diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-07 00:27:51 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-07 00:50:15 +0100 |
commit | 8259e6dca13127e51f81ca7e75e419969417597f (patch) | |
tree | 87c73ec7f098ee053a746d0b2eac3574a61c32b2 | |
parent | f7824f63ae45c4979abe95fd3e7702eacd63bec1 (diff) | |
download | conntrack-tools-8259e6dca13127e51f81ca7e75e419969417597f.tar.gz conntrack-tools-8259e6dca13127e51f81ca7e75e419969417597f.zip |
conntrackd: add NAT expectation support
This patch adds the missing bits to support NAT expectation support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/network.h | 4 | ||||
-rw-r--r-- | src/build.c | 15 | ||||
-rw-r--r-- | src/parse.c | 23 |
3 files changed, 42 insertions, 0 deletions
diff --git a/include/network.h b/include/network.h index f3ee9ed..f3b1f8e 100644 --- a/include/network.h +++ b/include/network.h @@ -270,6 +270,10 @@ enum nta_exp_attr { NTA_EXP_TIMEOUT, /* uint32_t */ NTA_EXP_FLAGS, /* uint32_t */ NTA_EXP_CLASS, /* uint32_t */ + NTA_EXP_NAT_IPV4, /* struct nfct_attr_grp_ipv4 */ + NTA_EXP_NAT_PORT, /* struct nfct_attr_grp_port */ + NTA_EXP_NAT_L4PROTO, /* uint8_t */ + NTA_EXP_NAT_DIR, /* uint32_t */ NTA_EXP_MAX }; diff --git a/src/build.c b/src/build.c index b845e0b..c07f429 100644 --- a/src/build.c +++ b/src/build.c @@ -324,4 +324,19 @@ void exp2msg(const struct nf_expect *exp, struct nethdr *n) exp_build_u32(exp, ATTR_EXP_FLAGS, n, NTA_EXP_FLAGS); if (nfexp_attr_is_set(exp, ATTR_EXP_CLASS)) exp_build_u32(exp, ATTR_EXP_CLASS, n, NTA_EXP_CLASS); + + /* include NAT information, if any. */ + ct = nfexp_get_attr(exp, ATTR_EXP_NAT_TUPLE); + if (ct != NULL) { + if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_IPV4)) { + ct_build_group(ct, ATTR_GRP_ORIG_IPV4, n, + NTA_EXP_NAT_IPV4, + sizeof(struct nfct_attr_grp_ipv4)); + } + ct_build_u8(ct, ATTR_L4PROTO, n, NTA_EXP_NAT_L4PROTO); + if (exp_l4proto_fcn[l4proto].build) + exp_l4proto_fcn[l4proto].build(ct, n, NTA_EXP_NAT_PORT); + + exp_build_u32(exp, ATTR_EXP_NAT_DIR, n, NTA_EXP_NAT_DIR); + } } diff --git a/src/parse.c b/src/parse.c index f1fd628..2430001 100644 --- a/src/parse.c +++ b/src/parse.c @@ -346,6 +346,29 @@ static struct exp_parser { .exp_attr = ATTR_EXP_CLASS, .size = NTA_SIZE(sizeof(uint32_t)), }, + [NTA_EXP_NAT_IPV4] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_GRP_ORIG_IPV4, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_ipv4)), + }, + [NTA_EXP_NAT_L4PROTO] = { + .parse = exp_parse_ct_u8, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_L4PROTO, + .size = NTA_SIZE(sizeof(uint8_t)), + }, + [NTA_EXP_NAT_PORT] = { + .parse = exp_parse_ct_group, + .exp_attr = ATTR_EXP_NAT_TUPLE, + .ct_attr = ATTR_GRP_ORIG_PORT, + .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), + }, + [NTA_EXP_NAT_DIR] = { + .parse = exp_parse_u32, + .exp_attr = ATTR_EXP_NAT_DIR, + .size = NTA_SIZE(sizeof(uint32_t)), + }, }; static void exp_parse_ct_group(void *ct, int attr, void *data) |