From e8f5931a39ba8a48efcba953998396fc5d778278 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 15 Jun 2010 10:27:03 -0700 Subject: This patch move the ports addition to the layer 4 functions, instead of checking for the port attribute. It also adds a function for UDP otherwise we break support for this protocol. --- src/build.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/build.c b/src/build.c index 6d8b12e..8f9d0b1 100644 --- a/src/build.c +++ b/src/build.c @@ -99,6 +99,9 @@ static enum nf_conntrack_attr nat_type[] = static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n) { + __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + if (!nfct_attr_is_set(ct, ATTR_TCP_STATE)) return; @@ -107,6 +110,9 @@ static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n) static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n) { + __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + if (!nfct_attr_is_set(ct, ATTR_SCTP_STATE)) return; @@ -117,6 +123,9 @@ static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n) static void build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n) { + __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); + if (!nfct_attr_is_set(ct, ATTR_DCCP_STATE)) return; @@ -131,6 +140,12 @@ static void build_l4proto_icmp(const struct nf_conntrack *ct, struct nethdr *n) __build_u16(ct, ATTR_ICMP_ID, n, NTA_ICMP_ID); } +static void build_l4proto_udp(const struct nf_conntrack *ct, struct nethdr *n) +{ + __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, + sizeof(struct nfct_attr_grp_port)); +} + #ifndef IPPROTO_DCCP #define IPPROTO_DCCP 33 #endif @@ -142,6 +157,7 @@ static struct build_l4proto { [IPPROTO_SCTP] = { .build = build_l4proto_sctp }, [IPPROTO_DCCP] = { .build = build_l4proto_dccp }, [IPPROTO_ICMP] = { .build = build_l4proto_icmp }, + [IPPROTO_UDP] = { .build = build_l4proto_udp }, }; void build_payload(const struct nf_conntrack *ct, struct nethdr *n) @@ -156,13 +172,8 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n) sizeof(struct nfct_attr_grp_ipv6)); } + __build_u32(ct, ATTR_STATUS, n, NTA_STATUS); __build_u8(ct, ATTR_L4PROTO, n, NTA_L4PROTO); - if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_PORT)) { - __build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT, - sizeof(struct nfct_attr_grp_port)); - } - - __build_u32(ct, ATTR_STATUS, n, NTA_STATUS); if (l4proto_fcn[l4proto].build) l4proto_fcn[l4proto].build(ct, n); -- cgit v1.2.3