[conntrack-tools] sync: add support for DCCP state replication
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sat May 9 22:01:17 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=b808645ec71b7cc22cf5106b3d79625d07e6077c
commit b808645ec71b7cc22cf5106b3d79625d07e6077c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Apr 24 12:23:03 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Apr 24 12:23:03 2009 +0200
sync: add support for DCCP state replication
This patch adds initial support for DCCP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via b808645ec71b7cc22cf5106b3d79625d07e6077c (commit)
from 7866b938a909439fa09ea7f16f8676cdac5ea532 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b808645ec71b7cc22cf5106b3d79625d07e6077c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Apr 24 12:23:03 2009 +0200
sync: add support for DCCP state replication
This patch adds initial support for DCCP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 1 +
doc/sync/ftfw/conntrackd.conf | 1 +
doc/sync/notrack/conntrackd.conf | 1 +
include/network.h | 5 +++++
src/build.c | 12 ++++++++++++
src/parse.c | 13 +++++++++++++
6 files changed, 33 insertions(+), 0 deletions(-)
This patch adds initial support for DCCP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 4607ad1..a108569 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -324,6 +324,7 @@ General {
Protocol Accept {
TCP
SCTP
+ DCCP
}
#
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 3135c6c..c1208f9 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -333,6 +333,7 @@ General {
Protocol Accept {
TCP
SCTP
+ DCCP
}
#
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index ff8a8a2..b528fab 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -314,6 +314,7 @@ General {
Protocol Accept {
TCP
SCTP
+ DCCP
}
#
diff --git a/include/network.h b/include/network.h
index 06c0463..2786585 100644
--- a/include/network.h
+++ b/include/network.h
@@ -213,6 +213,7 @@ enum nta_attr {
NTA_DPAT_PORT, /* uint16_t */
NTA_NAT_SEQ_ADJ = 16, /* struct nta_attr_natseqadj */
NTA_STATE_SCTP, /* struct nta_attr_sctp */
+ NTA_STATE_DCCP, /* struct nta_attr_dccp */
NTA_MAX
};
@@ -230,6 +231,10 @@ struct nta_attr_sctp {
uint32_t vtag_orig, vtag_repl;
};
+struct nta_attr_dccp {
+ uint8_t state, role;
+};
+
void build_payload(const struct nf_conntrack *ct, struct nethdr *n);
int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
diff --git a/src/build.c b/src/build.c
index 6b0fad7..a02a912 100644
--- a/src/build.c
+++ b/src/build.c
@@ -103,6 +103,16 @@ __build_sctp(const struct nf_conntrack *ct, struct nethdr *n)
addattr(n, NTA_STATE_SCTP, &data, sizeof(struct nta_attr_sctp));
}
+static inline void
+__build_dccp(const struct nf_conntrack *ct, struct nethdr *n)
+{
+ struct nta_attr_dccp data = {
+ .state = nfct_get_attr_u8(ct, ATTR_DCCP_STATE),
+ .role = nfct_get_attr_u8(ct, ATTR_DCCP_ROLE),
+ };
+ addattr(n, NTA_STATE_DCCP, &data, sizeof(struct nta_attr_dccp));
+}
+
static enum nf_conntrack_attr nat_type[] =
{ ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE,
ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS,
@@ -131,6 +141,8 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
__build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE_TCP);
else if (nfct_attr_is_set(ct, ATTR_SCTP_STATE))
__build_sctp(ct, n);
+ else if (nfct_attr_is_set(ct, ATTR_DCCP_STATE))
+ __build_dccp(ct, n);
if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT))
__build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT);
diff --git a/src/parse.c b/src/parse.c
index d14910a..100177b 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -30,6 +30,7 @@ static void parse_u32(struct nf_conntrack *ct, int attr, void *data);
static void parse_group(struct nf_conntrack *ct, int attr, void *data);
static void parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data);
static void parse_sctp(struct nf_conntrack *ct, int attr, void *data);
+static void parse_dccp(struct nf_conntrack *ct, int attr, void *data);
struct parser {
void (*parse)(struct nf_conntrack *ct, int attr, void *data);
@@ -126,6 +127,10 @@ static struct parser h[NTA_MAX] = {
.parse = parse_sctp,
.size = NTA_SIZE(sizeof(struct nta_attr_sctp)),
},
+ [NTA_STATE_DCCP] = {
+ .parse = parse_dccp,
+ .size = NTA_SIZE(sizeof(struct nta_attr_dccp)),
+ },
};
static void
@@ -182,6 +187,14 @@ parse_sctp(struct nf_conntrack *ct, int attr, void *data)
nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_REPL, ntohl(this->vtag_repl));
}
+static void
+parse_dccp(struct nf_conntrack *ct, int attr, void *data)
+{
+ struct nta_attr_dccp *this = data;
+ nfct_set_attr_u8(ct, ATTR_DCCP_STATE, this->state);
+ nfct_set_attr_u8(ct, ATTR_DCCP_ROLE, this->role);
+}
+
int parse_payload(struct nf_conntrack *ct, struct nethdr *net, size_t remain)
{
int len;
More information about the netfilter-cvslog
mailing list