From 975ae9979ec73e8acb2c215ee9a84fded2f4357a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 24 Apr 2009 20:45:21 +0200
Subject: src: add DCCP role attribute

This patch adds DCCP role attribute support. This needs Linux
kernel >= 2.6.30.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/internal/object.h                                |  1 +
 include/libnetfilter_conntrack/libnetfilter_conntrack.h  |  1 +
 .../libnetfilter_conntrack/libnetfilter_conntrack_dccp.h |  7 +++++++
 .../libnetfilter_conntrack/linux_nfnetlink_conntrack.h   |  1 +
 src/conntrack/build.c                                    | 16 ++++++++++------
 src/conntrack/copy.c                                     |  7 +++++++
 src/conntrack/getter.c                                   |  6 ++++++
 src/conntrack/parse.c                                    |  5 +++++
 src/conntrack/setter.c                                   |  6 ++++++
 9 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/include/internal/object.h b/include/internal/object.h
index 1db6b36..fe1506c 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -118,6 +118,7 @@ union __nfct_protoinfo {
 	} sctp;
 	struct {
 		u_int8_t 		state;
+		u_int8_t		role;
 	} dccp;
 };
 
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 3d25c6b..1e23b0b 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -122,6 +122,7 @@ enum nf_conntrack_attr {
 	ATTR_SCTP_VTAG_REPL,			/* u32 bits */
 	ATTR_HELPER_NAME,			/* string (30 bytes max) */
 	ATTR_DCCP_STATE = 56,			/* u8 bits */
+	ATTR_DCCP_ROLE,				/* u8 bits */
 	ATTR_MAX
 };
 
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
index 46138de..89e957b 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
@@ -26,6 +26,13 @@ enum dccp_state {
 	DCCP_CONNTRACK_MAX
 };
 
+enum dccp_roles {
+	DCCP_CONNTRACK_ROLE_CLIENT,
+	DCCP_CONNTRACK_ROLE_SERVER,
+	__DCCP_CONNTRACK_ROLE_MAX
+};
+#define DCCP_ROLE_MAX		(__DCCP_CONNTRACK_ROLE_MAX - 1)
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 67ca715..52999b7 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -104,6 +104,7 @@ enum ctattr_protoinfo_tcp {
 enum ctattr_protoinfo_dccp {
 	CTA_PROTOINFO_DCCP_UNSPEC,
 	CTA_PROTOINFO_DCCP_STATE,
+	CTA_PROTOINFO_DCCP_ROLE,
 	__CTA_PROTOINFO_DCCP_MAX,
 };
 #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 1738402..4c6a27e 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -160,16 +160,20 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
 		nfnl_nest_end(&req->nlh, nest);
 		break;
 	case IPPROTO_DCCP:
-		if (!(test_bit(ATTR_DCCP_STATE, ct->set)))
+		if (!(test_bit(ATTR_DCCP_STATE, ct->set) &&
+		      test_bit(ATTR_DCCP_ROLE, ct->set)))
 			break;
 
 		nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
 		nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
-		if (test_bit(ATTR_DCCP_STATE, ct->set))
-			nfnl_addattr_l(&req->nlh, size,
-				       CTA_PROTOINFO_DCCP_STATE,
-				       &ct->protoinfo.dccp.state,
-				       sizeof(u_int8_t));
+		nfnl_addattr_l(&req->nlh, size,
+			       CTA_PROTOINFO_DCCP_STATE,
+			       &ct->protoinfo.dccp.state,
+			       sizeof(u_int8_t));
+		nfnl_addattr_l(&req->nlh, size,
+			       CTA_PROTOINFO_DCCP_ROLE,
+			       &ct->protoinfo.dccp.role,
+			       sizeof(u_int8_t));
 		nfnl_nest_end(&req->nlh, nest_proto);
 		nfnl_nest_end(&req->nlh, nest);
 	default:
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 16f9709..90eea03 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -250,6 +250,12 @@ static void copy_attr_dccp_state(struct nf_conntrack *dest,
 	dest->protoinfo.dccp.state = orig->protoinfo.dccp.state;
 }
 
+static void copy_attr_dccp_role(struct nf_conntrack *dest,
+				const struct nf_conntrack *orig)
+{
+	dest->protoinfo.dccp.role = orig->protoinfo.dccp.role;
+}
+
 static void copy_attr_snat_ipv4(struct nf_conntrack *dest,
 				const struct nf_conntrack *orig)
 {
@@ -441,4 +447,5 @@ copy_attr copy_attr_array[ATTR_MAX] = {
 	[ATTR_SCTP_VTAG_REPL]		= copy_attr_sctp_vtag_repl,
 	[ATTR_HELPER_NAME]		= copy_attr_helper_name,
 	[ATTR_DCCP_STATE]		= copy_attr_dccp_state,
+	[ATTR_DCCP_ROLE]		= copy_attr_dccp_role,
 };
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index 2338db2..6e50a5b 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -292,6 +292,11 @@ static const void *get_attr_dccp_state(const struct nf_conntrack *ct)
 	return &ct->protoinfo.dccp.state;
 }
 
+static const void *get_attr_dccp_role(const struct nf_conntrack *ct)
+{
+	return &ct->protoinfo.dccp.role;
+}
+
 get_attr get_attr_array[ATTR_MAX] = {
 	[ATTR_ORIG_IPV4_SRC]		= get_attr_orig_ipv4_src,
 	[ATTR_ORIG_IPV4_DST] 		= get_attr_orig_ipv4_dst,
@@ -350,4 +355,5 @@ get_attr get_attr_array[ATTR_MAX] = {
 	[ATTR_SCTP_VTAG_REPL]		= get_attr_sctp_vtag_repl,
 	[ATTR_HELPER_NAME]		= get_attr_helper_name,
 	[ATTR_DCCP_STATE]		= get_attr_dccp_state,
+	[ATTR_DCCP_ROLE]		= get_attr_dccp_role,
 };
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 885532c..98e4d7d 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -256,6 +256,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
                         *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]);
 		set_bit(ATTR_DCCP_STATE, ct->set);
 	}
+	if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) {
+                ct->protoinfo.dccp.role =
+                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]);
+		set_bit(ATTR_DCCP_ROLE, ct->set);
+	}
 }
 
 static void __parse_protoinfo(const struct nfattr *attr,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 481fad1..3fe74c5 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -319,6 +319,11 @@ static void set_attr_dccp_state(struct nf_conntrack *ct, const void *value)
 	ct->protoinfo.dccp.state = *((u_int8_t *) value);
 }
 
+static void set_attr_dccp_role(struct nf_conntrack *ct, const void *value)
+{
+	ct->protoinfo.dccp.role = *((u_int8_t *) value);
+}
+
 static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
 
 set_attr set_attr_array[ATTR_MAX] = {
@@ -379,4 +384,5 @@ set_attr set_attr_array[ATTR_MAX] = {
 	[ATTR_SCTP_VTAG_REPL]	= set_attr_sctp_vtag_repl,
 	[ATTR_HELPER_NAME]	= set_attr_helper_name,
 	[ATTR_DCCP_STATE]	= set_attr_dccp_state,
+	[ATTR_DCCP_ROLE]	= set_attr_dccp_role,
 };
-- 
cgit v1.2.3