[netfilter-cvslog] r7357 - in trunk/conntrack-tools: . src

pablo at netfilter.org pablo at netfilter.org
Sat Feb 9 21:07:36 CET 2008 

Author: pablo at netfilter.org
Date: 2008-02-09 21:07:36 +0100 (Sat, 09 Feb 2008)
New Revision: 7357

Modified:
   trunk/conntrack-tools/ChangeLog
   trunk/conntrack-tools/Makefile.am
   trunk/conntrack-tools/TODO
   trunk/conntrack-tools/configure.in
   trunk/conntrack-tools/src/build.c
   trunk/conntrack-tools/src/parse.c
Log:
o add IPv6 information to synchronization messages
o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25)
o remove TODO file from release tarballs


Modified: trunk/conntrack-tools/ChangeLog
===================================================================
--- trunk/conntrack-tools/ChangeLog	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/ChangeLog	2008-02-09 20:07:36 UTC (rev 7357)
@@ -45,6 +45,8 @@
 o use list_del_init() and list_empty() to check if a node is in the list
 o remove unix socket file on exit
 o use umask() to set up file permissions
+o add support for NAT sequence adjustment (requires Linux kernel >= 2.6.25)
+o remove TODO file from release tarballs
 
 Max Kellermann <max at duempel.org>:
 

Modified: trunk/conntrack-tools/Makefile.am
===================================================================
--- trunk/conntrack-tools/Makefile.am	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/Makefile.am	2008-02-09 20:07:36 UTC (rev 7357)
@@ -5,7 +5,7 @@
 AUTOMAKE_OPTIONS = foreign dist-bzip2 1.6
 
 man_MANS = conntrack.8 conntrackd.8
-EXTRA_DIST = $(man_MANS) Make_global.am ChangeLog TODO doc
+EXTRA_DIST = $(man_MANS) Make_global.am ChangeLog doc
 
 SUBDIRS   = extensions src
 DIST_SUBDIRS = include src extensions

Modified: trunk/conntrack-tools/TODO
===================================================================
--- trunk/conntrack-tools/TODO	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/TODO	2008-02-09 20:07:36 UTC (rev 7357)
@@ -20,7 +20,7 @@
  [ ] study better keepalived transitions
  [X] fix ipv6 support
  [X] add support setup related conntracks
- [ ] NAT sequence adjustment support
+ [X] NAT sequence adjustment support
 
 = Open issues that won't be ever resolved =
  * unsupported stateful iptables matches:

Modified: trunk/conntrack-tools/configure.in
===================================================================
--- trunk/conntrack-tools/configure.in	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/configure.in	2008-02-09 20:07:36 UTC (rev 7357)
@@ -18,7 +18,7 @@
 
 dnl Dependencies
 LIBNFNETLINK_REQUIRED=0.0.32
-LIBNETFILTER_CONNTRACK_REQUIRED=0.0.88
+LIBNETFILTER_CONNTRACK_REQUIRED=0.0.89
 
 PKG_CHECK_MODULES(LIBNFNETLINK, libnfnetlink >= $LIBNFNETLINK_REQUIRED,,
         AC_MSG_ERROR(Cannot find libnfnetlink >= $LIBNFNETLINK_REQUIRED))

Modified: trunk/conntrack-tools/src/build.c
===================================================================
--- trunk/conntrack-tools/src/build.c	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/src/build.c	2008-02-09 20:07:36 UTC (rev 7357)
@@ -58,6 +58,14 @@
 	addattr(pld, attr, &data, sizeof(uint32_t));
 }
 
+static void __build_pointer_be(const struct nf_conntrack *ct, 
+			       struct netpld *pld,
+			       int attr,
+			       size_t size)
+{
+	addattr(pld, attr, nfct_get_attr(ct, attr), size);
+}
+
 static void __nat_build_u32(uint32_t data, struct netpld *pld, int attr)
 {
 	data = htonl(data);
@@ -70,13 +78,17 @@
 	addattr(pld, attr, &data, sizeof(uint16_t));
 }
 
-/* XXX: IPv6 and ICMP not supported */
+/* XXX: ICMP not supported */
 void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query)
 {
 	if (nfct_attr_is_set(ct, ATTR_IPV4_SRC))
-		__build_u32(ct, pld, ATTR_IPV4_SRC);
+		__build_pointer_be(ct, pld, ATTR_IPV4_SRC, sizeof(uint32_t));
 	if (nfct_attr_is_set(ct, ATTR_IPV4_DST))
-		__build_u32(ct, pld, ATTR_IPV4_DST);
+		__build_pointer_be(ct, pld, ATTR_IPV4_DST, sizeof(uint32_t));
+	if (nfct_attr_is_set(ct, ATTR_IPV6_SRC))
+		__build_pointer_be(ct, pld, ATTR_IPV6_SRC, sizeof(uint32_t)*4);
+	if (nfct_attr_is_set(ct, ATTR_IPV6_DST))
+		__build_pointer_be(ct, pld, ATTR_IPV6_DST, sizeof(uint32_t)*4);
 	if (nfct_attr_is_set(ct, ATTR_L3PROTO))
 		__build_u8(ct, pld, ATTR_L3PROTO);
 	if (nfct_attr_is_set(ct, ATTR_PORT_SRC))

Modified: trunk/conntrack-tools/src/parse.c
===================================================================
--- trunk/conntrack-tools/src/parse.c	2008-02-09 20:01:39 UTC (rev 7356)
+++ trunk/conntrack-tools/src/parse.c	2008-02-09 20:07:36 UTC (rev 7357)
@@ -38,11 +38,18 @@
 	nfct_set_attr_u32(ct, attr, ntohl(*value));
 }
 
+static void parse_pointer_be(struct nf_conntrack *ct, int attr, void *data)
+{
+	nfct_set_attr(ct, attr, data);
+}
+
 typedef void (*parse)(struct nf_conntrack *ct, int attr, void *data);
 
 static parse h[ATTR_MAX] = {
-	[ATTR_IPV4_SRC]		= parse_u32,
-	[ATTR_IPV4_DST]		= parse_u32,
+	[ATTR_IPV4_SRC]		= parse_pointer_be,
+	[ATTR_IPV4_DST]		= parse_pointer_be,
+	[ATTR_IPV6_SRC]		= parse_pointer_be,
+	[ATTR_IPV6_DST]		= parse_pointer_be,
 	[ATTR_L3PROTO]		= parse_u8,
 	[ATTR_PORT_SRC]		= parse_u16,
 	[ATTR_PORT_DST]		= parse_u16,
@@ -61,7 +68,13 @@
 	[ATTR_MASTER_L3PROTO]   = parse_u8,
 	[ATTR_MASTER_PORT_SRC]  = parse_u16,
 	[ATTR_MASTER_PORT_DST]  = parse_u16,
-	[ATTR_MASTER_L4PROTO]   = parse_u8
+	[ATTR_MASTER_L4PROTO]   = parse_u8,
+	[ATTR_ORIG_NAT_SEQ_CORRECTION_POS]	= parse_u32,
+	[ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE]	= parse_u32,
+	[ATTR_ORIG_NAT_SEQ_OFFSET_AFTER]	= parse_u32,
+	[ATTR_REPL_NAT_SEQ_CORRECTION_POS]	= parse_u32,
+	[ATTR_REPL_NAT_SEQ_OFFSET_BEFORE]	= parse_u32,
+	[ATTR_REPL_NAT_SEQ_OFFSET_AFTER]	= parse_u32,
 };
 
 void parse_netpld(struct nf_conntrack *ct, struct netpld *pld, int *query)

More information about the netfilter-cvslog mailing list