[netfilter-cvslog] r6916 - trunk/conntrack-tools/src
pablo at netfilter.org
pablo at netfilter.org
Thu Jul 19 20:35:41 CEST 2007
Author: pablo at netfilter.org
Date: 2007-07-19 20:35:41 +0200 (Thu, 19 Jul 2007)
New Revision: 6916
Modified:
trunk/conntrack-tools/src/build.c
Log:
fix NAT in changes committed in r6904
Modified: trunk/conntrack-tools/src/build.c
===================================================================
--- trunk/conntrack-tools/src/build.c 2007-07-19 17:13:40 UTC (rev 6915)
+++ trunk/conntrack-tools/src/build.c 2007-07-19 18:35:41 UTC (rev 6916)
@@ -58,20 +58,21 @@
addattr(pld, attr, &data, sizeof(u_int32_t));
}
+static void __nat_build_u32(u_int32_t data, struct netpld *pld, int attr)
+{
+ data = htonl(data);
+ addattr(pld, attr, &data, sizeof(u_int32_t));
+}
+
+static void __nat_build_u16(u_int16_t data, struct netpld *pld, int attr)
+{
+ data = htons(data);
+ addattr(pld, attr, &data, sizeof(u_int16_t));
+}
+
/* XXX: IPv6 and ICMP not supported */
void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query)
{
- /* undo NAT */
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_SNAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_DNAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_SPAT);
- if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT))
- nfct_setobjopt(ct, NFCT_SOPT_UNDO_DPAT);
-
- /* build message */
if (nfct_attr_is_set(ct, ATTR_IPV4_SRC))
__build_u32(ct, pld, ATTR_IPV4_SRC);
if (nfct_attr_is_set(ct, ATTR_IPV4_DST))
@@ -92,14 +93,6 @@
__build_u8(ct, pld, ATTR_TCP_STATE);
}
}
- if (nfct_attr_is_set(ct, ATTR_SNAT_IPV4))
- __build_u32(ct, pld, ATTR_SNAT_IPV4);
- if (nfct_attr_is_set(ct, ATTR_DNAT_IPV4))
- __build_u32(ct, pld, ATTR_DNAT_IPV4);
- if (nfct_attr_is_set(ct, ATTR_SNAT_PORT))
- __build_u16(ct, pld, ATTR_SNAT_PORT);
- if (nfct_attr_is_set(ct, ATTR_DNAT_PORT))
- __build_u16(ct, pld, ATTR_DNAT_PORT);
if (nfct_attr_is_set(ct, ATTR_TIMEOUT))
__build_u32(ct, pld, ATTR_TIMEOUT);
if (nfct_attr_is_set(ct, ATTR_MARK))
@@ -107,6 +100,24 @@
if (nfct_attr_is_set(ct, ATTR_STATUS))
__build_u32(ct, pld, ATTR_STATUS);
+ /* NAT */
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
+ u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
+ __nat_build_u32(data, pld, ATTR_SNAT_IPV4);
+ }
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
+ u_int32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC);
+ __nat_build_u32(data, pld, ATTR_DNAT_IPV4);
+ }
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)) {
+ u_int16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST);
+ __nat_build_u16(data, pld, ATTR_SNAT_PORT);
+ }
+ if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)) {
+ u_int16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC);
+ __nat_build_u16(data, pld, ATTR_DNAT_PORT);
+ }
+
pld->query = query;
PLD_HOST2NETWORK(pld);
More information about the netfilter-cvslog
mailing list