[conntrack-tools] build: use TLV format for SCTP/DCCP protocol information

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Sat Jun 13 03:56:32 CEST 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=d9c0564db6b3f3ecb196508458a91b03d45fadb2
commit d9c0564db6b3f3ecb196508458a91b03d45fadb2
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Jun 12 18:35:11 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Jun 12 18:35:11 2009 +0200

    build: use TLV format for SCTP/DCCP protocol information
    
    In 400ae54438c4b85126f9fab0ae1dc067823b70f7, we added the SCTP
    support by means of a structure that was encapsulated in an
    TLV attribute. However, this structure didn't handle alignment
    and endianess issues appropriately. Similar problem was
    introduced in b808645ec71b7cc22cf5106b3d79625d07e6077c along
    with the DCCP support.
    
    This patch moves every field of this structure to independent
    attributes. I decided not to use nesting to make building and
    parsing more simple.
    
    Using TLV is a good idea, specially for DCCP and SCTP that are
    under development and that may include new fields and obsolete
    them in the future.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  d9c0564db6b3f3ecb196508458a91b03d45fadb2 (commit)
      from  8fc9066ee62d17cdb76bc064c945da3bb0d2e2a3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d9c0564db6b3f3ecb196508458a91b03d45fadb2
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Fri Jun 12 18:35:11 2009 +0200

    build: use TLV format for SCTP/DCCP protocol information
    
    In 400ae54438c4b85126f9fab0ae1dc067823b70f7, we added the SCTP
    support by means of a structure that was encapsulated in an
    TLV attribute. However, this structure didn't handle alignment
    and endianess issues appropriately. Similar problem was
    introduced in b808645ec71b7cc22cf5106b3d79625d07e6077c along
    with the DCCP support.
    
    This patch moves every field of this structure to independent
    attributes. I decided not to use nesting to make building and
    parsing more simple.
    
    Using TLV is a good idea, specially for DCCP and SCTP that are
    under development and that may include new fields and obsolete
    them in the future.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 include/network.h |   18 ++++++------------
 src/build.c       |   35 +++++++++--------------------------
 src/parse.c       |   50 ++++++++++++++++++++++++--------------------------
 3 files changed, 39 insertions(+), 64 deletions(-)
In 400ae54438c4b85126f9fab0ae1dc067823b70f7, we added the SCTP
support by means of a structure that was encapsulated in an
TLV attribute. However, this structure didn't handle alignment
and endianess issues appropriately. Similar problem was
introduced in b808645ec71b7cc22cf5106b3d79625d07e6077c along
with the DCCP support.

This patch moves every field of this structure to independent
attributes. I decided not to use nesting to make building and
parsing more simple.

Using TLV is a good idea, specially for DCCP and SCTP that are
under development and that may include new fields and obsolete
them in the future.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/include/network.h b/include/network.h
index 2786585..3248245 100644
--- a/include/network.h
+++ b/include/network.h
@@ -199,7 +199,7 @@ enum nta_attr {
 	NTA_IPV6,		/* struct nfct_attr_grp_ipv6 */
 	NTA_L4PROTO,		/* uint8_t */
 	NTA_PORT,		/* struct nfct_attr_grp_port */
-	NTA_STATE_TCP = 4,	/* uint8_t */
+	NTA_TCP_STATE = 4,	/* uint8_t */
 	NTA_STATUS,		/* uint32_t */
 	NTA_TIMEOUT,		/* uint32_t */
 	NTA_MARK,		/* uint32_t */
@@ -212,8 +212,11 @@ enum nta_attr {
 	NTA_SPAT_PORT,		/* uint16_t */
 	NTA_DPAT_PORT,		/* uint16_t */
 	NTA_NAT_SEQ_ADJ = 16,	/* struct nta_attr_natseqadj */
-	NTA_STATE_SCTP,		/* struct nta_attr_sctp */
-	NTA_STATE_DCCP,		/* struct nta_attr_dccp */
+	NTA_SCTP_STATE,		/* uint8_t */
+	NTA_SCTP_VTAG_ORIG,	/* uint32_t */
+	NTA_SCTP_VTAG_REPL,	/* uint32_t */
+	NTA_DCCP_STATE = 20,	/* uint8_t */
+	NTA_DCCP_ROLE,		/* uint8_t */
 	NTA_MAX
 };
 
@@ -226,15 +229,6 @@ struct nta_attr_natseqadj {
 	uint32_t repl_seq_offset_after;
 };
 
-struct nta_attr_sctp {
-	uint8_t state;
-	uint32_t vtag_orig, vtag_repl;
-};
-
-struct nta_attr_dccp {
-	uint8_t state, role;
-};
-
 void build_payload(const struct nf_conntrack *ct, struct nethdr *n);
 
 int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
diff --git a/src/build.c b/src/build.c
index b2eeeee..92760f2 100644
--- a/src/build.c
+++ b/src/build.c
@@ -92,27 +92,6 @@ __build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n)
 	addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj));
 }
 
-static inline void 
-__build_sctp(const struct nf_conntrack *ct, struct nethdr *n)
-{
-	struct nta_attr_sctp data = {
-		.state = nfct_get_attr_u8(ct, ATTR_SCTP_STATE),
-		.vtag_orig = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_ORIG)),
-		.vtag_repl = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_REPL)),
-	};
-	addattr(n, NTA_STATE_SCTP, &data, sizeof(struct nta_attr_sctp));
-}
-
-static inline void 
-__build_dccp(const struct nf_conntrack *ct, struct nethdr *n)
-{
-	struct nta_attr_dccp data = {
-		.state = nfct_get_attr_u8(ct, ATTR_DCCP_STATE),
-		.role = nfct_get_attr_u8(ct, ATTR_DCCP_ROLE),
-	};
-	addattr(n, NTA_STATE_DCCP, &data, sizeof(struct nta_attr_dccp));
-}
-
 static enum nf_conntrack_attr nat_type[] =
 	{ ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE,
 	  ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS,
@@ -138,11 +117,15 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
 	__build_u32(ct, ATTR_STATUS, n, NTA_STATUS); 
 
 	if (nfct_attr_is_set(ct, ATTR_TCP_STATE))
-		__build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE_TCP);
-	else if (nfct_attr_is_set(ct, ATTR_SCTP_STATE))
-		__build_sctp(ct, n);
-	else if (nfct_attr_is_set(ct, ATTR_DCCP_STATE))
-		__build_dccp(ct, n);
+		__build_u8(ct, ATTR_TCP_STATE, n, NTA_TCP_STATE);
+	else if (nfct_attr_is_set(ct, ATTR_SCTP_STATE)) {
+		__build_u8(ct, ATTR_SCTP_STATE, n, NTA_SCTP_STATE);
+		__build_u32(ct, ATTR_SCTP_VTAG_ORIG, n, NTA_SCTP_VTAG_ORIG);
+		__build_u32(ct, ATTR_SCTP_VTAG_REPL, n, NTA_SCTP_VTAG_REPL);
+	} else if (nfct_attr_is_set(ct, ATTR_DCCP_STATE)) {
+		__build_u8(ct, ATTR_DCCP_STATE, n, NTA_DCCP_STATE);
+		__build_u8(ct, ATTR_DCCP_ROLE, n, NTA_DCCP_ROLE);
+	}
 
 	if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT))
 		__build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT);
diff --git a/src/parse.c b/src/parse.c
index 100177b..1bdfcc7 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -29,8 +29,6 @@ static void parse_u16(struct nf_conntrack *ct, int attr, void *data);
 static void parse_u32(struct nf_conntrack *ct, int attr, void *data);
 static void parse_group(struct nf_conntrack *ct, int attr, void *data);
 static void parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data);
-static void parse_sctp(struct nf_conntrack *ct, int attr, void *data);
-static void parse_dccp(struct nf_conntrack *ct, int attr, void *data);
 
 struct parser {
 	void 	(*parse)(struct nf_conntrack *ct, int attr, void *data);
@@ -59,7 +57,7 @@ static struct parser h[NTA_MAX] = {
 		.attr	= ATTR_L4PROTO,
 		.size	= NTA_SIZE(sizeof(uint8_t)),
 	},
-	[NTA_STATE_TCP] = {
+	[NTA_TCP_STATE] = {
 		.parse	= parse_u8,
 		.attr	= ATTR_TCP_STATE,
 		.size	= NTA_SIZE(sizeof(uint8_t)),
@@ -123,13 +121,30 @@ static struct parser h[NTA_MAX] = {
 		.parse	= parse_nat_seq_adj,
 		.size	= NTA_SIZE(sizeof(struct nta_attr_natseqadj)),
 	},
-	[NTA_STATE_SCTP] = {
-		.parse	= parse_sctp,
-		.size	= NTA_SIZE(sizeof(struct nta_attr_sctp)),
+	[NTA_SCTP_STATE] = {
+		.parse	= parse_u8,
+		.attr	= ATTR_SCTP_STATE,
+		.size	= NTA_SIZE(sizeof(uint8_t)),
 	},
-	[NTA_STATE_DCCP] = {
-		.parse	= parse_dccp,
-		.size	= NTA_SIZE(sizeof(struct nta_attr_dccp)),
+	[NTA_SCTP_VTAG_ORIG] = {
+		.parse	= parse_u32,
+		.attr	= ATTR_SCTP_VTAG_ORIG,
+		.size	= NTA_SIZE(sizeof(uint32_t)),
+	},
+	[NTA_SCTP_VTAG_REPL] = {
+		.parse	= parse_u32,
+		.attr	= ATTR_SCTP_VTAG_REPL,
+		.size	= NTA_SIZE(sizeof(uint32_t)),
+	},
+	[NTA_DCCP_STATE] = {
+		.parse	= parse_u8,
+		.attr	= ATTR_DCCP_STATE,
+		.size	= NTA_SIZE(sizeof(uint8_t)),
+	},
+	[NTA_DCCP_ROLE] = {
+		.parse	= parse_u8,
+		.attr	= ATTR_DCCP_ROLE,
+		.size	= NTA_SIZE(sizeof(uint8_t)),
 	},
 };
 
@@ -178,23 +193,6 @@ parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data)
 			  ntohl(this->orig_seq_correction_pos));
 }
 
-static void
-parse_sctp(struct nf_conntrack *ct, int attr, void *data)
-{
-	struct nta_attr_sctp *this = data;
-	nfct_set_attr_u8(ct, ATTR_SCTP_STATE, this->state);
-	nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_ORIG, ntohl(this->vtag_orig));
-	nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_REPL, ntohl(this->vtag_repl));
-}
-
-static void
-parse_dccp(struct nf_conntrack *ct, int attr, void *data)
-{
-	struct nta_attr_dccp *this = data;
-	nfct_set_attr_u8(ct, ATTR_DCCP_STATE, this->state);
-	nfct_set_attr_u8(ct, ATTR_DCCP_ROLE, this->role);
-}
-
 int parse_payload(struct nf_conntrack *ct, struct nethdr *net, size_t remain)
 {
 	int len;



More information about the netfilter-cvslog mailing list