summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2010-06-15 10:27:03 -0700
committerMohit Mehta <mohit.mehta@vyatta.com>2010-06-15 10:27:03 -0700
commite8f5931a39ba8a48efcba953998396fc5d778278 (patch)
tree5762097840c5e8ab01252bdf2b885439ab2225d1
parentd572d155e46095b5db6735a7c93dec8a97dcd353 (diff)
downloadconntrack-tools-e8f5931a39ba8a48efcba953998396fc5d778278.tar.gz
conntrack-tools-e8f5931a39ba8a48efcba953998396fc5d778278.zip
This patch move the ports addition to the layer 4 functions, instead
of checking for the port attribute. It also adds a function for UDP otherwise we break support for this protocol.
-rw-r--r--src/build.c23
1 files changed, 17 insertions, 6 deletions
diff --git a/src/build.c b/src/build.c
index 6d8b12e..8f9d0b1 100644
--- a/src/build.c
+++ b/src/build.c
@@ -99,6 +99,9 @@ static enum nf_conntrack_attr nat_type[] =
static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n)
{
+ __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+ sizeof(struct nfct_attr_grp_port));
+
if (!nfct_attr_is_set(ct, ATTR_TCP_STATE))
return;
@@ -107,6 +110,9 @@ static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n)
static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n)
{
+ __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+ sizeof(struct nfct_attr_grp_port));
+
if (!nfct_attr_is_set(ct, ATTR_SCTP_STATE))
return;
@@ -117,6 +123,9 @@ static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n)
static void build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n)
{
+ __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+ sizeof(struct nfct_attr_grp_port));
+
if (!nfct_attr_is_set(ct, ATTR_DCCP_STATE))
return;
@@ -131,6 +140,12 @@ static void build_l4proto_icmp(const struct nf_conntrack *ct, struct nethdr *n)
__build_u16(ct, ATTR_ICMP_ID, n, NTA_ICMP_ID);
}
+static void build_l4proto_udp(const struct nf_conntrack *ct, struct nethdr *n)
+{
+ __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+ sizeof(struct nfct_attr_grp_port));
+}
+
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
@@ -142,6 +157,7 @@ static struct build_l4proto {
[IPPROTO_SCTP] = { .build = build_l4proto_sctp },
[IPPROTO_DCCP] = { .build = build_l4proto_dccp },
[IPPROTO_ICMP] = { .build = build_l4proto_icmp },
+ [IPPROTO_UDP] = { .build = build_l4proto_udp },
};
void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
@@ -156,13 +172,8 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
sizeof(struct nfct_attr_grp_ipv6));
}
+ __build_u32(ct, ATTR_STATUS, n, NTA_STATUS);
__build_u8(ct, ATTR_L4PROTO, n, NTA_L4PROTO);
- if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_PORT)) {
- __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
- sizeof(struct nfct_attr_grp_port));
- }
-
- __build_u32(ct, ATTR_STATUS, n, NTA_STATUS);
if (l4proto_fcn[l4proto].build)
l4proto_fcn[l4proto].build(ct, n);