig->head.orig.l4dst.icmp.code;
}
static void copy_attr_icmp_id(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l4src.icmp.id =
- orig->tuple[__DIR_ORIG].l4src.icmp.id;
+ dest->head.orig.l4src.icmp.id =
+ orig->head.orig.l4src.icmp.id;
}
static void copy_attr_orig_l3proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].l3protonum = orig->tuple[__DIR_ORIG].l3protonum;
+ dest->head.orig.l3protonum = orig->head.orig.l3protonum;
}
static void copy_attr_repl_l3proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].l3protonum = orig->tuple[__DIR_REPL].l3protonum;
+ dest->repl.l3protonum = orig->repl.l3protonum;
}
static void copy_attr_orig_l4proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].protonum = orig->tuple[__DIR_ORIG].protonum;
+ dest->head.orig.protonum = orig->head.orig.protonum;
}
static void copy_attr_repl_l4proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].protonum = orig->tuple[__DIR_REPL].protonum;
+ dest->repl.protonum = orig->repl.protonum;
}
static void copy_attr_master_ipv4_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].src.v4 = orig->tuple[__DIR_MASTER].src.v4;
+ dest->master.src.v4 = orig->master.src.v4;
}
static void copy_attr_master_ipv4_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].dst.v4 = orig->tuple[__DIR_MASTER].dst.v4;
+ dest->master.dst.v4 = orig->master.dst.v4;
}
static void copy_attr_master_ipv6_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_MASTER].src,
- &orig->tuple[__DIR_MASTER].src,
+ memcpy(&dest->master.src, &orig->master.src,
sizeof(union __nfct_address));
}
static void copy_attr_master_ipv6_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- memcpy(&dest->tuple[__DIR_MASTER].dst,
- &orig->tuple[__DIR_MASTER].dst,
+ memcpy(&dest->master.dst, &orig->master.dst,
sizeof(union __nfct_address));
}
static void copy_attr_master_port_src(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].l4src.all =
- orig->tuple[__DIR_MASTER].l4src.all;
+ dest->master.l4src.all = orig->master.l4src.all;
}
static void copy_attr_master_port_dst(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].l4dst.all =
- orig->tuple[__DIR_MASTER].l4dst.all;
+ dest->master.l4dst.all = orig->master.l4dst.all;
}
static void copy_attr_master_l3proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].l3protonum =
- orig->tuple[__DIR_MASTER].l3protonum;
+ dest->master.l3protonum = orig->master.l3protonum;
}
static void copy_attr_master_l4proto(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_MASTER].protonum =
- orig->tuple[__DIR_MASTER].protonum;
+ dest->master.protonum = orig->master.protonum;
}
static void copy_attr_tcp_state(struct nf_conntrack *dest,
@@ -365,43 +359,43 @@ static void copy_attr_id(struct nf_conntrack *dest,
static void copy_attr_orig_cor_pos(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].natseq.correction_pos =
- orig->tuple[__DIR_ORIG].natseq.correction_pos;
+ dest->natseq[__DIR_ORIG].correction_pos =
+ orig->natseq[__DIR_ORIG].correction_pos;
}
static void copy_attr_orig_off_bfr(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].natseq.offset_before =
- orig->tuple[__DIR_ORIG].natseq.offset_before;
+ dest->natseq[__DIR_ORIG].offset_before =
+ orig->natseq[__DIR_ORIG].offset_before;
}
static void copy_attr_orig_off_aft(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_ORIG].natseq.offset_after =
- orig->tuple[__DIR_ORIG].natseq.offset_after;
+ dest->natseq[__DIR_ORIG].offset_after =
+ orig->natseq[__DIR_ORIG].offset_after;
}
static void copy_attr_repl_cor_pos(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].natseq.correction_pos =
- orig->tuple[__DIR_REPL].natseq.correction_pos;
+ dest->natseq[__DIR_REPL].correction_pos =
+ orig->natseq[__DIR_REPL].correction_pos;
}
static void copy_attr_repl_off_bfr(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].natseq.offset_before =
- orig->tuple[__DIR_REPL].natseq.offset_before;
+ dest->natseq[__DIR_REPL].offset_before =
+ orig->natseq[__DIR_REPL].offset_before;
}
static void copy_attr_repl_off_aft(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
- dest->tuple[__DIR_REPL].natseq.offset_after =
- orig->tuple[__DIR_REPL].natseq.offset_after;
+ dest->natseq[__DIR_REPL].offset_after =
+ orig->natseq[__DIR_REPL].offset_after;
}
static void copy_attr_helper_name(struct nf_conntrack *dest,
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index c94fe2e..5e0a450 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -11,137 +11,137 @@
static const void *get_attr_orig_ipv4_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].src.v4;
+ return &ct->head.orig.src.v4;
}
static const void *get_attr_orig_ipv4_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].dst.v4;
+ return &ct->head.orig.dst.v4;
}
static const void *get_attr_repl_ipv4_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].src.v4;
+ return &ct->repl.src.v4;
}
static const void *get_attr_repl_ipv4_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].dst.v4;
+ return &ct->repl.dst.v4;
}
static const void *get_attr_orig_ipv6_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].src.v6;
+ return &ct->head.orig.src.v6;
}
static const void *get_attr_orig_ipv6_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].dst.v6;
+ return &ct->head.orig.dst.v6;
}
static const void *get_attr_repl_ipv6_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].src.v6;
+ return &ct->repl.src.v6;
}
static const void *get_attr_repl_ipv6_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].dst.v6;
+ return &ct->repl.dst.v6;
}
static const void *get_attr_orig_port_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l4src.all;
+ return &ct->head.orig.l4src.all;
}
static const void *get_attr_orig_port_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l4dst.all;
+ return &ct->head.orig.l4dst.all;
}
static const void *get_attr_repl_port_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].l4src.all;
+ return &ct->repl.l4src.all;
}
static const void *get_attr_repl_port_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].l4dst.all;
+ return &ct->repl.l4dst.all;
}
static const void *get_attr_icmp_type(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l4dst.icmp.type;
+ return &ct->head.orig.l4dst.icmp.type;
}
static const void *get_attr_icmp_code(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l4dst.icmp.code;
+ return &ct->head.orig.l4dst.icmp.code;
}
static const void *get_attr_icmp_id(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l4src.icmp.id;
+ return &ct->head.orig.l4src.icmp.id;
}
static const void *get_attr_orig_l3proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].l3protonum;
+ return &ct->head.orig.l3protonum;
}
static const void *get_attr_repl_l3proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].l3protonum;
+ return &ct->repl.l3protonum;
}
static const void *get_attr_orig_l4proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].protonum;
+ return &ct->head.orig.protonum;
}
static const void *get_attr_repl_l4proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].protonum;
+ return &ct->repl.protonum;
}
static const void *get_attr_master_ipv4_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].src.v4;
+ return &ct->master.src.v4;
}
static const void *get_attr_master_ipv4_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].dst.v4;
+ return &ct->master.dst.v4;
}
static const void *get_attr_master_ipv6_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].src.v6;
+ return &ct->master.src.v6;
}
static const void *get_attr_master_ipv6_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].dst.v6;
+ return &ct->master.dst.v6;
}
static const void *get_attr_master_port_src(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].l4src.all;
+ return &ct->master.l4src.all;
}
static const void *get_attr_master_port_dst(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].l4dst.all;
+ return &ct->master.l4dst.all;
}
static const void *get_attr_master_l3proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].l3protonum;
+ return &ct->master.l3protonum;
}
static const void *get_attr_master_l4proto(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_MASTER].protonum;
+ return &ct->master.protonum;
}
static const void *get_attr_tcp_state(const struct nf_conntrack *ct)
@@ -266,32 +266,32 @@ static const void *get_attr_id(const struct nf_conntrack *ct)
static const void *get_attr_orig_cor_pos(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].natseq.correction_pos;
+ return &ct->natseq[__DIR_ORIG].correction_pos;
}
static const void *get_attr_orig_off_bfr(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].natseq.offset_before;
+ return &ct->natseq[__DIR_ORIG].offset_before;
}
static const void *get_attr_orig_off_aft(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_ORIG].natseq.offset_after;
+ return &ct->natseq[__DIR_ORIG].offset_after;
}
static const void *get_attr_repl_cor_pos(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].natseq.correction_pos;
+ return &ct->natseq[__DIR_REPL].correction_pos;
}
static const void *get_attr_repl_off_bfr(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].natseq.offset_before;
+ return &ct->natseq[__DIR_REPL].offset_before;
}
static const void *get_attr_repl_off_aft(const struct nf_conntrack *ct)
{
- return &ct->tuple[__DIR_REPL].natseq.offset_after;
+ return &ct->natseq[__DIR_REPL].offset_after;
}
static const void *get_attr_helper_name(const struct nf_conntrack *ct)
diff --git a/src/conntrack/grp_getter.c b/src/conntrack/grp_getter.c
index db5b67d..a8d43cf 100644
--- a/src/conntrack/grp_getter.c
+++ b/src/conntrack/grp_getter.c
@@ -12,72 +12,72 @@
static void get_attr_grp_orig_ipv4(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv4 *this = data;
- this->src = ct->tuple[__DIR_ORIG].src.v4;
- this->dst = ct->tuple[__DIR_ORIG].dst.v4;
+ this->src = ct->head.orig.src.v4;
+ this->dst = ct->head.orig.dst.v4;
}
static void get_attr_grp_repl_ipv4(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv4 *this = data;
- this->src = ct->tuple[__DIR_REPL].src.v4;
- this->dst = ct->tuple[__DIR_REPL].dst.v4;
+ this->src = ct->repl.src.v4;
+ this->dst = ct->repl.dst.v4;
}
static void get_attr_grp_orig_ipv6(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv6 *this = data;
- memcpy(this->src, &ct->tuple[__DIR_ORIG].src.v6, sizeof(u_int32_t)*4);
- memcpy(this->dst, &ct->tuple[__DIR_ORIG].dst.v6, sizeof(u_int32_t)*4);
+ memcpy(this->src, &ct->head.orig.src.v6, sizeof(u_int32_t)*4);
+ memcpy(this->dst, &ct->head.orig.dst.v6, sizeof(u_int32_t)*4);
}
static void get_attr_grp_repl_ipv6(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv6 *this = data;
- memcpy(this->src, &ct->tuple[__DIR_REPL].src.v6, sizeof(u_int32_t)*4);
- memcpy(this->dst, &ct->tuple[__DIR_REPL].dst.v6, sizeof(u_int32_t)*4);
+ memcpy(this->src, &ct->repl.src.v6, sizeof(u_int32_t)*4);
+ memcpy(this->dst, &ct->repl.dst.v6, sizeof(u_int32_t)*4);
}
static void get_attr_grp_orig_port(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_port *this = data;
- this->sport = ct->tuple[__DIR_ORIG].l4src.all;
- this->dport = ct->tuple[__DIR_ORIG].l4dst.all;
+ this->sport = ct->head.orig.l4src.all;
+ this->dport = ct->head.orig.l4dst.all;
}
static void get_attr_grp_repl_port(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_port *this = data;
- this->sport = ct->tuple[__DIR_REPL].l4src.all;
- this->dport = ct->tuple[__DIR_REPL].l4dst.all;
+ this->sport = ct->repl.l4src.all;
+ this->dport = ct->repl.l4dst.all;
}
static void get_attr_grp_icmp(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_icmp *this = data;
- this->type = ct->tuple[__DIR_ORIG].l4dst.icmp.type;
- this->code = ct->tuple[__DIR_ORIG].l4dst.icmp.code;
- this->id = ct->tuple[__DIR_ORIG].l4src.icmp.id;
+ this->type = ct->head.orig.l4dst.icmp.type;
+ this->code = ct->head.orig.l4dst.icmp.code;
+ this->id = ct->head.orig.l4src.icmp.id;
}
static void get_attr_grp_master_ipv4(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv4 *this = data;
- this->src = ct->tuple[__DIR_MASTER].src.v4;
- this->dst = ct->tuple[__DIR_MASTER].dst.v4;
+ this->src = ct->master.src.v4;
+ this->dst = ct->master.dst.v4;
}
static void get_attr_grp_master_ipv6(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_ipv6 *this = data;
- memcpy(this->src, &ct->tuple[__DIR_MASTER].src.v6, sizeof(u_int32_t)*4);
- memcpy(this->dst, &ct->tuple[__DIR_MASTER].dst.v6, sizeof(u_int32_t)*4);
+ memcpy(this->src, &ct->master.src.v6, sizeof(u_int32_t)*4);
+ memcpy(this->dst, &ct->master.dst.v6, sizeof(u_int32_t)*4);
}
static void get_attr_grp_master_port(const struct nf_conntrack *ct, void *data)
{
struct nfct_attr_grp_port *this = data;
- this->sport = ct->tuple[__DIR_MASTER].l4src.all;
- this->dport = ct->tuple[__DIR_MASTER].l4dst.all;
+ this->sport = ct->master.l4src.all;
+ this->dport = ct->master.l4dst.all;
}
static void get_attr_grp_orig_ctrs(const struct nf_conntrack *ct, void *data)
diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c
index 324aa4c..0492a84 100644
--- a/src/conntrack/grp_setter.c
+++ b/src/conntrack/grp_setter.c
@@ -40,47 +40,47 @@ static const u_int8_t invmap_icmpv6[] = {
static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv4 *this = value;
- ct->tuple[__DIR_ORIG].src.v4 = this->src;
- ct->tuple[__DIR_ORIG].dst.v4 = this->dst;
- ct->tuple[__DIR_ORIG].l3protonum = AF_INET;
+ ct->head.orig.src.v4 = this->src;
+ ct->head.orig.dst.v4 = this->dst;
+ ct->head.orig.l3protonum = AF_INET;
}
static void set_attr_grp_repl_ipv4(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv4 *this = value;
- ct->tuple[__DIR_REPL].src.v4 = this->src;
- ct->tuple[__DIR_REPL].dst.v4 = this->dst;
- ct->tuple[__DIR_REPL].l3protonum = AF_INET;
+ ct->repl.src.v4 = this->src;
+ ct->repl.dst.v4 = this->dst;
+ ct->repl.l3protonum = AF_INET;
}
static void set_attr_grp_orig_ipv6(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv6 *this = value;
- memcpy(&ct->tuple[__DIR_ORIG].src.v6, this->src, sizeof(u_int32_t)*4);
- memcpy(&ct->tuple[__DIR_ORIG].dst.v6, this->dst, sizeof(u_int32_t)*4);
- ct->tuple[__DIR_ORIG].l3protonum = AF_INET6;
+ memcpy(&ct->head.orig.src.v6, this->src, sizeof(u_int32_t)*4);
+ memcpy(&ct->head.orig.dst.v6, this->dst, sizeof(u_int32_t)*4);
+ ct->head.orig.l3protonum = AF_INET6;
}
static void set_attr_grp_repl_ipv6(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv6 *this = value;
- memcpy(&ct->tuple[__DIR_REPL].src.v6, this->src, sizeof(u_int32_t)*4);
- memcpy(&ct->tuple[__DIR_REPL].dst.v6, this->dst, sizeof(u_int32_t)*4);
- ct->tuple[__DIR_REPL].l3protonum = AF_INET6;
+ memcpy(&ct->repl.src.v6, this->src, sizeof(u_int32_t)*4);
+ memcpy(&ct->repl.dst.v6, this->dst, sizeof(u_int32_t)*4);
+ ct->repl.l3protonum = AF_INET6;
}
static void set_attr_grp_orig_port(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_port *this = value;
- ct->tuple[__DIR_ORIG].l4src.all = this->sport;
- ct->tuple[__DIR_ORIG].l4dst.all = this->dport;
+ ct->head.orig.l4src.all = this->sport;
+ ct->head.orig.l4dst.all = this->dport;
}
static void set_attr_grp_repl_port(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_port *this = value;
- ct->tuple[__DIR_REPL].l4src.all = this->sport;
- ct->tuple[__DIR_REPL].l4dst.all = this->dport;
+ ct->repl.l4src.all = this->sport;
+ ct->repl.l4dst.all = this->dport;
}
static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
@@ -88,9 +88,9 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
u_int8_t rtype;
const struct nfct_attr_grp_icmp *this = value;
- ct->tuple[__DIR_ORIG].l4dst.icmp.type = this->type;
+ ct->head.orig.l4dst.icmp.type = this->type;
- switch(ct->tuple[__DIR_ORIG].l3protonum) {
+ switch(ct->head.orig.l3protonum) {
case AF_INET:
rtype = invmap_icmp[this->type];
break;
@@ -104,38 +104,38 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
}
if (rtype)
- ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1;
+ ct->repl.l4dst.icmp.type = rtype - 1;
else
- ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* -EINVAL */
+ ct->repl.l4dst.icmp.type = 255; /* -EINVAL */
- ct->tuple[__DIR_ORIG].l4dst.icmp.code = this->code;
- ct->tuple[__DIR_REPL].l4dst.icmp.code = this->code;
+ ct->head.orig.l4dst.icmp.code = this->code;
+ ct->repl.l4dst.icmp.code = this->code;
- ct->tuple[__DIR_ORIG].l4src.icmp.id = this->id;
- ct->tuple[__DIR_REPL].l4src.icmp.id = this->id;
+ ct->head.orig.l4src.icmp.id = this->id;
+ ct->repl.l4src.icmp.id = this->id;
}
static void set_attr_grp_master_ipv4(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv4 *this = value;
- ct->tuple[__DIR_MASTER].src.v4 = this->src;
- ct->tuple[__DIR_MASTER].dst.v4 = this->dst;
- ct->tuple[__DIR_MASTER].l3protonum = AF_INET;
+ ct->master.src.v4 = this->src;
+ ct->master.dst.v4 = this->dst;
+ ct->master.l3protonum = AF_INET;
}
static void set_attr_grp_master_ipv6(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_ipv6 *this = value;
- memcpy(&ct->tuple[__DIR_MASTER].src.v6, this->src, sizeof(u_int32_t)*4);
- memcpy(&ct->tuple[__DIR_MASTER].dst.v6, this->dst, sizeof(u_int32_t)*4);
- ct->tuple[__DIR_MASTER].l3protonum = AF_INET6;
+ memcpy(&ct->master.src.v6, this->src, sizeof(u_int32_t)*4);
+ memcpy(&ct->master.dst.v6, this->dst, sizeof(u_int32_t)*4);
+ ct->master.l3protonum = AF_INET6;
}
static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value)
{
const struct nfct_attr_grp_port *this = value;
- ct->tuple[__DIR_MASTER].l4src.all = this->sport;
- ct->tuple[__DIR_MASTER].l4dst.all = this->dport;
+ ct->master.l4src.all = this->sport;
+ ct->master.l4dst.all = this->dport;
}
static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value)
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
index d2035fb..5898746 100644
--- a/src/conntrack/objopt.c
+++ b/src/conntrack/objopt.c
@@ -11,27 +11,34 @@
static void __autocomplete(struct nf_conntrack *ct, int dir)
{
- int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG;
+ struct __nfct_tuple *this = NULL, *other = NULL;
- ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum;
- ct->tuple[dir].protonum = ct->tuple[other].protonum;
+ switch(dir) {
+ case __DIR_ORIG:
+ this = &ct->head.orig;
+ other = &ct->repl;
+ break;
+ case __DIR_REPL:
+ this = &ct->repl;
+ other = &ct->head.orig;
+ break;
+ }
+
+ this->l3protonum = other->l3protonum;
+ this->protonum = other->protonum;
- memcpy(&ct->tuple[dir].src.v6,
- &ct->tuple[other].dst.v6,
- sizeof(union __nfct_address));
- memcpy(&ct->tuple[dir].dst.v6,
- &ct->tuple[other].src.v6,
- sizeof(union __nfct_address));
+ memcpy(&this->src.v6, &other->dst.v6, sizeof(union __nfct_address));
+ memcpy(&this->dst.v6, &other->src.v6, sizeof(union __nfct_address));
- switch(ct->tuple[dir].protonum) {
+ switch(this->protonum) {
case IPPROTO_UDP:
case IPPROTO_TCP:
case IPPROTO_SCTP:
case IPPROTO_DCCP:
case IPPROTO_GRE:
case IPPROTO_UDPLITE:
- ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all;
- ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all;
+ this->l4src.all = other->l4dst.all;
+ this->l4dst.all = other->l4src.all;
break;
case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
@@ -40,41 +47,41 @@ static void __autocomplete(struct nf_conntrack *ct, int dir)
}
/* XXX: this is safe but better convert bitset to uint64_t */
- ct->set[0] |= TS_ORIG | TS_REPL;
+ ct->head.set[0] |= TS_ORIG | TS_REPL;
}
static void setobjopt_undo_snat(struct nf_conntrack *ct)
{
- ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4;
+ ct->snat.min_ip = ct->repl.dst.v4;
ct->snat.max_ip = ct->snat.min_ip;
- ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4;
- set_bit(ATTR_SNAT_IPV4, ct->set);
+ ct->repl.dst.v4 = ct->head.orig.src.v4;
+ set_bit(ATTR_SNAT_IPV4, ct->head.set);
}
static void setobjopt_undo_dnat(struct nf_conntrack *ct)
{
- ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4;
+ ct->dnat.min_ip = ct->repl.src.v4;
ct->dnat.max_ip = ct->dnat.min_ip;
- ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4;
- set_bit(ATTR_DNAT_IPV4, ct->set);
+ ct->repl.src.v4 = ct->head.orig.dst.v4;
+ set_bit(ATTR_DNAT_IPV4, ct->head.set);
}
static void setobjopt_undo_spat(struct nf_conntrack *ct)
{
- ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port;
+ ct->snat.l4min.all = ct->repl.l4dst.tcp.port;
ct->snat.l4max.all = ct->snat.l4min.all;
- ct->tuple[__DIR_REPL].l4dst.tcp.port =
- ct->tuple[__DIR_ORIG].l4src.tcp.port;
- set_bit(ATTR_SNAT_PORT, ct->set);
+ ct->repl.l4dst.tcp.port =
+ ct->head.orig.l4src.tcp.port;
+ set_bit(ATTR_SNAT_PORT, ct->head.set);
}
static void setobjopt_undo_dpat(struct nf_conntrack *ct)
{
- ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port;
+ ct->dnat.l4min.all = ct->repl.l4src.tcp.port;
ct->dnat.l4max.all = ct->dnat.l4min.all;
- ct->tuple[__DIR_REPL].l4src.tcp.port =
- ct->tuple[__DIR_ORIG].l4dst.tcp.port;
- set_bit(ATTR_DNAT_PORT, ct->set);
+ ct->repl.l4src.tcp.port =
+ ct->head.orig.l4dst.tcp.port;
+ set_bit(ATTR_DNAT_PORT, ct->head.set);
}
static void setobjopt_setup_orig(struct nf_conntrack *ct)
@@ -107,34 +114,34 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option)
static int getobjopt_is_snat(const struct nf_conntrack *ct)
{
- return ((test_bit(ATTR_STATUS, ct->set) ?
+ return ((test_bit(ATTR_STATUS, ct->head.set) ?
ct->status & IPS_SRC_NAT_DONE : 1) &&
- ct->tuple[__DIR_REPL].dst.v4 !=
- ct->tuple[__DIR_ORIG].src.v4);
+ ct->repl.dst.v4 !=
+ ct->head.orig.src.v4);
}
static int getobjopt_is_dnat(const struct nf_conntrack *ct)
{
- return ((test_bit(ATTR_STATUS, ct->set) ?
+ return ((test_bit(ATTR_STATUS, ct->head.set) ?
ct->status & IPS_DST_NAT_DONE : 1) &&
- ct->tuple[__DIR_REPL].src.v4 !=
- ct->tuple[__DIR_ORIG].dst.v4);
+ ct->repl.src.v4 !=
+ ct->head.orig.dst.v4);
}
static int getobjopt_is_spat(const struct nf_conntrack *ct)
{
- return ((test_bit(ATTR_STATUS, ct->set) ?
+ return ((test_bit(ATTR_STATUS, ct->head.set) ?
ct->status & IPS_SRC_NAT_DONE : 1) &&
- ct->tuple[__DIR_REPL].l4dst.tcp.port !=
- ct->tuple[__DIR_ORIG].l4src.tcp.port);
+ ct->repl.l4dst.tcp.port !=
+ ct->head.orig.l4src.tcp.port);
}
static int getobjopt_is_dpat(const struct nf_conntrack *ct)
{
- return ((test_bit(ATTR_STATUS, ct->set) ?
+ return ((test_bit(ATTR_STATUS, ct->head.set) ?
ct->status & IPS_DST_NAT_DONE : 1) &&
- ct->tuple[__DIR_REPL].l4src.tcp.port !=
- ct->tuple[__DIR_ORIG].l4dst.tcp.port);
+ ct->repl.l4src.tcp.port !=
+ ct->head.orig.l4dst.tcp.port);
}
static const getobjopt getobjopt_array[__NFCT_GOPT_MAX] = {
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index cb2a8dc..b9f9a99 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -199,37 +199,37 @@ static void __parse_protoinfo_tcp(const struct nfattr *attr,
if (tb[CTA_PROTOINFO_TCP_STATE-1]) {
ct->protoinfo.tcp.state =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
- set_bit(ATTR_TCP_STATE, ct->set);
+ set_bit(ATTR_TCP_STATE, ct->head.set);
}
if (tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]) {
memcpy(&ct->protoinfo.tcp.wscale[__DIR_ORIG],
NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_ORIGINAL-1]),
sizeof(u_int8_t));
- set_bit(ATTR_TCP_WSCALE_ORIG, ct->set);
+ set_bit(ATTR_TCP_WSCALE_ORIG, ct->head.set);
}
if (tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]) {
memcpy(&ct->protoinfo.tcp.wscale[__DIR_REPL],
NFA_DATA(tb[CTA_PROTOINFO_TCP_WSCALE_REPLY-1]),
sizeof(u_int8_t));
- set_bit(ATTR_TCP_WSCALE_REPL, ct->set);
+ set_bit(ATTR_TCP_WSCALE_REPL, ct->head.set);
}
if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) {
memcpy(&ct->protoinfo.tcp.flags[0],
NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]),
sizeof(struct nf_ct_tcp_flags));
- set_bit(ATTR_TCP_FLAGS_ORIG, ct->set);
- set_bit(ATTR_TCP_MASK_ORIG, ct->set);
+ set_bit(ATTR_TCP_FLAGS_ORIG, ct->head.set);
+ set_bit(ATTR_TCP_MASK_ORIG, ct->head.set);
}
if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) {
memcpy(&ct->protoinfo.tcp.flags[1],
NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]),
sizeof(struct nf_ct_tcp_flags));
- set_bit(ATTR_TCP_FLAGS_REPL, ct->set);
- set_bit(ATTR_TCP_MASK_REPL, ct->set);
+ set_bit(ATTR_TCP_FLAGS_REPL, ct->head.set);
+ set_bit(ATTR_TCP_MASK_REPL, ct->head.set);
}
}
@@ -243,19 +243,19 @@ static void __parse_protoinfo_sctp(const struct nfattr *attr,
if (tb[CTA_PROTOINFO_SCTP_STATE-1]) {
ct->protoinfo.sctp.state =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_STATE-1]);
- set_bit(ATTR_SCTP_STATE, ct->set);
+ set_bit(ATTR_SCTP_STATE, ct->head.set);
}
if (tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1]) {
ct->protoinfo.sctp.vtag[__DIR_ORIG] =
ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL-1]));
- set_bit(ATTR_SCTP_VTAG_ORIG, ct->set);
+ set_bit(ATTR_SCTP_VTAG_ORIG, ct->head.set);
}
if (tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1]) {
ct->protoinfo.sctp.vtag[__DIR_REPL] =
ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY-1]));
- set_bit(ATTR_SCTP_VTAG_REPL, ct->set);
+ set_bit(ATTR_SCTP_VTAG_REPL, ct->head.set);
}
}
@@ -270,12 +270,12 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
if (tb[CTA_PROTOINFO_DCCP_STATE-1]) {
ct->protoinfo.dccp.state =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]);
- set_bit(ATTR_DCCP_STATE, ct->set);
+ set_bit(ATTR_DCCP_STATE, ct->head.set);
}
if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) {
ct->protoinfo.dccp.role =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]);
- set_bit(ATTR_DCCP_ROLE, ct->set);
+ set_bit(ATTR_DCCP_ROLE, ct->head.set);
}
if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]) {
u_int64_t tmp;
@@ -283,7 +283,7 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
NFA_DATA(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ-1]),
sizeof(tmp));
ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp);
- set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set);
+ set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->head.set);
}
}
@@ -328,10 +328,10 @@ static void __parse_counters(const struct nfattr *attr,
switch(dir) {
case __DIR_ORIG:
- set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set);
+ set_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set);
break;
case __DIR_REPL:
- set_bit(ATTR_REPL_COUNTER_PACKETS, ct->set);
+ set_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set);
break;
}
}
@@ -352,10 +352,10 @@ static void __parse_counters(const struct nfattr *attr,
switch(dir) {
case __DIR_ORIG:
- set_bit(ATTR_ORIG_COUNTER_BYTES, ct->set);
+ set_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set);
break;
case __DIR_REPL:
- set_bit(ATTR_REPL_COUNTER_BYTES, ct->set);
+ set_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set);
break;
}
}
@@ -369,40 +369,40 @@ __parse_nat_seq(const struct nfattr *attr, struct nf_conntrack *ct, int dir)
nfnl_parse_nested(tb, CTA_NAT_SEQ_MAX, attr);
if (tb[CTA_NAT_SEQ_CORRECTION_POS-1]) {
- ct->tuple[dir].natseq.correction_pos =
- ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1]));
+ ct->natseq[dir].correction_pos =
+ ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_CORRECTION_POS-1]));
switch(dir) {
case __DIR_ORIG:
- set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->set);
+ set_bit(ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ct->head.set);
break;
case __DIR_REPL:
- set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->set);
+ set_bit(ATTR_REPL_NAT_SEQ_CORRECTION_POS, ct->head.set);
break;
}
}
if (tb[CTA_NAT_SEQ_OFFSET_BEFORE-1]) {
- ct->tuple[dir].natseq.offset_before =
+ ct->natseq[dir].offset_before =
ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_BEFORE-1]));
switch(dir) {
case __DIR_ORIG:
- set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->set);
+ set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ct->head.set);
break;
case __DIR_REPL:
- set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->set);
+ set_bit(ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ct->head.set);
break;
}
}
if (tb[CTA_NAT_SEQ_OFFSET_AFTER-1]) {
- ct->tuple[dir].natseq.offset_after =
+ ct->natseq[dir].offset_after =
ntohl(*(u_int32_t *)NFA_DATA(tb[CTA_NAT_SEQ_OFFSET_AFTER-1]));
switch(dir) {
case __DIR_ORIG:
- set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->set);
+ set_bit(ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ct->head.set);
break;
case __DIR_REPL:
- set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->set);
+ set_bit(ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ct->head.set);
break;
}
}
@@ -421,7 +421,7 @@ __parse_helper(const struct nfattr *attr, struct nf_conntrack *ct)
NFA_DATA(tb[CTA_HELP_NAME-1]),
NFCT_HELPER_NAME_MAX);
ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
- set_bit(ATTR_HELPER_NAME, ct->set);
+ set_bit(ATTR_HELPER_NAME, ct->head.set);
}
static void
@@ -435,7 +435,7 @@ __parse_secctx(const struct nfattr *attr, struct nf_conntrack *ct)
ct->secctx = strdup(NFA_DATA(tb[CTA_SECCTX_NAME-1]));
if (ct->secctx)
- set_bit(ATTR_SECCTX, ct->set);
+ set_bit(ATTR_SECCTX, ct->head.set);
}
int __parse_message_type(const struct nlmsghdr *nlh)
@@ -465,13 +465,13 @@ __parse_timestamp(const struct nfattr *attr, struct nf_conntrack *ct)
u_int64_t tmp;
memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_START-1]), sizeof(tmp));
ct->timestamp.start = __be64_to_cpu(tmp);
- set_bit(ATTR_TIMESTAMP_START, ct->set);
+ set_bit(ATTR_TIMESTAMP_START, ct->head.set);
}
if (tb[CTA_TIMESTAMP_STOP-1]) {
u_int64_t tmp;
memcpy(&tmp, NFA_DATA(tb[CTA_TIMESTAMP_STOP-1]), sizeof(tmp));
ct->timestamp.stop = __be64_to_cpu(tmp);
- set_bit(ATTR_TIMESTAMP_STOP, ct->set);
+ set_bit(ATTR_TIMESTAMP_STOP, ct->head.set);
}
}
@@ -482,27 +482,27 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
struct nfgenmsg *nfhdr = NLMSG_DATA(nlh);
if (cda[CTA_TUPLE_ORIG-1]) {
- ct->tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
- set_bit(ATTR_ORIG_L3PROTO, ct->set);
+ ct->head.orig.l3protonum = nfhdr->nfgen_family;
+ set_bit(ATTR_ORIG_L3PROTO, ct->head.set);
__parse_tuple(cda[CTA_TUPLE_ORIG-1],
- &ct->tuple[__DIR_ORIG], __DIR_ORIG, ct->set);
+ &ct->head.orig, __DIR_ORIG, ct->head.set);
}
if (cda[CTA_TUPLE_REPLY-1]) {
- ct->tuple[__DIR_REPL].l3protonum = nfhdr->nfgen_family;
- set_bit(ATTR_REPL_L3PROTO, ct->set);
+ ct->repl.l3protonum = nfhdr->nfgen_family;
+ set_bit(ATTR_REPL_L3PROTO, ct->head.set);
__parse_tuple(cda[CTA_TUPLE_REPLY-1],
- &ct->tuple[__DIR_REPL], __DIR_REPL, ct->set);
+ &ct->repl, __DIR_REPL, ct->head.set);
}
if (cda[CTA_TUPLE_MASTER-1]) {
- ct->tuple[__DIR_MASTER].l3protonum = nfhdr->nfgen_family;
- set_bit(ATTR_MASTER_L3PROTO, ct->set);
+ ct->master.l3protonum = nfhdr->nfgen_family;
+ set_bit(ATTR_MASTER_L3PROTO, ct->head.set);
__parse_tuple(cda[CTA_TUPLE_MASTER-1],
- &ct->tuple[__DIR_MASTER], __DIR_MASTER, ct->set);
+ &ct->master, __DIR_MASTER, ct->head.set);
}
if (cda[CTA_NAT_SEQ_ADJ_ORIG-1])
@@ -513,7 +513,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
if (cda[CTA_STATUS-1]) {
ct->status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
- set_bit(ATTR_STATUS, ct->set);
+ set_bit(ATTR_STATUS, ct->head.set);
}
if (cda[CTA_PROTOINFO-1])
@@ -521,17 +521,17 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
if (cda[CTA_TIMEOUT-1]) {
ct->timeout = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1]));
- set_bit(ATTR_TIMEOUT, ct->set);
+ set_bit(ATTR_TIMEOUT, ct->head.set);
}
if (cda[CTA_MARK-1]) {
ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
- set_bit(ATTR_MARK, ct->set);
+ set_bit(ATTR_MARK, ct->head.set);
}
if (cda[CTA_SECMARK-1]) {
ct->secmark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_SECMARK-1]));
- set_bit(ATTR_SECMARK, ct->set);
+ set_bit(ATTR_SECMARK, ct->head.set);
}
if (cda[CTA_COUNTERS_ORIG-1])
@@ -542,12 +542,12 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
if (cda[CTA_USE-1]) {
ct->use = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_USE-1]));
- set_bit(ATTR_USE, ct->set);
+ set_bit(ATTR_USE, ct->head.set);
}
if (cda[CTA_ID-1]) {
ct->id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_ID-1]));
- set_bit(ATTR_ID, ct->set);
+ set_bit(ATTR_ID, ct->head.set);
}
if (cda[CTA_HELP-1])
@@ -555,7 +555,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
if (cda[CTA_ZONE-1]) {
ct->zone = ntohs(*(u_int16_t *)NFA_DATA(cda[CTA_ZONE-1]));
- set_bit(ATTR_ZONE, ct->set);
+ set_bit(ATTR_ZONE, ct->head.set);
}
if (cda[CTA_SECCTX-1])
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 3969859..626d4df 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -39,71 +39,71 @@ static const u_int8_t invmap_icmpv6[] = {
static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].src.v4 = *((u_int32_t *) value);
+ ct->head.orig.src.v4 = *((u_int32_t *) value);
}
static void set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].dst.v4 = *((u_int32_t *) value);
+ ct->head.orig.dst.v4 = *((u_int32_t *) value);
}
static void set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].src.v4 = *((u_int32_t *) value);
+ ct->repl.src.v4 = *((u_int32_t *) value);
}
static void set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].dst.v4 = *((u_int32_t *) value);
+ ct->repl.dst.v4 = *((u_int32_t *) value);
}
static void set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_ORIG].src.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->head.orig.src.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_ORIG].dst.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->head.orig.dst.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_REPL].src.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->repl.src.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_REPL].dst.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->repl.dst.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_orig_port_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].l4src.all = *((u_int16_t *) value);
+ ct->head.orig.l4src.all = *((u_int16_t *) value);
}
static void set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].l4dst.all = *((u_int16_t *) value);
+ ct->head.orig.l4dst.all = *((u_int16_t *) value);
}
static void set_attr_repl_port_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].l4src.all = *((u_int16_t *) value);
+ ct->repl.l4src.all = *((u_int16_t *) value);
}
static void set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].l4dst.all = *((u_int16_t *) value);
+ ct->repl.l4dst.all = *((u_int16_t *) value);
}
static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value)
{
u_int8_t rtype;
- ct->tuple[__DIR_ORIG].l4dst.icmp.type = *((u_int8_t *) value);
+ ct->head.orig.l4dst.icmp.type = *((u_int8_t *) value);
- switch(ct->tuple[__DIR_ORIG].l3protonum) {
+ switch(ct->head.orig.l3protonum) {
case AF_INET:
rtype = invmap_icmp[*((u_int8_t *) value)];
break;
@@ -117,42 +117,42 @@ static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value)
}
if (rtype)
- ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1;
+ ct->repl.l4dst.icmp.type = rtype - 1;
else
- ct->tuple[__DIR_REPL].l4dst.icmp.type = 255; /* will fail with -EINVAL */
+ ct->repl.l4dst.icmp.type = 255; /* will fail with -EINVAL */
}
static void set_attr_icmp_code(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].l4dst.icmp.code = *((u_int8_t *) value);
- ct->tuple[__DIR_REPL].l4dst.icmp.code = *((u_int8_t *) value);
+ ct->head.orig.l4dst.icmp.code = *((u_int8_t *) value);
+ ct->repl.l4dst.icmp.code = *((u_int8_t *) value);
}
static void set_attr_icmp_id(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].l4src.icmp.id = *((u_int16_t *) value);
- ct->tuple[__DIR_REPL].l4src.icmp.id = *((u_int16_t *) value);
+ ct->head.orig.l4src.icmp.id = *((u_int16_t *) value);
+ ct->repl.l4src.icmp.id = *((u_int16_t *) value);
}
static void set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].l3protonum = *((u_int8_t *) value);
+ ct->head.orig.l3protonum = *((u_int8_t *) value);
}
static void set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].l3protonum = *((u_int8_t *) value);
+ ct->repl.l3protonum = *((u_int8_t *) value);
}
static void set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].protonum = *((u_int8_t *) value);
+ ct->head.orig.protonum = *((u_int8_t *) value);
}
static void set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].protonum = *((u_int8_t *) value);
+ ct->repl.protonum = *((u_int8_t *) value);
}
static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value)
@@ -242,72 +242,72 @@ static void set_attr_id(struct nf_conntrack *ct, const void *value)
static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value);
+ ct->master.src.v4 = *((u_int32_t *) value);
}
static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value);
+ ct->master.dst.v4 = *((u_int32_t *) value);
}
static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->master.dst.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value)
{
- memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4);
+ memcpy(&ct->master.src.v6, value, sizeof(u_int32_t)*4);
}
static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value);
+ ct->master.l4src.all = *((u_int16_t *) value);
}
static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value);
+ ct->master.l4dst.all = *((u_int16_t *) value);
}
static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value);
+ ct->master.l3protonum = *((u_int8_t *) value);
}
static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value);
+ ct->master.protonum = *((u_int8_t *) value);
}
static void set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].natseq.correction_pos = *((u_int32_t *) value);
+ ct->natseq[__DIR_ORIG].correction_pos = *((u_int32_t *) value);
}
static void set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].natseq.offset_before = *((u_int32_t *) value);
+ ct->natseq[__DIR_ORIG].offset_before = *((u_int32_t *) value);
}
static void set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_ORIG].natseq.offset_after = *((u_int32_t *) value);
+ ct->natseq[__DIR_ORIG].offset_after = *((u_int32_t *) value);
}
static void set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].natseq.correction_pos = *((u_int32_t *) value);
+ ct->natseq[__DIR_REPL].correction_pos = *((u_int32_t *) value);
}
static void set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].natseq.offset_before = *((u_int32_t *) value);
+ ct->natseq[__DIR_REPL].offset_before = *((u_int32_t *) value);
}
static void set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value)
{
- ct->tuple[__DIR_REPL].natseq.offset_after = *((u_int32_t *) value);
+ ct->natseq[__DIR_REPL].offset_after = *((u_int32_t *) value);
}
static void set_attr_helper_name(struct nf_conntrack *ct, const void *value)
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 158e404..206b9c0 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -14,9 +14,9 @@ static int __snprintf_l3protocol(char *buf,
const struct nf_conntrack *ct)
{
return (snprintf(buf, len, "%-8s %u ",
- l3proto2str[ct->tuple[__DIR_ORIG].l3protonum] == NULL ?
- "unknown" : l3proto2str[ct->tuple[__DIR_ORIG].l3protonum],
- ct->tuple[__DIR_ORIG].l3protonum));
+ l3proto2str[ct->head.orig.l3protonum] == NULL ?
+ "unknown" : l3proto2str[ct->head.orig.l3protonum],
+ ct->head.orig.l3protonum));
}
int __snprintf_protocol(char *buf,
@@ -24,9 +24,9 @@ int __snprintf_protocol(char *buf,
const struct nf_conntrack *ct)
{
return (snprintf(buf, len, "%-8s %u ",
- proto2str[ct->tuple[__DIR_ORIG].protonum] == NULL ?
- "unknown" : proto2str[ct->tuple[__DIR_ORIG].protonum],
- ct->tuple[__DIR_ORIG].protonum));
+ proto2str[ct->head.orig.protonum] == NULL ?
+ "unknown" : proto2str[ct->head.orig.protonum],
+ ct->head.orig.protonum));
}
static int __snprintf_timeout(char *buf,
@@ -314,103 +314,103 @@ int __snprintf_conntrack_default(char *buf,
ret = __snprintf_protocol(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
- if (test_bit(ATTR_TIMEOUT, ct->set)) {
+ if (test_bit(ATTR_TIMEOUT, ct->head.set)) {
ret = __snprintf_timeout(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TCP_STATE, ct->set)) {
+ if (test_bit(ATTR_TCP_STATE, ct->head.set)) {
ret = __snprintf_protoinfo(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SCTP_STATE, ct->set)) {
+ if (test_bit(ATTR_SCTP_STATE, ct->head.set)) {
ret = __snprintf_protoinfo_sctp(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_DCCP_STATE, ct->set)) {
+ if (test_bit(ATTR_DCCP_STATE, ct->head.set)) {
ret = __snprintf_protoinfo_dccp(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_ORIG],
+ ret = __snprintf_address(buf+offset, len, &ct->head.orig,
"src", "dst");
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_ORIG]);
+ ret = __snprintf_proto(buf+offset, len, &ct->head.orig);
BUFFER_SIZE(ret, size, len, offset);
- if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) &&
- test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) {
+ if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) &&
+ test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) {
ret = __snprintf_counters(buf+offset, len, ct, __DIR_ORIG);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_STATUS, ct->set)) {
+ if (test_bit(ATTR_STATUS, ct->head.set)) {
ret = __snprintf_status_not_seen_reply(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- ret = __snprintf_address(buf+offset, len, &ct->tuple[__DIR_REPL],
+ ret = __snprintf_address(buf+offset, len, &ct->repl,
"src", "dst");
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_proto(buf+offset, len, &ct->tuple[__DIR_REPL]);
+ ret = __snprintf_proto(buf+offset, len, &ct->repl);
BUFFER_SIZE(ret, size, len, offset);
- if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->set) &&
- test_bit(ATTR_REPL_COUNTER_BYTES, ct->set)) {
+ if (test_bit(ATTR_REPL_COUNTER_PACKETS, ct->head.set) &&
+ test_bit(ATTR_REPL_COUNTER_BYTES, ct->head.set)) {
ret = __snprintf_counters(buf+offset, len, ct, __DIR_REPL);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_STATUS, ct->set)) {
+ if (test_bit(ATTR_STATUS, ct->head.set)) {
ret = __snprintf_status_assured(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_MARK, ct->set)) {
+ if (test_bit(ATTR_MARK, ct->head.set)) {
ret = __snprintf_mark(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SECMARK, ct->set)) {
+ if (test_bit(ATTR_SECMARK, ct->head.set)) {
ret = __snprintf_secmark(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SECCTX, ct->set)) {
+ if (test_bit(ATTR_SECCTX, ct->head.set)) {
ret = __snprintf_secctx(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_ZONE, ct->set)) {
+ if (test_bit(ATTR_ZONE, ct->head.set)) {
ret = __snprintf_zone(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) {
ret = __snprintf_timestamp_delta(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
if (flags & NFCT_OF_TIMESTAMP) {
- if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) {
ret = __snprintf_timestamp_start(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = __snprintf_timestamp_stop(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
}
- if (test_bit(ATTR_USE, ct->set)) {
+ if (test_bit(ATTR_USE, ct->head.set)) {
ret = __snprintf_use(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->set)) {
+ if (flags & NFCT_OF_ID && test_bit(ATTR_ID, ct->head.set)) {
ret = __snprintf_id(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c
index 72e2787..63c814a 100644
--- a/src/conntrack/snprintf_xml.c
+++ b/src/conntrack/snprintf_xml.c
@@ -298,8 +298,16 @@ static int __snprintf_tuple_xml(char *buf,
{
int ret;
unsigned int size = 0, offset = 0;
- const struct __nfct_tuple *tuple = &ct->tuple[dir];
+ const struct __nfct_tuple *tuple = NULL;
+ switch(dir) {
+ case __DIR_ORIG:
+ tuple = &ct->head.orig;
+ break;
+ case __DIR_REPL:
+ tuple = &ct->repl;
+ break;
+ }
ret = snprintf(buf, len, "<meta direction=\"%s\">",
dir == __DIR_ORIG ? "original" : "reply");
BUFFER_SIZE(ret, size, len, offset);
@@ -332,8 +340,8 @@ static int __snprintf_tuple_xml(char *buf,
ret = snprintf(buf+offset, len, "</layer4>");
BUFFER_SIZE(ret, size, len, offset);
- if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->set) &&
- test_bit(ATTR_ORIG_COUNTER_BYTES, ct->set)) {
+ if (test_bit(ATTR_ORIG_COUNTER_PACKETS, ct->head.set) &&
+ test_bit(ATTR_ORIG_COUNTER_BYTES, ct->head.set)) {
ret = snprintf(buf+offset, len, "<counters>");
BUFFER_SIZE(ret, size, len, offset);
@@ -382,24 +390,24 @@ int __snprintf_conntrack_xml(char *buf,
ret = __snprintf_tuple_xml(buf+offset, len, ct, __DIR_REPL);
BUFFER_SIZE(ret, size, len, offset);
- if (test_bit(ATTR_TCP_STATE, ct->set) ||
- test_bit(ATTR_SCTP_STATE, ct->set) ||
- test_bit(ATTR_DCCP_STATE, ct->set) ||
- test_bit(ATTR_TIMEOUT, ct->set) ||
- test_bit(ATTR_MARK, ct->set) ||
- test_bit(ATTR_SECMARK, ct->set) ||
- test_bit(ATTR_ZONE, ct->set) ||
- test_bit(ATTR_USE, ct->set) ||
- test_bit(ATTR_STATUS, ct->set) ||
- test_bit(ATTR_ID, ct->set) ||
- test_bit(ATTR_TIMESTAMP_START, ct->set) ||
- test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TCP_STATE, ct->head.set) ||
+ test_bit(ATTR_SCTP_STATE, ct->head.set) ||
+ test_bit(ATTR_DCCP_STATE, ct->head.set) ||
+ test_bit(ATTR_TIMEOUT, ct->head.set) ||
+ test_bit(ATTR_MARK, ct->head.set) ||
+ test_bit(ATTR_SECMARK, ct->head.set) ||
+ test_bit(ATTR_ZONE, ct->head.set) ||
+ test_bit(ATTR_USE, ct->head.set) ||
+ test_bit(ATTR_STATUS, ct->head.set) ||
+ test_bit(ATTR_ID, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_START, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = snprintf(buf+offset, len,
"<meta direction=\"independent\">");
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TCP_STATE, ct->set)) {
+ if (test_bit(ATTR_TCP_STATE, ct->head.set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
ct->protoinfo.tcp.state < TCP_CONNTRACK_MAX ?
states[ct->protoinfo.tcp.state] :
@@ -407,7 +415,7 @@ int __snprintf_conntrack_xml(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SCTP_STATE, ct->set)) {
+ if (test_bit(ATTR_SCTP_STATE, ct->head.set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
ct->protoinfo.sctp.state < SCTP_CONNTRACK_MAX ?
states[ct->protoinfo.sctp.state] :
@@ -415,7 +423,7 @@ int __snprintf_conntrack_xml(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_DCCP_STATE, ct->set)) {
+ if (test_bit(ATTR_DCCP_STATE, ct->head.set)) {
ret = snprintf(buf+offset, len, "<state>%s</state>",
ct->protoinfo.sctp.state < DCCP_CONNTRACK_MAX ?
states[ct->protoinfo.dccp.state] :
@@ -423,97 +431,97 @@ int __snprintf_conntrack_xml(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMEOUT, ct->set)) {
+ if (test_bit(ATTR_TIMEOUT, ct->head.set)) {
ret = snprintf(buf+offset, len,
"<timeout>%u</timeout>", ct->timeout);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_MARK, ct->set)) {
+ if (test_bit(ATTR_MARK, ct->head.set)) {
ret = snprintf(buf+offset, len, "<mark>%u</mark>", ct->mark);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SECMARK, ct->set)) {
+ if (test_bit(ATTR_SECMARK, ct->head.set)) {
ret = snprintf(buf+offset, len,
"<secmark>%u</secmark>", ct->secmark);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_SECCTX, ct->set)) {
+ if (test_bit(ATTR_SECCTX, ct->head.set)) {
ret = snprintf(buf+offset, len,
"<secctx>%s</secctx>", ct->secctx);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_ZONE, ct->set)) {
+ if (test_bit(ATTR_ZONE, ct->head.set)) {
ret = snprintf(buf+offset, len, "<zone>%u</zone>", ct->zone);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_USE, ct->set)) {
+ if (test_bit(ATTR_USE, ct->head.set)) {
ret = snprintf(buf+offset, len, "<use>%u</use>", ct->use);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_ID, ct->set)) {
+ if (test_bit(ATTR_ID, ct->head.set)) {
ret = snprintf(buf+offset, len, "<id>%u</id>", ct->id);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_STATUS, ct->set)
+ if (test_bit(ATTR_STATUS, ct->head.set)
&& ct->status & IPS_ASSURED) {
ret = snprintf(buf+offset, len, "<assured/>");
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_STATUS, ct->set)
+ if (test_bit(ATTR_STATUS, ct->head.set)
&& !(ct->status & IPS_SEEN_REPLY)) {
ret = snprintf(buf+offset, len, "<unreplied/>");
BUFFER_SIZE(ret, size, len, offset);
}
if (flags & NFCT_OF_TIMESTAMP) {
- if (test_bit(ATTR_TIMESTAMP_START, ct->set) ||
- test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = snprintf(buf+offset, len, "<timestamp>");
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) {
ret = __snprintf_timestamp_start(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = __snprintf_timestamp_stop(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TIMESTAMP_START, ct->set) ||
- test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = snprintf(buf+offset, len, "</timestamp>");
BUFFER_SIZE(ret, size, len, offset);
}
}
- if (test_bit(ATTR_TIMESTAMP_START, ct->set) &&
- test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TIMESTAMP_START, ct->head.set) &&
+ test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = __snprintf_deltatime(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
- } else if (test_bit(ATTR_TIMESTAMP_START, ct->set)) {
+ } else if (test_bit(ATTR_TIMESTAMP_START, ct->head.set)) {
ret = __snprintf_deltatime_now(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
}
- if (test_bit(ATTR_TCP_STATE, ct->set) ||
- test_bit(ATTR_SCTP_STATE, ct->set) ||
- test_bit(ATTR_DCCP_STATE, ct->set) ||
- test_bit(ATTR_TIMEOUT, ct->set) ||
- test_bit(ATTR_MARK, ct->set) ||
- test_bit(ATTR_SECMARK, ct->set) ||
- test_bit(ATTR_ZONE, ct->set) ||
- test_bit(ATTR_USE, ct->set) ||
- test_bit(ATTR_STATUS, ct->set) ||
- test_bit(ATTR_ID, ct->set) ||
- test_bit(ATTR_TIMESTAMP_START, ct->set) ||
- test_bit(ATTR_TIMESTAMP_STOP, ct->set)) {
+ if (test_bit(ATTR_TCP_STATE, ct->head.set) ||
+ test_bit(ATTR_SCTP_STATE, ct->head.set) ||
+ test_bit(ATTR_DCCP_STATE, ct->head.set) ||
+ test_bit(ATTR_TIMEOUT, ct->head.set) ||
+ test_bit(ATTR_MARK, ct->head.set) ||
+ test_bit(ATTR_SECMARK, ct->head.set) ||
+ test_bit(ATTR_ZONE, ct->head.set) ||
+ test_bit(ATTR_USE, ct->head.set) ||
+ test_bit(ATTR_STATUS, ct->head.set) ||
+ test_bit(ATTR_ID, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_START, ct->head.set) ||
+ test_bit(ATTR_TIMESTAMP_STOP, ct->head.set)) {
ret = snprintf(buf+offset, len, "</meta>");
BUFFER_SIZE(ret, size, len, offset);
}
diff --git a/src/expect/build.c b/src/expect/build.c
index 175698a..7fefd5f 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -45,9 +45,9 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
u_int8_t l3num;
if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set))
- l3num = exp->master.tuple[__DIR_ORIG].l3protonum;
+ l3num = exp->master.orig.l3protonum;
else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set))
- l3num = exp->expected.tuple[__DIR_ORIG].l3protonum;
+ l3num = exp->expected.orig.l3protonum;
else
return -1;
@@ -56,24 +56,15 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags);
if (test_bit(ATTR_EXP_EXPECTED, exp->set)) {
- __build_tuple(req,
- size,
- &exp->expected.tuple[__DIR_ORIG],
- CTA_EXPECT_TUPLE);
+ __build_tuple(req, size, &exp->expected.orig, CTA_EXPECT_TUPLE);
}
if (test_bit(ATTR_EXP_MASTER, exp->set)) {
- __build_tuple(req,
- size,
- &exp->master.tuple[__DIR_ORIG],
- CTA_EXPECT_MASTER);
+ __build_tuple(req, size, &exp->master.orig, CTA_EXPECT_MASTER);
}
if (test_bit(ATTR_EXP_MASK, exp->set)) {
- __build_tuple(req,
- size,
- &exp->mask.tuple[__DIR_ORIG],
- CTA_EXPECT_MASK);
+ __build_tuple(req, size, &exp->mask.orig, CTA_EXPECT_MASK);
}
if (test_bit(ATTR_EXP_TIMEOUT, exp->set))
diff --git a/src/expect/parse.c b/src/expect/parse.c
index 22d28ed..bee755d 100644
--- a/src/expect/parse.c
+++ b/src/expect/parse.c
@@ -33,32 +33,32 @@ void __parse_expect(const struct nlmsghdr *nlh,
struct nfgenmsg *nfhdr = NLMSG_DATA(nlh);
/* XXX: this is ugly, clean it up, please */
- exp->expected.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
+ exp->expected.orig.l3protonum = nfhdr->nfgen_family;
set_bit(ATTR_ORIG_L3PROTO, exp->expected.set);
- exp->mask.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
+ exp->mask.orig.l3protonum = nfhdr->nfgen_family;
set_bit(ATTR_ORIG_L3PROTO, exp->mask.set);
- exp->master.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family;
+ exp->master.orig.l3protonum = nfhdr->nfgen_family;
set_bit(ATTR_ORIG_L3PROTO, exp->master.set);
if (cda[CTA_EXPECT_MASTER-1]) {
__parse_tuple(cda[CTA_EXPECT_MASTER-1],
- &exp->master.tuple[__DIR_ORIG],
+ &exp->master.orig,
__DIR_ORIG,
exp->master.set);
set_bit(ATTR_EXP_MASTER, exp->set);
}
if (cda[CTA_EXPECT_TUPLE-1]) {
__parse_tuple(cda[CTA_EXPECT_TUPLE-1],
- &exp->expected.tuple[__DIR_ORIG],
+ &exp->expected.orig,
__DIR_ORIG,
exp->expected.set);
set_bit(ATTR_EXP_EXPECTED, exp->set);
}
if (cda[CTA_EXPECT_MASK-1]) {
__parse_tuple(cda[CTA_EXPECT_MASK-1],
- &exp->mask.tuple[__DIR_ORIG],
+ &exp->mask.orig,
__DIR_ORIG,
exp->mask.set);
set_bit(ATTR_EXP_MASK, exp->set);
diff --git a/src/expect/setter.c b/src/expect/setter.c
index 40e06f3..89a3157 100644
--- a/src/expect/setter.c
+++ b/src/expect/setter.c
@@ -11,17 +11,17 @@
static void set_exp_attr_master(struct nf_expect *exp, const void *value)
{
- exp->master = *((struct nf_conntrack *) value);
+ exp->master = *((struct nfct_tuple_head *) value);
}
static void set_exp_attr_expected(struct nf_expect *exp, const void *value)
{
- exp->expected = *((struct nf_conntrack *) value);
+ exp->expected = *((struct nfct_tuple_head *) value);
}
static void set_exp_attr_mask(struct nf_expect *exp, const void *value)
{
- exp->mask = *((struct nf_conntrack *) value);
+ exp->mask = *((struct nfct_tuple_head *) value);
}
static void set_exp_attr_timeout(struct nf_expect *exp, const void *value)
diff --git a/src/expect/snprintf_default.c b/src/expect/snprintf_default.c
index 7af9d15..77f9c3b 100644
--- a/src/expect/snprintf_default.c
+++ b/src/expect/snprintf_default.c
@@ -24,7 +24,7 @@ static int __snprintf_expect_proto(char *buf,
const struct nf_expect *exp)
{
return(snprintf(buf, len, "proto=%d ",
- exp->expected.tuple[__DIR_ORIG].protonum));
+ exp->expected.orig.protonum));
}
int __snprintf_expect_default(char *buf,
@@ -58,30 +58,27 @@ int __snprintf_expect_default(char *buf,
ret = __snprintf_expect_proto(buf+offset, len, exp);
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_address(buf+offset, len,
- &exp->expected.tuple[__DIR_ORIG],
+ ret = __snprintf_address(buf+offset, len, &exp->expected.orig,
"src", "dst");
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_proto(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]);
+ ret = __snprintf_proto(buf+offset, len, &exp->expected.orig);
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_address(buf+offset, len,
- &exp->mask.tuple[__DIR_ORIG],
+ ret = __snprintf_address(buf+offset, len, &exp->mask.orig,
"mask-src", "mask-dst");
BUFFER_SIZE(ret, size, len, offset);
ret = __snprintf_proto(buf+offset, len,
- &exp->mask.tuple[__DIR_ORIG]);
+ &exp->mask.orig);
BUFFER_SIZE(ret, size, len, offset);
- ret = __snprintf_address(buf+offset, len,
- &exp->master.tuple[__DIR_ORIG],
+ ret = __snprintf_address(buf+offset, len, &exp->master.orig,
"master-src", "master-dst");
BUFFER_SIZE(ret, size, len, offset);
ret = __snprintf_proto(buf+offset, len,
- &exp->master.tuple[__DIR_ORIG]);
+ &exp->master.orig);
BUFFER_SIZE(ret, size, len, offset);
if (test_bit(ATTR_EXP_ZONE, exp->set)) {