diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack/api.c | 48 | ||||
-rw-r--r-- | src/conntrack/grp.c | 101 | ||||
-rw-r--r-- | src/conntrack/grp_setter.c | 36 |
3 files changed, 105 insertions, 80 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 683b2ce..202b85d 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -601,8 +601,8 @@ int nfct_attr_unset(struct nf_conntrack *ct, * \param type attribute group (see ATTR_GRP_*) * \param data pointer to struct (see struct nfct_attr_grp_*) * - * Note that calling this function for ATTR_GRP_COUNTER_* does nothing since - * counters are unsettable. + * Note that calling this function for ATTR_GRP_COUNTER_* and ATTR_GRP_ADDR_* + * have no effect. */ void nfct_set_attr_grp(struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type, @@ -615,7 +615,8 @@ void nfct_set_attr_grp(struct nf_conntrack *ct, if (set_attr_grp_array[type]) { set_attr_grp_array[type](ct, data); - set_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); + set_bitmask_u32(ct->head.set, + attr_grp_bitmask[type].bitmask, __NFCT_BITSET); } } @@ -638,9 +639,23 @@ int nfct_get_attr_grp(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - if (!test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET)) { - errno = ENODATA; - return -1; + switch(attr_grp_bitmask[type].type) { + case NFCT_BITMASK_AND: + if (!test_bitmask_u32(ct->head.set, + attr_grp_bitmask[type].bitmask, + __NFCT_BITSET)) { + errno = ENODATA; + return -1; + } + break; + case NFCT_BITMASK_OR: + if (!test_bitmask_u32_or(ct->head.set, + attr_grp_bitmask[type].bitmask, + __NFCT_BITSET)) { + errno = ENODATA; + return -1; + } + break; } assert(get_attr_grp_array[type]); get_attr_grp_array[type](ct, data); @@ -663,7 +678,23 @@ int nfct_attr_grp_is_set(const struct nf_conntrack *ct, errno = EINVAL; return -1; } - return test_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); + switch(attr_grp_bitmask[type].type) { + case NFCT_BITMASK_AND: + if (test_bitmask_u32(ct->head.set, + attr_grp_bitmask[type].bitmask, + __NFCT_BITSET)) { + return 1; + } + break; + case NFCT_BITMASK_OR: + if (test_bitmask_u32_or(ct->head.set, + attr_grp_bitmask[type].bitmask, + __NFCT_BITSET)) { + return 1; + } + break; + } + return 0; } /** @@ -683,7 +714,8 @@ int nfct_attr_grp_unset(struct nf_conntrack *ct, errno = EINVAL; return -1; } - unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type], __NFCT_BITSET); + unset_bitmask_u32(ct->head.set, attr_grp_bitmask[type].bitmask, + __NFCT_BITSET); return 0; } diff --git a/src/conntrack/grp.c b/src/conntrack/grp.c index 92a523b..e971a33 100644 --- a/src/conntrack/grp.c +++ b/src/conntrack/grp.c @@ -1,5 +1,5 @@ /* - * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org> + * (C) 2005-2012 by Pablo Neira Ayuso <pablo@netfilter.org> * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by @@ -9,75 +9,96 @@ #include "internal/internal.h" -const uint32_t attr_grp_bitmask[ATTR_GRP_MAX][__NFCT_BITSET] = { +const struct attr_grp_bitmask attr_grp_bitmask[ATTR_GRP_MAX]= { [ATTR_GRP_ORIG_IPV4] = { - [0] = (1 << ATTR_ORIG_IPV4_SRC) | - (1 << ATTR_ORIG_IPV4_DST) | - (1 << ATTR_ORIG_L3PROTO), + .bitmask[0] = (1 << ATTR_ORIG_IPV4_SRC) | + (1 << ATTR_ORIG_IPV4_DST) | + (1 << ATTR_ORIG_L3PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_REPL_IPV4] = { - [0] = (1 << ATTR_REPL_IPV4_SRC) | - (1 << ATTR_REPL_IPV4_DST) | - (1 << ATTR_REPL_L3PROTO), + .bitmask[0] = (1 << ATTR_REPL_IPV4_SRC) | + (1 << ATTR_REPL_IPV4_DST) | + (1 << ATTR_REPL_L3PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_ORIG_IPV6] = { - [0] = (1 << ATTR_ORIG_IPV6_SRC) | - (1 << ATTR_ORIG_IPV6_DST) | - (1 << ATTR_ORIG_L3PROTO), + .bitmask[0] = (1 << ATTR_ORIG_IPV6_SRC) | + (1 << ATTR_ORIG_IPV6_DST) | + (1 << ATTR_ORIG_L3PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_REPL_IPV6] = { - [0] = (1 << ATTR_REPL_IPV6_SRC) | - (1 << ATTR_REPL_IPV6_DST) | - (1 << ATTR_REPL_L3PROTO), + .bitmask[0] = (1 << ATTR_REPL_IPV6_SRC) | + (1 << ATTR_REPL_IPV6_DST) | + (1 << ATTR_REPL_L3PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_ORIG_PORT] = { - [0] = (1 << ATTR_ORIG_PORT_SRC) | - (1 << ATTR_ORIG_PORT_DST) | - (1 << ATTR_ORIG_L4PROTO), + .bitmask[0] = (1 << ATTR_ORIG_PORT_SRC) | + (1 << ATTR_ORIG_PORT_DST) | + (1 << ATTR_ORIG_L4PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_REPL_PORT] = { - [0] = (1 << ATTR_REPL_PORT_SRC) | - (1 << ATTR_REPL_PORT_DST) | - (1 << ATTR_REPL_L4PROTO), + .bitmask[0] = (1 << ATTR_REPL_PORT_SRC) | + (1 << ATTR_REPL_PORT_DST) | + (1 << ATTR_REPL_L4PROTO), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_ICMP] = { - [0] = (1 << ATTR_ICMP_CODE) | - (1 << ATTR_ICMP_TYPE) | - (1 << ATTR_ICMP_ID), + .bitmask[0] = (1 << ATTR_ICMP_CODE) | + (1 << ATTR_ICMP_TYPE) | + (1 << ATTR_ICMP_ID), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_MASTER_IPV4] = { - [1] = (1 << (ATTR_MASTER_IPV4_SRC - 32)) | - (1 << (ATTR_MASTER_IPV4_DST - 32)) | - (1 << (ATTR_MASTER_L3PROTO - 32)), + .bitmask[1] = (1 << (ATTR_MASTER_IPV4_SRC - 32)) | + (1 << (ATTR_MASTER_IPV4_DST - 32)) | + (1 << (ATTR_MASTER_L3PROTO - 32)), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_MASTER_IPV6] = { - [1] = (1 << (ATTR_MASTER_IPV6_SRC - 32)) | - (1 << (ATTR_MASTER_IPV6_DST - 32)) | - (1 << (ATTR_MASTER_L3PROTO - 32)), + .bitmask[1] = (1 << (ATTR_MASTER_IPV6_SRC - 32)) | + (1 << (ATTR_MASTER_IPV6_DST - 32)) | + (1 << (ATTR_MASTER_L3PROTO - 32)), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_MASTER_PORT] = { - [1] = (1 << (ATTR_MASTER_PORT_SRC - 32)) | - (1 << (ATTR_MASTER_PORT_DST - 32)) | - (1 << (ATTR_MASTER_L4PROTO - 32)), + .bitmask[1] = (1 << (ATTR_MASTER_PORT_SRC - 32)) | + (1 << (ATTR_MASTER_PORT_DST - 32)) | + (1 << (ATTR_MASTER_L4PROTO - 32)), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_ORIG_COUNTERS] = { - [0] = (1 << (ATTR_ORIG_COUNTER_PACKETS)) | - (1 << (ATTR_ORIG_COUNTER_BYTES)), + .bitmask[0] = (1 << (ATTR_ORIG_COUNTER_PACKETS)) | + (1 << (ATTR_ORIG_COUNTER_BYTES)), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_REPL_COUNTERS] = { - [0] = (1 << (ATTR_REPL_COUNTER_PACKETS)) | - (1 << (ATTR_REPL_COUNTER_BYTES)), + .bitmask[0] = (1 << (ATTR_REPL_COUNTER_PACKETS)) | + (1 << (ATTR_REPL_COUNTER_BYTES)), + .type = NFCT_BITMASK_AND, }, [ATTR_GRP_ORIG_ADDR_SRC] = { - [0] = (1 << ATTR_ORIG_IPV4_SRC) | (1 << ATTR_ORIG_IPV6_SRC), + .bitmask[0] = (1 << ATTR_ORIG_IPV4_SRC) | + (1 << ATTR_ORIG_IPV6_SRC), + .type = NFCT_BITMASK_OR, }, [ATTR_GRP_ORIG_ADDR_DST] = { - [0] = (1 << ATTR_ORIG_IPV4_DST) | (1 << ATTR_ORIG_IPV6_DST), + .bitmask[0] = (1 << ATTR_ORIG_IPV4_DST) | + (1 << ATTR_ORIG_IPV6_DST), + .type = NFCT_BITMASK_OR, + }, [ATTR_GRP_REPL_ADDR_SRC] = { - [1] = (1 << ATTR_REPL_IPV4_SRC) | (1 << ATTR_REPL_IPV6_SRC), + .bitmask[0] = (1 << ATTR_REPL_IPV4_SRC) | + (1 << ATTR_REPL_IPV6_SRC), + .type = NFCT_BITMASK_OR, }, [ATTR_GRP_REPL_ADDR_DST] = { - [1] = (1 << ATTR_REPL_IPV4_DST) | (1 << ATTR_REPL_IPV6_DST), + .bitmask[0] = (1 << ATTR_REPL_IPV4_DST) | + (1 << ATTR_REPL_IPV6_DST), + .type = NFCT_BITMASK_OR, }, }; diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c index b451eef..0cc5f18 100644 --- a/src/conntrack/grp_setter.c +++ b/src/conntrack/grp_setter.c @@ -138,34 +138,6 @@ static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value) ct->master.l4dst.all = this->dport; } -static void -set_attr_grp_orig_addr_src(struct nf_conntrack *ct, const void *value) -{ - const union nfct_attr_grp_addr *this = value; - memcpy(&ct->head.orig.src, &this->addr, sizeof(&ct->head.orig.src)); -} - -static void -set_attr_grp_orig_addr_dst(struct nf_conntrack *ct, const void *value) -{ - const union nfct_attr_grp_addr *this = value; - memcpy(&ct->head.orig.dst, &this->addr, sizeof(&ct->head.orig.src)); -} - -static void -set_attr_grp_repl_addr_src(struct nf_conntrack *ct, const void *value) -{ - const union nfct_attr_grp_addr *this = value; - memcpy(&ct->repl.src, &this->addr, sizeof(&ct->repl.src)); -} - -static void -set_attr_grp_repl_addr_dst(struct nf_conntrack *ct, const void *value) -{ - const union nfct_attr_grp_addr *this = value; - memcpy(&ct->repl.dst, &this->addr, sizeof(&ct->repl.dst)); -} - static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value) { } @@ -183,8 +155,8 @@ const set_attr_grp set_attr_grp_array[ATTR_GRP_MAX] = { [ATTR_GRP_MASTER_PORT] = set_attr_grp_master_port, [ATTR_GRP_ORIG_COUNTERS] = set_attr_grp_do_nothing, [ATTR_GRP_REPL_COUNTERS] = set_attr_grp_do_nothing, - [ATTR_GRP_ORIG_ADDR_SRC] = set_attr_grp_orig_addr_src, - [ATTR_GRP_ORIG_ADDR_DST] = set_attr_grp_orig_addr_dst, - [ATTR_GRP_REPL_ADDR_SRC] = set_attr_grp_repl_addr_src, - [ATTR_GRP_REPL_ADDR_DST] = set_attr_grp_repl_addr_dst, + [ATTR_GRP_ORIG_ADDR_SRC] = set_attr_grp_do_nothing, + [ATTR_GRP_ORIG_ADDR_DST] = set_attr_grp_do_nothing, + [ATTR_GRP_REPL_ADDR_SRC] = set_attr_grp_do_nothing, + [ATTR_GRP_REPL_ADDR_DST] = set_attr_grp_do_nothing, }; |