[netfilter-cvslog] r6859 - in trunk/libnetfilter_conntrack: include/libnetfilter_conntrack src/conntrack utils

pablo at netfilter.org pablo at netfilter.org
Mon Jun 4 19:00:24 CEST 2007


Author: pablo at netfilter.org
Date: 2007-06-04 19:00:24 +0200 (Mon, 04 Jun 2007)
New Revision: 6859

Modified:
   trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
   trunk/libnetfilter_conntrack/src/conntrack/objopt.c
   trunk/libnetfilter_conntrack/utils/conntrack_create.c
   trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c
   trunk/libnetfilter_conntrack/utils/conntrack_update.c
   trunk/libnetfilter_conntrack/utils/expect_create.c
Log:
introduce NFCT_SOPT_SETUP_* options to simplify object setup


Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-06-04 17:00:24 UTC (rev 6859)
@@ -138,6 +138,8 @@
 	NFCT_SOPT_UNDO_DNAT,
 	NFCT_SOPT_UNDO_SPAT,
 	NFCT_SOPT_UNDO_DPAT,
+	NFCT_SOPT_SETUP_ORIGINAL,
+	NFCT_SOPT_SETUP_REPLY,
 	__NFCT_SOPT_MAX,
 };
 #define NFCT_SOPT_MAX (__NFCT_SOPT_MAX - 1)

Modified: trunk/libnetfilter_conntrack/src/conntrack/objopt.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/objopt.c	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/src/conntrack/objopt.c	2007-06-04 17:00:24 UTC (rev 6859)
@@ -7,6 +7,24 @@
 
 #include "internal.h"
 
+static int __autocomplete(struct nf_conntrack *ct, int dir)
+{
+	int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG;
+
+	ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum;
+	ct->tuple[dir].protonum = ct->tuple[other].protonum;
+
+	memcpy(&ct->tuple[dir].src.v6, 
+	       &ct->tuple[other].dst.v6,
+	       sizeof(union __nfct_address));
+	memcpy(&ct->tuple[dir].dst.v6, 
+	       &ct->tuple[other].src.v6,
+	       sizeof(union __nfct_address));
+
+	ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all;
+	ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all;
+}
+
 int __setobjopt(struct nf_conntrack *ct, unsigned int option)
 {
 	switch(option) {
@@ -36,6 +54,12 @@
 			ct->tuple[__DIR_ORIG].l4dst.tcp.port;
 		set_bit(ATTR_DNAT_PORT, ct->set);
 		break;
+	case NFCT_SOPT_SETUP_ORIGINAL:
+		__autocomplete(ct, __DIR_ORIG);
+		break;
+	case NFCT_SOPT_SETUP_REPLY:
+		__autocomplete(ct, __DIR_REPL);
+		break;
 	}
 	return 0;
 }

Modified: trunk/libnetfilter_conntrack/utils/conntrack_create.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_create.c	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_create.c	2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
 		return 0;
 	}
 
-	nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+	nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+	nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
 	
-	nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+	nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+	nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
 
-	nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-	
-	nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+	nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
 
 	nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
 	nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);

Modified: trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c	2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
 		return 0;
 	}
 
-	nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+	nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+	nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
 	
-	nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+	nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+	nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
 
-	nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-	
-	nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+	nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
 
 	nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
 	nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);

Modified: trunk/libnetfilter_conntrack/utils/conntrack_update.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_update.c	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_update.c	2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
 		return 0;
 	}
 
-	nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
-	nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+	nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+	nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
 	
-	nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
-	nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+	nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+	nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
 
-	nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
-	nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-	
-	nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
-	nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+	nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
 
 	nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
 	nfct_set_attr_u32(ct, ATTR_TIMEOUT, 600);

Modified: trunk/libnetfilter_conntrack/utils/expect_create.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_create.c	2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/expect_create.c	2007-06-04 17:00:24 UTC (rev 6859)
@@ -22,22 +22,16 @@
 		exit(EXIT_FAILURE);
 	}
 
-	nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
-	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+	nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+	nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
 
-	nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025));
-	nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21));
+	nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025));
+	nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21));
 
-	nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET);
-	nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
-	nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
+	nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
 
-	nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21));
-	nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025));
-
 	nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
 	nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
 




More information about the netfilter-cvslog mailing list