[libnetfilter_conntrack] src: add DCCP role attribute
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Fri Apr 24 20:46:09 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=975ae9979ec73e8acb2c215ee9a84fded2f4357a
commit 975ae9979ec73e8acb2c215ee9a84fded2f4357a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Apr 24 20:45:21 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Apr 24 20:45:21 2009 +0200
src: add DCCP role attribute
This patch adds DCCP role attribute support. This needs Linux
kernel >= 2.6.30.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 975ae9979ec73e8acb2c215ee9a84fded2f4357a (commit)
from 9540c4530976df1b1767e8b83ef287e492b237f1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 975ae9979ec73e8acb2c215ee9a84fded2f4357a
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Apr 24 20:45:21 2009 +0200
src: add DCCP role attribute
This patch adds DCCP role attribute support. This needs Linux
kernel >= 2.6.30.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
include/internal/object.h | 1 +
.../libnetfilter_conntrack.h | 1 +
.../libnetfilter_conntrack_dccp.h | 7 +++++++
.../linux_nfnetlink_conntrack.h | 1 +
src/conntrack/build.c | 16 ++++++++++------
src/conntrack/copy.c | 7 +++++++
src/conntrack/getter.c | 6 ++++++
src/conntrack/parse.c | 5 +++++
src/conntrack/setter.c | 6 ++++++
9 files changed, 44 insertions(+), 6 deletions(-)
This patch adds DCCP role attribute support. This needs Linux
kernel >= 2.6.30.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/include/internal/object.h b/include/internal/object.h
index 1db6b36..fe1506c 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -118,6 +118,7 @@ union __nfct_protoinfo {
} sctp;
struct {
u_int8_t state;
+ u_int8_t role;
} dccp;
};
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 3d25c6b..1e23b0b 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -122,6 +122,7 @@ enum nf_conntrack_attr {
ATTR_SCTP_VTAG_REPL, /* u32 bits */
ATTR_HELPER_NAME, /* string (30 bytes max) */
ATTR_DCCP_STATE = 56, /* u8 bits */
+ ATTR_DCCP_ROLE, /* u8 bits */
ATTR_MAX
};
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h b/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
index 46138de..89e957b 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h
@@ -26,6 +26,13 @@ enum dccp_state {
DCCP_CONNTRACK_MAX
};
+enum dccp_roles {
+ DCCP_CONNTRACK_ROLE_CLIENT,
+ DCCP_CONNTRACK_ROLE_SERVER,
+ __DCCP_CONNTRACK_ROLE_MAX
+};
+#define DCCP_ROLE_MAX (__DCCP_CONNTRACK_ROLE_MAX - 1)
+
#ifdef __cplusplus
}
#endif
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 67ca715..52999b7 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -104,6 +104,7 @@ enum ctattr_protoinfo_tcp {
enum ctattr_protoinfo_dccp {
CTA_PROTOINFO_DCCP_UNSPEC,
CTA_PROTOINFO_DCCP_STATE,
+ CTA_PROTOINFO_DCCP_ROLE,
__CTA_PROTOINFO_DCCP_MAX,
};
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 1738402..4c6a27e 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -160,16 +160,20 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
nfnl_nest_end(&req->nlh, nest);
break;
case IPPROTO_DCCP:
- if (!(test_bit(ATTR_DCCP_STATE, ct->set)))
+ if (!(test_bit(ATTR_DCCP_STATE, ct->set) &&
+ test_bit(ATTR_DCCP_ROLE, ct->set)))
break;
nest = nfnl_nest(&req->nlh, size, CTA_PROTOINFO);
nest_proto = nfnl_nest(&req->nlh, size, CTA_PROTOINFO_DCCP);
- if (test_bit(ATTR_DCCP_STATE, ct->set))
- nfnl_addattr_l(&req->nlh, size,
- CTA_PROTOINFO_DCCP_STATE,
- &ct->protoinfo.dccp.state,
- sizeof(u_int8_t));
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_STATE,
+ &ct->protoinfo.dccp.state,
+ sizeof(u_int8_t));
+ nfnl_addattr_l(&req->nlh, size,
+ CTA_PROTOINFO_DCCP_ROLE,
+ &ct->protoinfo.dccp.role,
+ sizeof(u_int8_t));
nfnl_nest_end(&req->nlh, nest_proto);
nfnl_nest_end(&req->nlh, nest);
default:
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 16f9709..90eea03 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -250,6 +250,12 @@ static void copy_attr_dccp_state(struct nf_conntrack *dest,
dest->protoinfo.dccp.state = orig->protoinfo.dccp.state;
}
+static void copy_attr_dccp_role(struct nf_conntrack *dest,
+ const struct nf_conntrack *orig)
+{
+ dest->protoinfo.dccp.role = orig->protoinfo.dccp.role;
+}
+
static void copy_attr_snat_ipv4(struct nf_conntrack *dest,
const struct nf_conntrack *orig)
{
@@ -441,4 +447,5 @@ copy_attr copy_attr_array[ATTR_MAX] = {
[ATTR_SCTP_VTAG_REPL] = copy_attr_sctp_vtag_repl,
[ATTR_HELPER_NAME] = copy_attr_helper_name,
[ATTR_DCCP_STATE] = copy_attr_dccp_state,
+ [ATTR_DCCP_ROLE] = copy_attr_dccp_role,
};
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index 2338db2..6e50a5b 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -292,6 +292,11 @@ static const void *get_attr_dccp_state(const struct nf_conntrack *ct)
return &ct->protoinfo.dccp.state;
}
+static const void *get_attr_dccp_role(const struct nf_conntrack *ct)
+{
+ return &ct->protoinfo.dccp.role;
+}
+
get_attr get_attr_array[ATTR_MAX] = {
[ATTR_ORIG_IPV4_SRC] = get_attr_orig_ipv4_src,
[ATTR_ORIG_IPV4_DST] = get_attr_orig_ipv4_dst,
@@ -350,4 +355,5 @@ get_attr get_attr_array[ATTR_MAX] = {
[ATTR_SCTP_VTAG_REPL] = get_attr_sctp_vtag_repl,
[ATTR_HELPER_NAME] = get_attr_helper_name,
[ATTR_DCCP_STATE] = get_attr_dccp_state,
+ [ATTR_DCCP_ROLE] = get_attr_dccp_role,
};
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 885532c..98e4d7d 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -256,6 +256,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_STATE-1]);
set_bit(ATTR_DCCP_STATE, ct->set);
}
+ if (tb[CTA_PROTOINFO_DCCP_ROLE-1]) {
+ ct->protoinfo.dccp.role =
+ *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]);
+ set_bit(ATTR_DCCP_ROLE, ct->set);
+ }
}
static void __parse_protoinfo(const struct nfattr *attr,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 481fad1..3fe74c5 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -319,6 +319,11 @@ static void set_attr_dccp_state(struct nf_conntrack *ct, const void *value)
ct->protoinfo.dccp.state = *((u_int8_t *) value);
}
+static void set_attr_dccp_role(struct nf_conntrack *ct, const void *value)
+{
+ ct->protoinfo.dccp.role = *((u_int8_t *) value);
+}
+
static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
set_attr set_attr_array[ATTR_MAX] = {
@@ -379,4 +384,5 @@ set_attr set_attr_array[ATTR_MAX] = {
[ATTR_SCTP_VTAG_REPL] = set_attr_sctp_vtag_repl,
[ATTR_HELPER_NAME] = set_attr_helper_name,
[ATTR_DCCP_STATE] = set_attr_dccp_state,
+ [ATTR_DCCP_ROLE] = set_attr_dccp_role,
};
More information about the netfilter-cvslog
mailing list