src/conntrack/objopt.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

/*
 * (C) 2006 by Pablo Neira Ayuso <pablo@netfilter.org>
 *
 * This software may be used and distributed according to the terms
 * of the GNU General Public License, incorporated herein by reference.
 */

#include "internal.h"

int __setobjopt(struct nf_conntrack *ct, unsigned int option)
{
	switch(option) {
	case NFCT_SOPT_UNDO_SNAT:
		ct->snat.min_ip = ct->tuple[__DIR_REPL].dst.v4;
		ct->snat.max_ip = ct->snat.min_ip;
		ct->tuple[__DIR_REPL].dst.v4 = ct->tuple[__DIR_ORIG].src.v4;
		set_bit(ATTR_SNAT_IPV4, ct->set);
		break;
	case NFCT_SOPT_UNDO_DNAT:
		ct->dnat.min_ip = ct->tuple[__DIR_REPL].src.v4;
		ct->dnat.max_ip = ct->dnat.min_ip;
		ct->tuple[__DIR_REPL].src.v4 = ct->tuple[__DIR_ORIG].dst.v4;
		set_bit(ATTR_DNAT_IPV4, ct->set);
		break;
	case NFCT_SOPT_UNDO_SPAT:
		ct->snat.l4min.all = ct->tuple[__DIR_REPL].l4dst.tcp.port;
		ct->snat.l4max.all = ct->snat.l4max.all;
		ct->tuple[__DIR_REPL].l4dst.tcp.port = 
			ct->tuple[__DIR_ORIG].l4src.tcp.port;
		set_bit(ATTR_SNAT_PORT, ct->set);
		break;
	case NFCT_SOPT_UNDO_DPAT:
		ct->dnat.l4min.all = ct->tuple[__DIR_REPL].l4src.tcp.port;
		ct->dnat.l4max.all = ct->dnat.l4min.all;
		ct->tuple[__DIR_REPL].l4src.tcp.port =
			ct->tuple[__DIR_ORIG].l4dst.tcp.port;
		set_bit(ATTR_DNAT_PORT, ct->set);
		break;
	}
	return 0;
}

int __getobjopt(const struct nf_conntrack *ct, unsigned int option)
{
	int ret = -1;

	switch(option) {
	case NFCT_GOPT_IS_SNAT:
		ret = ((test_bit(ATTR_STATUS, ct->set) ? 
		        ct->status & IPS_SRC_NAT_DONE : 1) &&
		       ct->tuple[__DIR_REPL].dst.v4 != 
		       ct->tuple[__DIR_ORIG].src.v4);
		break;
	case NFCT_GOPT_IS_DNAT:
		ret = ((test_bit(ATTR_STATUS, ct->set) ? 
		        ct->status & IPS_DST_NAT_DONE : 1) &&
		       ct->tuple[__DIR_REPL].src.v4 !=
		       ct->tuple[__DIR_ORIG].dst.v4);
		break;
	case NFCT_GOPT_IS_SPAT:
		ret = ((test_bit(ATTR_STATUS, ct->set) ? 
		        ct->status & IPS_SRC_NAT_DONE : 1) &&
		       ct->tuple[__DIR_REPL].l4dst.tcp.port !=
		       ct->tuple[__DIR_ORIG].l4src.tcp.port);
		break;
	case NFCT_GOPT_IS_DPAT:
		ret = ((test_bit(ATTR_STATUS, ct->set) ? 
		        ct->status & IPS_DST_NAT_DONE : 1) &&
		       ct->tuple[__DIR_REPL].l4src.tcp.port !=
		       ct->tuple[__DIR_ORIG].l4dst.tcp.port);
		break;
	}

	return ret;
}