[netfilter-cvslog] r6859 - in trunk/libnetfilter_conntrack:
include/libnetfilter_conntrack src/conntrack utils
pablo at netfilter.org
pablo at netfilter.org
Mon Jun 4 19:00:24 CEST 2007
Author: pablo at netfilter.org
Date: 2007-06-04 19:00:24 +0200 (Mon, 04 Jun 2007)
New Revision: 6859
Modified:
trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
trunk/libnetfilter_conntrack/src/conntrack/objopt.c
trunk/libnetfilter_conntrack/utils/conntrack_create.c
trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c
trunk/libnetfilter_conntrack/utils/conntrack_update.c
trunk/libnetfilter_conntrack/utils/expect_create.c
Log:
introduce NFCT_SOPT_SETUP_* options to simplify object setup
Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h 2007-06-04 17:00:24 UTC (rev 6859)
@@ -138,6 +138,8 @@
NFCT_SOPT_UNDO_DNAT,
NFCT_SOPT_UNDO_SPAT,
NFCT_SOPT_UNDO_DPAT,
+ NFCT_SOPT_SETUP_ORIGINAL,
+ NFCT_SOPT_SETUP_REPLY,
__NFCT_SOPT_MAX,
};
#define NFCT_SOPT_MAX (__NFCT_SOPT_MAX - 1)
Modified: trunk/libnetfilter_conntrack/src/conntrack/objopt.c
===================================================================
--- trunk/libnetfilter_conntrack/src/conntrack/objopt.c 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/src/conntrack/objopt.c 2007-06-04 17:00:24 UTC (rev 6859)
@@ -7,6 +7,24 @@
#include "internal.h"
+static int __autocomplete(struct nf_conntrack *ct, int dir)
+{
+ int other = (dir == __DIR_ORIG) ? __DIR_REPL : __DIR_ORIG;
+
+ ct->tuple[dir].l3protonum = ct->tuple[other].l3protonum;
+ ct->tuple[dir].protonum = ct->tuple[other].protonum;
+
+ memcpy(&ct->tuple[dir].src.v6,
+ &ct->tuple[other].dst.v6,
+ sizeof(union __nfct_address));
+ memcpy(&ct->tuple[dir].dst.v6,
+ &ct->tuple[other].src.v6,
+ sizeof(union __nfct_address));
+
+ ct->tuple[dir].l4src.all = ct->tuple[other].l4dst.all;
+ ct->tuple[dir].l4dst.all = ct->tuple[other].l4src.all;
+}
+
int __setobjopt(struct nf_conntrack *ct, unsigned int option)
{
switch(option) {
@@ -36,6 +54,12 @@
ct->tuple[__DIR_ORIG].l4dst.tcp.port;
set_bit(ATTR_DNAT_PORT, ct->set);
break;
+ case NFCT_SOPT_SETUP_ORIGINAL:
+ __autocomplete(ct, __DIR_ORIG);
+ break;
+ case NFCT_SOPT_SETUP_REPLY:
+ __autocomplete(ct, __DIR_REPL);
+ break;
}
return 0;
}
Modified: trunk/libnetfilter_conntrack/utils/conntrack_create.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_create.c 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_create.c 2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
return 0;
}
- nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+ nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+ nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+ nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
- nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+ nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+ nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-
- nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+ nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
Modified: trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_create_nat.c 2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
return 0;
}
- nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+ nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+ nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+ nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
- nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+ nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+ nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-
- nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+ nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
Modified: trunk/libnetfilter_conntrack/utils/conntrack_update.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/conntrack_update.c 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/conntrack_update.c 2007-06-04 17:00:24 UTC (rev 6859)
@@ -17,21 +17,15 @@
return 0;
}
- nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
- nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+ nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
+ nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+ nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
- nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20));
- nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10));
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
+ nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20));
+ nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10));
- nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET);
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
- nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-
- nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10));
- nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20));
+ nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
nfct_set_attr_u32(ct, ATTR_TIMEOUT, 600);
Modified: trunk/libnetfilter_conntrack/utils/expect_create.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_create.c 2007-06-04 15:19:42 UTC (rev 6858)
+++ trunk/libnetfilter_conntrack/utils/expect_create.c 2007-06-04 17:00:24 UTC (rev 6859)
@@ -22,22 +22,16 @@
exit(EXIT_FAILURE);
}
- nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET);
- nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
- nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+ nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
+ nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
+ nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
- nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025));
- nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21));
+ nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
+ nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025));
+ nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21));
- nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET);
- nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
- nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
+ nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
- nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP);
- nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21));
- nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025));
-
nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
More information about the netfilter-cvslog
mailing list