From c9983354fa65c835643f85567f57cc8e9992cd29 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 5 Feb 2012 01:30:22 +0100 Subject: expect: add NAT support This patch adds ATTR_EXP_NAT_TUPLE and ATTR_EXP_NAT_DIR attributes. Signed-off-by: Pablo Neira Ayuso --- src/expect/build.c | 11 +++++++++++ src/expect/getter.c | 12 ++++++++++++ src/expect/parse.c | 20 ++++++++++++++++++++ src/expect/setter.c | 12 ++++++++++++ 4 files changed, 55 insertions(+) (limited to 'src/expect') diff --git a/src/expect/build.c b/src/expect/build.c index ffc7b84..8cf2edd 100644 --- a/src/expect/build.c +++ b/src/expect/build.c @@ -74,6 +74,17 @@ int __build_expect(struct nfnl_subsys_handle *ssh, __build_tuple(req, size, &exp->mask.orig, CTA_EXPECT_MASK); } + if (test_bit(ATTR_EXP_NAT_TUPLE, exp->set) && + test_bit(ATTR_EXP_NAT_DIR, exp->set)) { + struct nfattr *nest; + + nest = nfnl_nest(&req->nlh, size, CTA_EXPECT_NAT); + __build_tuple(req, size, &exp->nat.orig, CTA_EXPECT_NAT_TUPLE); + nfnl_addattr32(&req->nlh, size, CTA_EXPECT_NAT_DIR, + htonl(exp->nat_dir)); + nfnl_nest_end(&req->nlh, nest); + } + if (test_bit(ATTR_EXP_TIMEOUT, exp->set)) __build_timeout(req, size, exp); if (test_bit(ATTR_EXP_FLAGS, exp->set)) diff --git a/src/expect/getter.c b/src/expect/getter.c index 06c3bca..937e793 100644 --- a/src/expect/getter.c +++ b/src/expect/getter.c @@ -49,6 +49,16 @@ static const void *get_exp_attr_helper_name(const struct nf_expect *exp) return exp->helper_name; } +static const void *get_exp_attr_nat_dir(const struct nf_expect *exp) +{ + return &exp->nat_dir; +} + +static const void *get_exp_attr_nat_tuple(const struct nf_expect *exp) +{ + return &exp->nat; +} + const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = { [ATTR_EXP_MASTER] = get_exp_attr_master, [ATTR_EXP_EXPECTED] = get_exp_attr_expected, @@ -58,4 +68,6 @@ const get_exp_attr get_exp_attr_array[ATTR_EXP_MAX] = { [ATTR_EXP_FLAGS] = get_exp_attr_flags, [ATTR_EXP_HELPER_NAME] = get_exp_attr_helper_name, [ATTR_EXP_CLASS] = get_exp_attr_class, + [ATTR_EXP_NAT_TUPLE] = get_exp_attr_nat_tuple, + [ATTR_EXP_NAT_DIR] = get_exp_attr_nat_dir, }; diff --git a/src/expect/parse.c b/src/expect/parse.c index 8b6dd5f..5796072 100644 --- a/src/expect/parse.c +++ b/src/expect/parse.c @@ -89,4 +89,24 @@ void __parse_expect(const struct nlmsghdr *nlh, ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_CLASS-1])); set_bit(ATTR_EXP_CLASS, exp->set); } + if (cda[CTA_EXPECT_NAT-1]) { + struct nfattr *tb[CTA_EXPECT_NAT_MAX]; + + nfnl_parse_nested(tb, CTA_EXPECT_NAT_MAX, + cda[CTA_EXPECT_NAT-1]); + + if (tb[CTA_EXPECT_NAT_TUPLE-1]) { + __parse_tuple(tb[CTA_EXPECT_NAT_TUPLE-1], + &exp->nat.orig, + __DIR_ORIG, + exp->nat.set); + set_bit(ATTR_EXP_NAT_TUPLE, exp->set); + } + if (tb[CTA_EXPECT_NAT_DIR-1]) { + exp->nat_dir = + ntohl(*((u_int32_t *) + NFA_DATA(tb[CTA_EXPECT_NAT_DIR-1]))); + set_bit(ATTR_EXP_NAT_DIR, exp->set); + } + } } diff --git a/src/expect/setter.c b/src/expect/setter.c index b78f4f6..47843f8 100644 --- a/src/expect/setter.c +++ b/src/expect/setter.c @@ -50,6 +50,16 @@ static void set_exp_attr_helper_name(struct nf_expect *exp, const void *value) exp->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0'; } +static void set_exp_attr_nat_dir(struct nf_expect *exp, const void *value) +{ + exp->nat_dir = *((u_int32_t *) value); +} + +static void set_exp_attr_nat_tuple(struct nf_expect *exp, const void *value) +{ + exp->nat = *((struct nfct_tuple_head *) value); +} + const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = { [ATTR_EXP_MASTER] = set_exp_attr_master, [ATTR_EXP_EXPECTED] = set_exp_attr_expected, @@ -59,4 +69,6 @@ const set_exp_attr set_exp_attr_array[ATTR_EXP_MAX] = { [ATTR_EXP_FLAGS] = set_exp_attr_flags, [ATTR_EXP_HELPER_NAME] = set_exp_attr_helper_name, [ATTR_EXP_CLASS] = set_exp_attr_class, + [ATTR_EXP_NAT_TUPLE] = set_exp_attr_nat_tuple, + [ATTR_EXP_NAT_DIR] = set_exp_attr_nat_dir, }; -- cgit v1.2.3