From e8f5931a39ba8a48efcba953998396fc5d778278 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 15 Jun 2010 10:27:03 -0700
Subject: This patch move the ports addition to the layer 4 functions, instead
 of checking for the port attribute. It also adds a function for UDP otherwise
 we break support for this protocol.

---
 src/build.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/build.c b/src/build.c
index 6d8b12e..8f9d0b1 100644
--- a/src/build.c
+++ b/src/build.c
@@ -99,6 +99,9 @@ static enum nf_conntrack_attr nat_type[] =
 
 static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n)
 {
+	__build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+		sizeof(struct nfct_attr_grp_port));
+
 	if (!nfct_attr_is_set(ct, ATTR_TCP_STATE))
 		return;
 
@@ -107,6 +110,9 @@ static void build_l4proto_tcp(const struct nf_conntrack *ct, struct nethdr *n)
 
 static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n)
 {
+	__build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+		sizeof(struct nfct_attr_grp_port));
+
 	if (!nfct_attr_is_set(ct, ATTR_SCTP_STATE))
 		return;
 
@@ -117,6 +123,9 @@ static void build_l4proto_sctp(const struct nf_conntrack *ct, struct nethdr *n)
 
 static void build_l4proto_dccp(const struct nf_conntrack *ct, struct nethdr *n)
 {
+	__build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+		sizeof(struct nfct_attr_grp_port));
+
 	if (!nfct_attr_is_set(ct, ATTR_DCCP_STATE))
 		return;
 
@@ -131,6 +140,12 @@ static void build_l4proto_icmp(const struct nf_conntrack *ct, struct nethdr *n)
 	__build_u16(ct, ATTR_ICMP_ID, n, NTA_ICMP_ID);
 }
 
+static void build_l4proto_udp(const struct nf_conntrack *ct, struct nethdr *n)
+{
+	__build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
+		sizeof(struct nfct_attr_grp_port));
+}
+
 #ifndef IPPROTO_DCCP
 #define IPPROTO_DCCP 33
 #endif
@@ -142,6 +157,7 @@ static struct build_l4proto {
 	[IPPROTO_SCTP]		= { .build = build_l4proto_sctp },
 	[IPPROTO_DCCP]		= { .build = build_l4proto_dccp },
 	[IPPROTO_ICMP]		= { .build = build_l4proto_icmp },
+	[IPPROTO_UDP]           = { .build = build_l4proto_udp },
 };
 
 void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
@@ -156,13 +172,8 @@ void build_payload(const struct nf_conntrack *ct, struct nethdr *n)
 			      sizeof(struct nfct_attr_grp_ipv6));
 	}
 
+	__build_u32(ct, ATTR_STATUS, n, NTA_STATUS);
 	__build_u8(ct, ATTR_L4PROTO, n, NTA_L4PROTO);
-	if (nfct_attr_grp_is_set(ct, ATTR_GRP_ORIG_PORT)) {
-		__build_group(ct, ATTR_GRP_ORIG_PORT, n, NTA_PORT,
-			      sizeof(struct nfct_attr_grp_port));
-	}
-
-	__build_u32(ct, ATTR_STATUS, n, NTA_STATUS); 
 
 	if (l4proto_fcn[l4proto].build)
 		l4proto_fcn[l4proto].build(ct, n);
-- 
cgit v1.2.3