summaryrefslogtreecommitdiffstats
path: root/src/conntrack/objopt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/conntrack/objopt.c')
-rw-r--r--src/conntrack/objopt.c71
1 files changed, 71 insertions, 0 deletions
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c
new file mode 100644
index 0000000..b495f55
--- /dev/null
+++ b/src/conntrack/objopt.c
@@ -0,0 +1,71 @@
+/*
+ * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU General Public License, incorporated herein by reference.
+ */
+
+#include "internal.h"
+
+int __setobjopt(struct nf_conntrack *ct, unsigned int option)
+{
+ switch(option) {
+ case NFCT_SOPT_UNDO_SNAT:
+ ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4;
+ ct->snat.max_ip = ct->snat.min_ip;
+ ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4;
+ set_bit(ATTR_SNAT_IPV4, ct->set);
+ break;
+ case NFCT_SOPT_UNDO_DNAT:
+ ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4;
+ ct->dnat.max_ip = ct->dnat.min_ip;
+ ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4;
+ set_bit(ATTR_DNAT_IPV4, ct->set);
+ break;
+ case NFCT_SOPT_UNDO_SPAT:
+ ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port;
+ ct->snat.l4max.all = ct->snat.l4max.all;
+ ct->tuple[__DIR_REPL].l4dst.tcp.port =
+ ct->tuple[__DIR_ORIG].l4src.tcp.port;
+ set_bit(ATTR_SNAT_PORT, ct->set);
+ break;
+ case NFCT_SOPT_UNDO_DPAT:
+ ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port;
+ ct->dnat.l4max.all = ct->dnat.l4min.all;
+ ct->tuple[__DIR_REPL].l4src.tcp.port =
+ ct->tuple[__DIR_ORIG].l4dst.tcp.port;
+ set_bit(ATTR_DNAT_PORT, ct->set);
+ break;
+ }
+ return 0;
+}
+
+int __getobjopt(const struct nf_conntrack *ct, unsigned int option)
+{
+ int ret = -1;
+
+ switch(option) {
+ case NFCT_GOPT_IS_SNAT:
+ ret = (ct->status & IPS_SRC_NAT_DONE &&
+ ct->tuple[__DIR_REPL].dst.v4 !=
+ ct->tuple[__DIR_ORIG].src.v4);
+ break;
+ case NFCT_GOPT_IS_DNAT:
+ ret = (ct->status & IPS_DST_NAT_DONE &&
+ ct->tuple[__DIR_REPL].src.v4 !=
+ ct->tuple[__DIR_ORIG].dst.v4);
+ break;
+ case NFCT_GOPT_IS_SPAT:
+ ret = (ct->status & IPS_SRC_NAT_DONE &&
+ ct->tuple[__DIR_REPL].l4dst.tcp.port !=
+ ct->tuple[__DIR_ORIG].l4src.tcp.port);
+ break;
+ case NFCT_GOPT_IS_DPAT:
+ ret = (ct->status & IPS_DST_NAT_DONE &&
+ ct->tuple[__DIR_REPL].l4src.tcp.port !=
+ ct->tuple[__DIR_ORIG].l4dst.tcp.port);
+ break;
+ }
+
+ return ret;
+}