[libnetfilter_conntrack] src: add support for DCCP 64-bits sequence number tracking

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Jul 14 17:17:12 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_conntrack.git;a=commit;h=19f35b21dbe2bb4386eeced4e0d87f3b2e1dd8bf
commit 19f35b21dbe2bb4386eeced4e0d87f3b2e1dd8bf
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Jul 14 17:16:08 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Jul 14 17:16:08 2009 +0200

    src: add support for DCCP 64-bits sequence number tracking
    
    From: Pablo Neira Ayuso <pablo at netfilter.org>
    
    This patch adds the support for the DCCP sequence number tracking
    that is included in the upcoming Linux kernel 2.6.31.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  19f35b21dbe2bb4386eeced4e0d87f3b2e1dd8bf (commit)
      from  dd73e5708cc2cd127ba03fd5a82fb96b3928e7fb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 19f35b21dbe2bb4386eeced4e0d87f3b2e1dd8bf
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Jul 14 17:16:08 2009 +0200

    src: add support for DCCP 64-bits sequence number tracking
    
    From: Pablo Neira Ayuso <pablo at netfilter.org>
    
    This patch adds the support for the DCCP sequence number tracking
    that is included in the upcoming Linux kernel 2.6.31.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/internal/object.h                          |    1 +
 .../libnetfilter_conntrack.h                       |    1 +
 .../linux_nfnetlink_conntrack.h                    |    1 +
 src/conntrack/api.c                                |   29 ++++++++++++++++++++
 src/conntrack/build.c                              |    5 +++
 src/conntrack/copy.c                               |    7 +++++
 src/conntrack/getter.c                             |    6 ++++
 src/conntrack/parse.c                              |    5 +++
 src/conntrack/setter.c                             |    6 ++++
 9 files changed, 61 insertions(+), 0 deletions(-)
From: Pablo Neira Ayuso <pablo at netfilter.org>

This patch adds the support for the DCCP sequence number tracking
that is included in the upcoming Linux kernel 2.6.31.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/internal/object.h b/include/internal/object.h
index df002fd..b236453 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -128,6 +128,7 @@ union __nfct_protoinfo {
 	struct {
 		u_int8_t 		state;
 		u_int8_t		role;
+		u_int64_t		seq;
 	} dccp;
 };
 
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 766fb47..e63450d 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -123,6 +123,7 @@ enum nf_conntrack_attr {
 	ATTR_HELPER_NAME,			/* string (30 bytes max) */
 	ATTR_DCCP_STATE = 56,			/* u8 bits */
 	ATTR_DCCP_ROLE,				/* u8 bits */
+	ATTR_DCCP_SEQ,				/* u64 bits */
 	ATTR_MAX
 };
 
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 52999b7..ed191b7 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -105,6 +105,7 @@ enum ctattr_protoinfo_dccp {
 	CTA_PROTOINFO_DCCP_UNSPEC,
 	CTA_PROTOINFO_DCCP_STATE,
 	CTA_PROTOINFO_DCCP_ROLE,
+	CTA_PROTOINFO_DCCP_SEQ,
 	__CTA_PROTOINFO_DCCP_MAX,
 };
 #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 0639b5f..56a3a8a 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -341,6 +341,19 @@ void nfct_set_attr_u32(struct nf_conntrack *ct,
 }
 
 /**
+ * nfct_set_attr_u64 - set the value of a certain conntrack attribute
+ * @ct: pointer to a valid conntrack
+ * @type: attribute type
+ * @value: unsigned 64 bits attribute value
+ */
+void nfct_set_attr_u64(struct nf_conntrack *ct,
+		       const enum nf_conntrack_attr type, 
+		       u_int64_t value)
+{
+	nfct_set_attr(ct, type, &value);
+}
+
+/**
  * nfct_get_attr - get a conntrack attribute
  * ct: pointer to a valid conntrack
  * @type: attribute type
@@ -417,6 +430,22 @@ u_int32_t nfct_get_attr_u32(const struct nf_conntrack *ct,
 }
 
 /**
+ * nfct_get_attr_u64 - get attribute of unsigned 32-bits long
+ * @ct: pointer to a valid conntrack
+ * @type: attribute type
+ *
+ * Returns the value of the requested attribute, if the attribute is not 
+ * set, 0 is returned. In order to check if the attribute is set or not,
+ * use nfct_attr_is_set.
+ */
+u_int64_t nfct_get_attr_u64(const struct nf_conntrack *ct,
+			    const enum nf_conntrack_attr type)
+{
+	const u_int64_t *ret = nfct_get_attr(ct, type);
+	return ret == NULL ? 0 : *ret;
+}
+
+/**
  * nfct_attr_is_set - check if a certain attribute is set
  * @ct: pointer to a valid conntrack object
  * @type: attribute type
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index c739396..4f2307f 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -160,6 +160,11 @@ static void __build_protoinfo(struct nfnlhdr *req, size_t size,
 				       CTA_PROTOINFO_DCCP_ROLE,
 				       &ct->protoinfo.dccp.role,
 				       sizeof(u_int8_t));
+		if (test_bit(ATTR_DCCP_SEQ, ct->set))
+			nfnl_addattr_l(&req->nlh, size,
+				       CTA_PROTOINFO_DCCP_SEQ,
+				       &ct->protoinfo.dccp.seq,
+				       sizeof(u_int64_t));
 		nfnl_nest_end(&req->nlh, nest_proto);
 		nfnl_nest_end(&req->nlh, nest);
 	default:
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 90eea03..a76edf4 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -256,6 +256,12 @@ static void copy_attr_dccp_role(struct nf_conntrack *dest,
 	dest->protoinfo.dccp.role = orig->protoinfo.dccp.role;
 }
 
+static void copy_attr_dccp_seq(struct nf_conntrack *dest,
+			       const struct nf_conntrack *orig)
+{
+	dest->protoinfo.dccp.seq = orig->protoinfo.dccp.seq;
+}
+
 static void copy_attr_snat_ipv4(struct nf_conntrack *dest,
 				const struct nf_conntrack *orig)
 {
@@ -448,4 +454,5 @@ copy_attr copy_attr_array[ATTR_MAX] = {
 	[ATTR_HELPER_NAME]		= copy_attr_helper_name,
 	[ATTR_DCCP_STATE]		= copy_attr_dccp_state,
 	[ATTR_DCCP_ROLE]		= copy_attr_dccp_role,
+	[ATTR_DCCP_SEQ]			= copy_attr_dccp_seq,
 };
diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c
index 6e50a5b..4314058 100644
--- a/src/conntrack/getter.c
+++ b/src/conntrack/getter.c
@@ -297,6 +297,11 @@ static const void *get_attr_dccp_role(const struct nf_conntrack *ct)
 	return &ct->protoinfo.dccp.role;
 }
 
+static const void *get_attr_dccp_seq(const struct nf_conntrack *ct)
+{
+	return &ct->protoinfo.dccp.seq;
+}
+
 get_attr get_attr_array[ATTR_MAX] = {
 	[ATTR_ORIG_IPV4_SRC]		= get_attr_orig_ipv4_src,
 	[ATTR_ORIG_IPV4_DST] 		= get_attr_orig_ipv4_dst,
@@ -356,4 +361,5 @@ get_attr get_attr_array[ATTR_MAX] = {
 	[ATTR_HELPER_NAME]		= get_attr_helper_name,
 	[ATTR_DCCP_STATE]		= get_attr_dccp_state,
 	[ATTR_DCCP_ROLE]		= get_attr_dccp_role,
+	[ATTR_DCCP_SEQ]			= get_attr_dccp_seq,
 };
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 98e4d7d..99dc913 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -261,6 +261,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
                         *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_ROLE-1]);
 		set_bit(ATTR_DCCP_ROLE, ct->set);
 	}
+	if (tb[CTA_PROTOINFO_DCCP_SEQ-1]) {
+                ct->protoinfo.dccp.seq =
+                        *(u_int64_t *)NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]);
+		set_bit(ATTR_DCCP_SEQ, ct->set);
+	}
 }
 
 static void __parse_protoinfo(const struct nfattr *attr,
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index 3fe74c5..da7d4b1 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -324,6 +324,11 @@ static void set_attr_dccp_role(struct nf_conntrack *ct, const void *value)
 	ct->protoinfo.dccp.role = *((u_int8_t *) value);
 }
 
+static void set_attr_dccp_seq(struct nf_conntrack *ct, const void *value)
+{
+	ct->protoinfo.dccp.seq = *((u_int64_t *) value);
+}
+
 static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
 
 set_attr set_attr_array[ATTR_MAX] = {
@@ -385,4 +390,5 @@ set_attr set_attr_array[ATTR_MAX] = {
 	[ATTR_HELPER_NAME]	= set_attr_helper_name,
 	[ATTR_DCCP_STATE]	= set_attr_dccp_state,
 	[ATTR_DCCP_ROLE]	= set_attr_dccp_role,
+	[ATTR_DCCP_SEQ]		= set_attr_dccp_seq,
 };

More information about the netfilter-cvslog mailing list