[conntrack-tools] sync: add support for SCTP state replication
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Sat Apr 18 19:37:34 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=400ae54438c4b85126f9fab0ae1dc067823b70f7
commit 400ae54438c4b85126f9fab0ae1dc067823b70f7
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Sat Apr 18 19:36:38 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Sat Apr 18 19:36:38 2009 +0200
sync: add support for SCTP state replication
This patch adds initial support for SCTP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 400ae54438c4b85126f9fab0ae1dc067823b70f7 (commit)
from a9554339451a0698e33b0964d0e8113f714470a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 400ae54438c4b85126f9fab0ae1dc067823b70f7
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sat Apr 18 19:36:38 2009 +0200
sync: add support for SCTP state replication
This patch adds initial support for SCTP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 1 +
doc/sync/ftfw/conntrackd.conf | 1 +
doc/sync/notrack/conntrackd.conf | 1 +
include/network.h | 8 +++++++-
src/build.c | 16 +++++++++++++++-
src/parse.c | 16 +++++++++++++++-
6 files changed, 40 insertions(+), 3 deletions(-)
This patch adds initial support for SCTP state replication.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 793e953..4607ad1 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -323,6 +323,7 @@ General {
#
Protocol Accept {
TCP
+ SCTP
}
#
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 6eb4475..3135c6c 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -332,6 +332,7 @@ General {
#
Protocol Accept {
TCP
+ SCTP
}
#
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index e2085f7..ff8a8a2 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -313,6 +313,7 @@ General {
#
Protocol Accept {
TCP
+ SCTP
}
#
diff --git a/include/network.h b/include/network.h
index b182339..06c0463 100644
--- a/include/network.h
+++ b/include/network.h
@@ -199,7 +199,7 @@ enum nta_attr {
NTA_IPV6, /* struct nfct_attr_grp_ipv6 */
NTA_L4PROTO, /* uint8_t */
NTA_PORT, /* struct nfct_attr_grp_port */
- NTA_STATE = 4, /* uint8_t */
+ NTA_STATE_TCP = 4, /* uint8_t */
NTA_STATUS, /* uint32_t */
NTA_TIMEOUT, /* uint32_t */
NTA_MARK, /* uint32_t */
@@ -212,6 +212,7 @@ enum nta_attr {
NTA_SPAT_PORT, /* uint16_t */
NTA_DPAT_PORT, /* uint16_t */
NTA_NAT_SEQ_ADJ = 16, /* struct nta_attr_natseqadj */
+ NTA_STATE_SCTP, /* struct nta_attr_sctp */
NTA_MAX
};
@@ -224,6 +225,11 @@ struct nta_attr_natseqadj {
uint32_t repl_seq_offset_after;
};
+struct nta_attr_sctp {
+ uint8_t state;
+ uint32_t vtag_orig, vtag_repl;
+};
+
void build_payload(const struct nf_conntrack *ct, struct nethdr *n);
int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
diff --git a/src/build.c b/src/build.c
index 63a85db..6b0fad7 100644
--- a/src/build.c
+++ b/src/build.c
@@ -92,6 +92,17 @@ __build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n)
addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj));
}
+static inline void
+__build_sctp(const struct nf_conntrack *ct, struct nethdr *n)
+{
+ struct nta_attr_sctp data = {
+ .state = nfct_get_attr_u8(ct, ATTR_SCTP_STATE),
+ .vtag_orig = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_ORIG)),
+ .vtag_repl = htonl(nfct_get_attr_u32(ct, ATTR_SCTP_VTAG_REPL)),
+ };
+ addattr(n, NTA_STATE_SCTP, &data, sizeof(struct nta_attr_sctp));
+}
+
static enum nf_conntrack_attr nat_type[] =
{ ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE,
ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS,
@@ -117,7 +128,10 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
__build_u32(ct, ATTR_STATUS, n, NTA_STATUS);
if (nfct_attr_is_set(ct, ATTR_TCP_STATE))
- __build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE);
+ __build_u8(ct, ATTR_TCP_STATE, n, NTA_STATE_TCP);
+ else if (nfct_attr_is_set(ct, ATTR_SCTP_STATE))
+ __build_sctp(ct, n);
+
if (!CONFIG(commit_timeout) && nfct_attr_is_set(ct, ATTR_TIMEOUT))
__build_u32(ct, ATTR_TIMEOUT, n, NTA_TIMEOUT);
if (nfct_attr_is_set(ct, ATTR_MARK))
diff --git a/src/parse.c b/src/parse.c
index 76287fd..d14910a 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -29,6 +29,7 @@ static void parse_u16(struct nf_conntrack *ct, int attr, void *data);
static void parse_u32(struct nf_conntrack *ct, int attr, void *data);
static void parse_group(struct nf_conntrack *ct, int attr, void *data);
static void parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data);
+static void parse_sctp(struct nf_conntrack *ct, int attr, void *data);
struct parser {
void (*parse)(struct nf_conntrack *ct, int attr, void *data);
@@ -57,7 +58,7 @@ static struct parser h[NTA_MAX] = {
.attr = ATTR_L4PROTO,
.size = NTA_SIZE(sizeof(uint8_t)),
},
- [NTA_STATE] = {
+ [NTA_STATE_TCP] = {
.parse = parse_u8,
.attr = ATTR_TCP_STATE,
.size = NTA_SIZE(sizeof(uint8_t)),
@@ -121,6 +122,10 @@ static struct parser h[NTA_MAX] = {
.parse = parse_nat_seq_adj,
.size = NTA_SIZE(sizeof(struct nta_attr_natseqadj)),
},
+ [NTA_STATE_SCTP] = {
+ .parse = parse_sctp,
+ .size = NTA_SIZE(sizeof(struct nta_attr_sctp)),
+ },
};
static void
@@ -168,6 +173,15 @@ parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data)
ntohl(this->orig_seq_correction_pos));
}
+static void
+parse_sctp(struct nf_conntrack *ct, int attr, void *data)
+{
+ struct nta_attr_sctp *this = data;
+ nfct_set_attr_u8(ct, ATTR_SCTP_STATE, this->state);
+ nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_ORIG, ntohl(this->vtag_orig));
+ nfct_set_attr_u32(ct, ATTR_SCTP_VTAG_REPL, ntohl(this->vtag_repl));
+}
+
int parse_payload(struct nf_conntrack *ct, struct nethdr *net, size_t remain)
{
int len;
More information about the netfilter-cvslog
mailing list