summaryrefslogtreecommitdiff
path: root/src/ignore_pool.c
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-02 04:35:05 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2008-02-02 04:35:05 +0000
commit6f7bc84fb819e87a9145394b0e08fd194b1497da (patch)
tree01148959534277e1135231e08676c822f709c3df /src/ignore_pool.c
parentc66ed8fdb8b64fcb8973f6b60a9696b59ba29ee6 (diff)
downloadconntrack-tools-6f7bc84fb819e87a9145394b0e08fd194b1497da.tar.gz
conntrack-tools-6f7bc84fb819e87a9145394b0e08fd194b1497da.zip
add IPv6 support to conntrackd
Diffstat (limited to 'src/ignore_pool.c')
-rw-r--r--src/ignore_pool.c65
1 files changed, 39 insertions, 26 deletions
diff --git a/src/ignore_pool.c b/src/ignore_pool.c
index 2d898d1..027d628 100644
--- a/src/ignore_pool.c
+++ b/src/ignore_pool.c
@@ -26,7 +26,7 @@
#include <stdlib.h>
#include <string.h>
-/* XXX: These should be configurable */
+/* XXX: These should be configurable, better use a rb-tree */
#define IGNORE_POOL_SIZE 128
#define IGNORE_POOL_LIMIT INT_MAX
@@ -55,7 +55,7 @@ static int compare6(const void *data1, const void *data2)
return memcmp(data1, data2, sizeof(uint32_t)*4) == 0;
}
-struct ignore_pool *ignore_pool_create(uint8_t proto)
+struct ignore_pool *ignore_pool_create(void)
{
struct ignore_pool *ip;
@@ -64,24 +64,23 @@ struct ignore_pool *ignore_pool_create(uint8_t proto)
return NULL;
memset(ip, 0, sizeof(struct ignore_pool));
- switch(proto) {
- case AF_INET:
- ip->h = hashtable_create(IGNORE_POOL_SIZE,
- IGNORE_POOL_LIMIT,
- sizeof(uint32_t),
- hash,
- compare);
- break;
- case AF_INET6:
- ip->h = hashtable_create(IGNORE_POOL_SIZE,
- IGNORE_POOL_LIMIT,
- sizeof(uint32_t)*4,
- hash6,
- compare6);
- break;
+ ip->h = hashtable_create(IGNORE_POOL_SIZE,
+ IGNORE_POOL_LIMIT,
+ sizeof(uint32_t),
+ hash,
+ compare);
+ if (!ip->h) {
+ free(ip);
+ return NULL;
}
- if (!ip->h) {
+ ip->h6 = hashtable_create(IGNORE_POOL_SIZE,
+ IGNORE_POOL_LIMIT,
+ sizeof(uint32_t)*4,
+ hash6,
+ compare6);
+ if (!ip->h6) {
+ free(ip->h);
free(ip);
return NULL;
}
@@ -92,20 +91,31 @@ struct ignore_pool *ignore_pool_create(uint8_t proto)
void ignore_pool_destroy(struct ignore_pool *ip)
{
hashtable_destroy(ip->h);
+ hashtable_destroy(ip->h6);
free(ip);
}
-int ignore_pool_add(struct ignore_pool *ip, void *data)
+int ignore_pool_add(struct ignore_pool *ip, void *data, uint8_t family)
{
- if (!hashtable_add(ip->h, data))
- return 0;
-
+ switch(family) {
+ case AF_INET:
+ if (!hashtable_add(ip->h, data))
+ return 0;
+ break;
+ case AF_INET6:
+ if (!hashtable_add(ip->h6, data))
+ return 0;
+ break;
+ }
return 1;
}
static int
__ignore_pool_test_ipv4(struct ignore_pool *ip, struct nf_conntrack *ct)
{
+ if (!ip->h)
+ return 0;
+
return (hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_DST)) ||
hashtable_test(ip->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)) ||
@@ -115,10 +125,13 @@ __ignore_pool_test_ipv4(struct ignore_pool *ip, struct nf_conntrack *ct)
static int
__ignore_pool_test_ipv6(struct ignore_pool *ip, struct nf_conntrack *ct)
{
- return (hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
- hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV6_DST)) ||
- hashtable_test(ip->h, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)) ||
- hashtable_test(ip->h, nfct_get_attr(ct, ATTR_REPL_IPV6_DST)));
+ if (!ip->h6)
+ return 0;
+
+ return (hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
+ hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_DST)) ||
+ hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)) ||
+ hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_DST)));
}
int ignore_pool_test(struct ignore_pool *ip, struct nf_conntrack *ct)