From 59796dd29f54477fd5afa3083b3722b0e390fc23 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Wed, 12 Sep 2007 12:48:04 +0000 Subject: add support for TCP flags --- src/conntrack/build.c | 6 ++++++ src/conntrack/parse.c | 16 ++++++++++++++++ src/conntrack/setter.c | 24 ++++++++++++++++++++++++ 3 files changed, 46 insertions(+) (limited to 'src/conntrack') diff --git a/src/conntrack/build.c b/src/conntrack/build.c index d04ad86..d66d038 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -97,6 +97,12 @@ void __build_protoinfo(struct nfnlhdr *req, nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_TCP); nfnl_addattr_l(&req->nlh, size, CTA_PROTOINFO_TCP_STATE, &ct->protoinfo.tcp.state, sizeof(u_int8_t)); + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, + &ct->protoinfo.tcp.flags[0], sizeof(u_int16_t)); + nfnl_addattr_l(&req->nlh, size, + CTA_PROTOINFO_TCP_FLAGS_REPLY, + &ct->protoinfo.tcp.flags[1], sizeof(u_int16_t)); nfnl_nest_end(&req->nlh, nest_proto); nfnl_nest_end(&req->nlh, nest); break; diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index db04789..9fbada4 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -160,6 +160,22 @@ static void __parse_protoinfo_tcp(const struct nfattr *attr, *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]); set_bit(ATTR_TCP_STATE, ct->set); } + + if (tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]) { + memcpy(&ct->protoinfo.tcp.flags[0], + NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_ORIGINAL-1]), + sizeof(u_int16_t)); + set_bit(ATTR_TCP_FLAGS_ORIG, ct->set); + set_bit(ATTR_TCP_MASK_ORIG, ct->set); + } + + if (tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]) { + memcpy(&ct->protoinfo.tcp.flags[1], + NFA_DATA(tb[CTA_PROTOINFO_TCP_FLAGS_REPLY-1]), + sizeof(u_int16_t)); + set_bit(ATTR_TCP_FLAGS_REPL, ct->set); + set_bit(ATTR_TCP_MASK_REPL, ct->set); + } } static void __parse_protoinfo(const struct nfattr *attr, diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 255ab4d..afbf9be 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -107,6 +107,26 @@ static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value) ct->protoinfo.tcp.state = *((u_int8_t *) value); } +static void set_attr_tcp_flags_orig(struct nf_conntrack *ct, const void *value) +{ + ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((u_int8_t *) value); +} + +static void set_attr_tcp_mask_orig(struct nf_conntrack *ct, const void *value) +{ + ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((u_int8_t *) value); +} + +static void set_attr_tcp_flags_repl(struct nf_conntrack *ct, const void *value) +{ + ct->protoinfo.tcp.flags[__DIR_REPL].value = *((u_int8_t *) value); +} + +static void set_attr_tcp_mask_repl(struct nf_conntrack *ct, const void *value) +{ + ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((u_int8_t *) value); +} + static void set_attr_snat_ipv4(struct nf_conntrack *ct, const void *value) { ct->snat.min_ip = ct->snat.max_ip = *((u_int32_t *) value); @@ -170,4 +190,8 @@ set_attr set_attr_array[] = { [ATTR_TIMEOUT] = set_attr_timeout, [ATTR_MARK] = set_attr_mark, [ATTR_STATUS] = set_attr_status, + [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig, + [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl, + [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig, + [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl, }; -- cgit v1.2.3