From d167a7b1f5307c73a39b5a209e0f9bc54cd2d989 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Sat, 8 Dec 2007 18:37:19 +0000
Subject: Add support for conntrack master setup

---
 configure.in                                       |  2 +-
 include/internal.h                                 |  3 +-
 .../libnetfilter_conntrack.h                       | 10 ++++-
 .../linux_nfnetlink_conntrack.h                    |  1 +
 src/conntrack/build.c                              | 11 +++++
 src/conntrack/parse.c                              | 25 +++++++++++
 src/conntrack/setter.c                             | 48 ++++++++++++++++++++++
 utils/Makefile.am                                  |  7 +++-
 8 files changed, 103 insertions(+), 4 deletions(-)

diff --git a/configure.in b/configure.in
index fd06448..27b720c 100644
--- a/configure.in
+++ b/configure.in
@@ -4,7 +4,7 @@ AC_INIT
 
 AC_CANONICAL_SYSTEM
 
-AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.83)
+AM_INIT_AUTOMAKE(libnetfilter_conntrack, 0.0.85)
 
 AC_PROG_CC
 AM_PROG_LIBTOOL
diff --git a/include/internal.h b/include/internal.h
index cf2d7a1..1cda181 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -90,7 +90,8 @@ struct __nfct_tuple {
 
 #define __DIR_ORIG 0
 #define __DIR_REPL 1
-#define __DIR_MAX __DIR_REPL+1
+#define __DIR_MASTER 2
+#define __DIR_MAX __DIR_MASTER+1
 
 union __nfct_protoinfo {
 	struct {
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 54c98b3..3b572aa 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -101,7 +101,15 @@ enum nf_conntrack_attr {
 	ATTR_TCP_FLAGS_ORIG,			/* u8 bits */
 	ATTR_TCP_FLAGS_REPL,			/* u8 bits */
 	ATTR_TCP_MASK_ORIG,			/* u8 bits */
-	ATTR_TCP_MASK_REPL,			/* u8 bits */
+	ATTR_TCP_MASK_REPL = 36,		/* u8 bits */
+	ATTR_MASTER_IPV4_SRC,			/* u32 bits */
+	ATTR_MASTER_IPV4_DST,			/* u32 bits */
+	ATTR_MASTER_IPV6_SRC,			/* u128 bits */
+	ATTR_MASTER_IPV6_DST = 40,		/* u128 bits */
+	ATTR_MASTER_PORT_SRC,			/* u16 bits */
+	ATTR_MASTER_PORT_DST,			/* u16 bits */
+	ATTR_MASTER_L3PROTO,			/* u8 bits */
+	ATTR_MASTER_L4PROTO = 44,		/* u8 bits */
 	ATTR_MAX
 };
 
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 71baee1..ef9d0a6 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -40,6 +40,7 @@ enum ctattr_type {
 	CTA_USE,
 	CTA_ID,
 	CTA_NAT_DST,
+	CTA_TUPLE_MASTER,
 	__CTA_MAX
 };
 #define CTA_MAX (__CTA_MAX - 1)
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index d66d038..4ebc207 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -251,6 +251,17 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	__build_tuple(req, size, &ct->tuple[__DIR_ORIG], CTA_TUPLE_ORIG);
 	__build_tuple(req, size, &ct->tuple[__DIR_REPL], CTA_TUPLE_REPLY);
 
+	if (test_bit(ATTR_MASTER_IPV4_SRC, ct->set) ||
+	    test_bit(ATTR_MASTER_IPV4_DST, ct->set) ||
+	    test_bit(ATTR_MASTER_IPV6_SRC, ct->set) ||
+	    test_bit(ATTR_MASTER_IPV6_DST, ct->set) ||
+	    test_bit(ATTR_MASTER_PORT_SRC, ct->set) ||
+	    test_bit(ATTR_MASTER_PORT_DST, ct->set) ||
+	    test_bit(ATTR_MASTER_L3PROTO, ct->set) ||
+	    test_bit(ATTR_MASTER_L4PROTO, ct->set))
+	    	__build_tuple(req, size, 
+			      &ct->tuple[__DIR_MASTER], CTA_TUPLE_MASTER);
+
 	if (test_bit(ATTR_STATUS, ct->set))
 		__build_status(req, size, ct);
 	else {
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 9fbada4..75c5072 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -25,6 +25,9 @@ static void __parse_ip(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_IPV4_SRC, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_IPV4_SRC, set);
+			break;
 		}
 	}
 
@@ -37,6 +40,9 @@ static void __parse_ip(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_IPV4_DST, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_IPV4_DST, set);
+			break;
 		}
 	}
 
@@ -50,6 +56,9 @@ static void __parse_ip(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_IPV6_SRC, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_IPV6_SRC, set);
+			break;
 		}
 	}
 
@@ -63,6 +72,9 @@ static void __parse_ip(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_IPV6_DST, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_IPV6_DST, set);
+			break;
 		}
 	}
 }
@@ -85,6 +97,9 @@ static void __parse_proto(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_L4PROTO, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_L4PROTO, set);
+			break;
 		}
 	}
 
@@ -98,6 +113,9 @@ static void __parse_proto(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_PORT_SRC, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_PORT_SRC, set);
+			break;
 		}
 	}
 	
@@ -111,6 +129,9 @@ static void __parse_proto(const struct nfattr *attr,
 		case __DIR_REPL:
 			set_bit(ATTR_REPL_PORT_DST, set);
 			break;
+		case __DIR_MASTER:
+			set_bit(ATTR_MASTER_PORT_DST, set);
+			break;
 		}
 	}
 	
@@ -279,6 +300,10 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
 		__parse_tuple(cda[CTA_TUPLE_REPLY-1], 
 			      &ct->tuple[__DIR_REPL], __DIR_REPL, ct->set);
 
+	if (cda[CTA_TUPLE_MASTER-1])
+		__parse_tuple(cda[CTA_TUPLE_MASTER-1], 
+			      &ct->tuple[__DIR_MASTER], __DIR_MASTER, ct->set);
+
 	if (cda[CTA_STATUS-1]) {
 		ct->status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
 		set_bit(ATTR_STATUS, ct->set);
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index afbf9be..19bec22 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -162,6 +162,46 @@ static void set_attr_status(struct nf_conntrack *ct, const void *value)
 	ct->status = *((u_int32_t *) value);
 }
 
+static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value);
+}
+
+static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value);
+}
+
+static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value)
+{
+	memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4);
+}
+
+static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value)
+{
+	memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4);
+}
+
+static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value);
+}
+
+static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value);
+}
+
+static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value);
+}
+
+static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value)
+{
+	ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value);
+}
+
 set_attr set_attr_array[] = {
 	[ATTR_ORIG_IPV4_SRC]	= set_attr_orig_ipv4_src,
 	[ATTR_ORIG_IPV4_DST] 	= set_attr_orig_ipv4_dst,
@@ -194,4 +234,12 @@ set_attr set_attr_array[] = {
 	[ATTR_TCP_FLAGS_REPL]	= set_attr_tcp_flags_repl,
 	[ATTR_TCP_MASK_ORIG]	= set_attr_tcp_mask_orig,
 	[ATTR_TCP_MASK_REPL]	= set_attr_tcp_mask_repl,
+	[ATTR_MASTER_IPV4_SRC]	= set_attr_master_ipv4_src,
+	[ATTR_MASTER_IPV4_DST]	= set_attr_master_ipv4_dst,
+	[ATTR_MASTER_IPV6_SRC]	= set_attr_master_ipv6_src,
+	[ATTR_MASTER_IPV6_DST]	= set_attr_master_ipv6_dst,
+	[ATTR_MASTER_PORT_SRC]	= set_attr_master_port_src,
+	[ATTR_MASTER_PORT_DST]	= set_attr_master_port_dst,
+	[ATTR_MASTER_L3PROTO]	= set_attr_master_l3proto,
+	[ATTR_MASTER_L4PROTO]	= set_attr_master_l4proto,
 };
diff --git a/utils/Makefile.am b/utils/Makefile.am
index 2081ac8..6a8d280 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -4,7 +4,8 @@ noinst_PROGRAMS = expect_dump expect_create expect_get expect_delete \
 	       expect_flush expect_events \
 	       conntrack_create conntrack_dump conntrack_update \
 	       conntrack_delete conntrack_flush conntrack_create_nat \
-	       conntrack_get conntrack_events
+	       conntrack_get conntrack_events \
+	       conntrack_master
 
 conntrack_create_SOURCES = conntrack_create.c
 conntrack_create_LDADD = ../src/libnetfilter_conntrack.la
@@ -38,6 +39,10 @@ conntrack_events_SOURCES = conntrack_events.c
 conntrack_events_LDADD = ../src/libnetfilter_conntrack.la
 conntrack_events_LDFLAGS = -dynamic -ldl
 
+conntrack_master_SOURCES = conntrack_master.c
+conntrack_master_LDADD = ../src/libnetfilter_conntrack.la
+conntrack_master_LDFLAGS = -dynamic -ldl
+
 expect_dump_SOURCES = expect_dump.c
 expect_dump_LDADD = ../src/libnetfilter_conntrack.la
 expect_dump_LDFLAGS = -dynamic -ldl
-- 
cgit v1.2.3