summaryrefslogtreecommitdiffstats
path: root/src/conntrack
diff options
context:
space:
mode:
Diffstat (limited to 'src/conntrack')
-rw-r--r--src/conntrack/build.c6
-rw-r--r--src/conntrack/parse.c16
-rw-r--r--src/conntrack/setter.c24
3 files changed, 46 insertions, 0 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index d04ad86..d66d038 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -97,6 +97,12 @@ void __build_protoinfo(struct nfnlhdr *req,
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP);
nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE,
&ct->protoinfo.tcp.state, sizeof(u_int8_t));
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
+ &ct->protoinfo.tcp.flags[0], sizeof(u_int16_t));
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_TCP_FLAGS_REPLY,
+ &ct->protoinfo.tcp.flags[1], sizeof(u_int16_t));
nfnl_nest_end(&req->nlh, nest_proto);
nfnl_nest_end(&req->nlh, nest);
break;
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index db04789..9fbada4 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -160,6 +160,22 @@ static void __parse_protoinfo_tcp(const struct nfattr *attr,
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
set_bit(ATTR_TCP_STATE, ct->set);
}
+
+ if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) {
+ memcpy(&ct->protoinfo.tcp.flags[0],
+ NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]),
+ sizeof(u_int16_t));
+ set_bit(ATTR_TCP_FLAGS_ORIG, ct->set);
+ set_bit(ATTR_TCP_MASK_ORIG, ct->set);
+ }
+
+ if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) {
+ memcpy(&ct->protoinfo.tcp.flags[1],
+ NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]),
+ sizeof(u_int16_t));
+ set_bit(ATTR_TCP_FLAGS_REPL, ct->set);
+ set_bit(ATTR_TCP_MASK_REPL, ct->set);
+ }
}
static void __parse_protoinfo(const struct nfattr *attr,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 255ab4d..afbf9be 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -107,6 +107,26 @@ static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value)
ct->protoinfo.tcp.state = *((u_int8_t *) value);
}
+static void set_attr_tcp_flags_orig(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((u_int8_t *) value);
+}
+
+static void set_attr_tcp_mask_orig(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((u_int8_t *) value);
+}
+
+static void set_attr_tcp_flags_repl(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.tcp.flags[__DIR_REPL].value = *((u_int8_t *) value);
+}
+
+static void set_attr_tcp_mask_repl(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((u_int8_t *) value);
+}
+
static void set_attr_snat_ipv4(struct nf_conntrack *ct, const void *value)
{
ct->snat.min_ip = ct->snat.max_ip = *((u_int32_t *) value);
@@ -170,4 +190,8 @@ set_attr set_attr_array[] = {
[ATTR_TIMEOUT] = set_attr_timeout,
[ATTR_MARK] = set_attr_mark,
[ATTR_STATUS] = set_attr_status,
+ [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig,
+ [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl,
+ [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig,
+ [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl,
};