00001
00002
00003
00004
00005
00006
00007
00008 #include "internal/internal.h"
00009 #include <linux/icmp.h>
00010 #include <linux/icmpv6.h>
00011
00012 static const u_int8_t invmap_icmp[] = {
00013 [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
00014 [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
00015 [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
00016 [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
00017 [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
00018 [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
00019 [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
00020 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
00021 };
00022
00023 #ifndef ICMPV6_NI_QUERY
00024 #define ICMPV6_NI_QUERY 139
00025 #endif
00026
00027 #ifndef ICMPV6_NI_REPLY
00028 #define ICMPV6_NI_REPLY 140
00029 #endif
00030
00031 static const u_int8_t invmap_icmpv6[] = {
00032 [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
00033 [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
00034 [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
00035 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
00036 };
00037
00038 static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value)
00039 {
00040 ct->tuple[__DIR_ORIG].src.v4 = *((u_int32_t *) value);
00041 }
00042
00043 static void set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value)
00044 {
00045 ct->tuple[__DIR_ORIG].dst.v4 = *((u_int32_t *) value);
00046 }
00047
00048 static void set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value)
00049 {
00050 ct->tuple[__DIR_REPL].src.v4 = *((u_int32_t *) value);
00051 }
00052
00053 static void set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value)
00054 {
00055 ct->tuple[__DIR_REPL].dst.v4 = *((u_int32_t *) value);
00056 }
00057
00058 static void set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value)
00059 {
00060 memcpy(&ct->tuple[__DIR_ORIG].src.v6, value, sizeof(u_int32_t)*4);
00061 }
00062
00063 static void set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value)
00064 {
00065 memcpy(&ct->tuple[__DIR_ORIG].dst.v6, value, sizeof(u_int32_t)*4);
00066 }
00067
00068 static void set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value)
00069 {
00070 memcpy(&ct->tuple[__DIR_REPL].src.v6, value, sizeof(u_int32_t)*4);
00071 }
00072
00073 static void set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value)
00074 {
00075 memcpy(&ct->tuple[__DIR_REPL].dst.v6, value, sizeof(u_int32_t)*4);
00076 }
00077
00078 static void set_attr_orig_port_src(struct nf_conntrack *ct, const void *value)
00079 {
00080 ct->tuple[__DIR_ORIG].l4src.all = *((u_int16_t *) value);
00081 }
00082
00083 static void set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value)
00084 {
00085 ct->tuple[__DIR_ORIG].l4dst.all = *((u_int16_t *) value);
00086 }
00087
00088 static void set_attr_repl_port_src(struct nf_conntrack *ct, const void *value)
00089 {
00090 ct->tuple[__DIR_REPL].l4src.all = *((u_int16_t *) value);
00091 }
00092
00093 static void set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value)
00094 {
00095 ct->tuple[__DIR_REPL].l4dst.all = *((u_int16_t *) value);
00096 }
00097
00098 static void set_attr_icmp_type(struct nf_conntrack *ct, const void *value)
00099 {
00100 u_int8_t rtype;
00101
00102 ct->tuple[__DIR_ORIG].l4dst.icmp.type = *((u_int8_t *) value);
00103
00104 switch(ct->tuple[__DIR_ORIG].l3protonum) {
00105 case AF_INET:
00106 rtype = invmap_icmp[*((u_int8_t *) value)];
00107 break;
00108
00109 case AF_INET6:
00110 rtype = invmap_icmpv6[*((u_int8_t *) value) - 128];
00111 break;
00112
00113 default:
00114 rtype = 0;
00115 }
00116
00117 if (rtype)
00118 ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1;
00119 else
00120 ct->tuple[__DIR_REPL].l4dst.icmp.type = 255;
00121
00122 }
00123
00124 static void set_attr_icmp_code(struct nf_conntrack *ct, const void *value)
00125 {
00126 ct->tuple[__DIR_ORIG].l4dst.icmp.code = *((u_int8_t *) value);
00127 ct->tuple[__DIR_REPL].l4dst.icmp.code = *((u_int8_t *) value);
00128 }
00129
00130 static void set_attr_icmp_id(struct nf_conntrack *ct, const void *value)
00131 {
00132 ct->tuple[__DIR_ORIG].l4src.icmp.id = *((u_int16_t *) value);
00133 ct->tuple[__DIR_REPL].l4src.icmp.id = *((u_int16_t *) value);
00134 }
00135
00136 static void set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value)
00137 {
00138 ct->tuple[__DIR_ORIG].l3protonum = *((u_int8_t *) value);
00139 }
00140
00141 static void set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value)
00142 {
00143 ct->tuple[__DIR_REPL].l3protonum = *((u_int8_t *) value);
00144 }
00145
00146 static void set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value)
00147 {
00148 ct->tuple[__DIR_ORIG].protonum = *((u_int8_t *) value);
00149 }
00150
00151 static void set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value)
00152 {
00153 ct->tuple[__DIR_REPL].protonum = *((u_int8_t *) value);
00154 }
00155
00156 static void set_attr_tcp_state(struct nf_conntrack *ct, const void *value)
00157 {
00158 ct->protoinfo.tcp.state = *((u_int8_t *) value);
00159 }
00160
00161 static void set_attr_tcp_flags_orig(struct nf_conntrack *ct, const void *value)
00162 {
00163 ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((u_int8_t *) value);
00164 }
00165
00166 static void set_attr_tcp_mask_orig(struct nf_conntrack *ct, const void *value)
00167 {
00168 ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((u_int8_t *) value);
00169 }
00170
00171 static void set_attr_tcp_flags_repl(struct nf_conntrack *ct, const void *value)
00172 {
00173 ct->protoinfo.tcp.flags[__DIR_REPL].value = *((u_int8_t *) value);
00174 }
00175
00176 static void set_attr_tcp_mask_repl(struct nf_conntrack *ct, const void *value)
00177 {
00178 ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((u_int8_t *) value);
00179 }
00180
00181 static void set_attr_sctp_state(struct nf_conntrack *ct, const void *value)
00182 {
00183 ct->protoinfo.sctp.state = *((u_int8_t *) value);
00184 }
00185
00186 static void set_attr_sctp_vtag_orig(struct nf_conntrack *ct, const void *value)
00187 {
00188 ct->protoinfo.sctp.vtag[__DIR_ORIG] = *((u_int32_t *) value);
00189 }
00190
00191 static void set_attr_sctp_vtag_repl(struct nf_conntrack *ct, const void *value)
00192 {
00193 ct->protoinfo.sctp.vtag[__DIR_REPL] = *((u_int32_t *) value);
00194 }
00195
00196 static void set_attr_snat_ipv4(struct nf_conntrack *ct, const void *value)
00197 {
00198 ct->snat.min_ip = ct->snat.max_ip = *((u_int32_t *) value);
00199 }
00200
00201 static void set_attr_dnat_ipv4(struct nf_conntrack *ct, const void *value)
00202 {
00203 ct->dnat.min_ip = ct->snat.max_ip = *((u_int32_t *) value);
00204 }
00205
00206 static void set_attr_snat_port(struct nf_conntrack *ct, const void *value)
00207 {
00208 ct->snat.l4min.all = ct->snat.l4max.all = *((u_int16_t *) value);
00209 }
00210
00211 static void set_attr_dnat_port(struct nf_conntrack *ct, const void *value)
00212 {
00213 ct->dnat.l4min.all = ct->dnat.l4max.all = *((u_int16_t *) value);
00214 }
00215
00216 static void set_attr_timeout(struct nf_conntrack *ct, const void *value)
00217 {
00218 ct->timeout = *((u_int32_t *) value);
00219 }
00220
00221 static void set_attr_mark(struct nf_conntrack *ct, const void *value)
00222 {
00223 ct->mark = *((u_int32_t *) value);
00224 }
00225
00226 static void set_attr_secmark(struct nf_conntrack *ct, const void *value)
00227 {
00228 ct->secmark = *((u_int32_t *) value);
00229 }
00230
00231 static void set_attr_status(struct nf_conntrack *ct, const void *value)
00232 {
00233 ct->status = *((u_int32_t *) value);
00234 }
00235
00236 static void set_attr_id(struct nf_conntrack *ct, const void *value)
00237 {
00238 ct->id = *((u_int32_t *) value);
00239 }
00240
00241 static void set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value)
00242 {
00243 ct->tuple[__DIR_MASTER].src.v4 = *((u_int32_t *) value);
00244 }
00245
00246 static void set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value)
00247 {
00248 ct->tuple[__DIR_MASTER].dst.v4 = *((u_int32_t *) value);
00249 }
00250
00251 static void set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value)
00252 {
00253 memcpy(&ct->tuple[__DIR_MASTER].dst.v6, value, sizeof(u_int32_t)*4);
00254 }
00255
00256 static void set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value)
00257 {
00258 memcpy(&ct->tuple[__DIR_MASTER].src.v6, value, sizeof(u_int32_t)*4);
00259 }
00260
00261 static void set_attr_master_port_src(struct nf_conntrack *ct, const void *value)
00262 {
00263 ct->tuple[__DIR_MASTER].l4src.all = *((u_int16_t *) value);
00264 }
00265
00266 static void set_attr_master_port_dst(struct nf_conntrack *ct, const void *value)
00267 {
00268 ct->tuple[__DIR_MASTER].l4dst.all = *((u_int16_t *) value);
00269 }
00270
00271 static void set_attr_master_l3proto(struct nf_conntrack *ct, const void *value)
00272 {
00273 ct->tuple[__DIR_MASTER].l3protonum = *((u_int8_t *) value);
00274 }
00275
00276 static void set_attr_master_l4proto(struct nf_conntrack *ct, const void *value)
00277 {
00278 ct->tuple[__DIR_MASTER].protonum = *((u_int8_t *) value);
00279 }
00280
00281 static void set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value)
00282 {
00283 ct->tuple[__DIR_ORIG].natseq.correction_pos = *((u_int32_t *) value);
00284 }
00285
00286 static void set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value)
00287 {
00288 ct->tuple[__DIR_ORIG].natseq.offset_before = *((u_int32_t *) value);
00289 }
00290
00291 static void set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value)
00292 {
00293 ct->tuple[__DIR_ORIG].natseq.offset_after = *((u_int32_t *) value);
00294 }
00295
00296 static void set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value)
00297 {
00298 ct->tuple[__DIR_REPL].natseq.correction_pos = *((u_int32_t *) value);
00299 }
00300
00301 static void set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value)
00302 {
00303 ct->tuple[__DIR_REPL].natseq.offset_before = *((u_int32_t *) value);
00304 }
00305
00306 static void set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value)
00307 {
00308 ct->tuple[__DIR_REPL].natseq.offset_after = *((u_int32_t *) value);
00309 }
00310
00311 static void set_attr_helper_name(struct nf_conntrack *ct, const void *value)
00312 {
00313 strncpy(ct->helper_name, value, __NFCT_HELPER_NAMELEN);
00314 ct->helper_name[__NFCT_HELPER_NAMELEN-1] = '\0';
00315 }
00316
00317 static void set_attr_dccp_state(struct nf_conntrack *ct, const void *value)
00318 {
00319 ct->protoinfo.dccp.state = *((u_int8_t *) value);
00320 }
00321
00322 static void set_attr_dccp_role(struct nf_conntrack *ct, const void *value)
00323 {
00324 ct->protoinfo.dccp.role = *((u_int8_t *) value);
00325 }
00326
00327 static void
00328 set_attr_dccp_handshake_seq(struct nf_conntrack *ct, const void *value)
00329 {
00330 ct->protoinfo.dccp.handshake_seq = *((u_int64_t *) value);
00331 }
00332
00333 static void set_attr_tcp_wscale_orig(struct nf_conntrack *ct, const void *value)
00334 {
00335 ct->protoinfo.tcp.wscale[__DIR_ORIG] = *((u_int8_t *) value);
00336 }
00337
00338 static void set_attr_tcp_wscale_repl(struct nf_conntrack *ct, const void *value)
00339 {
00340 ct->protoinfo.tcp.wscale[__DIR_REPL] = *((u_int8_t *) value);
00341 }
00342
00343 static void set_attr_zone(struct nf_conntrack *ct, const void *value)
00344 {
00345 ct->zone = *((u_int16_t *) value);
00346 }
00347
00348 static void set_attr_do_nothing(struct nf_conntrack *ct, const void *value) {}
00349
00350 const set_attr set_attr_array[ATTR_MAX] = {
00351 [ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src,
00352 [ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst,
00353 [ATTR_REPL_IPV4_SRC] = set_attr_repl_ipv4_src,
00354 [ATTR_REPL_IPV4_DST] = set_attr_repl_ipv4_dst,
00355 [ATTR_ORIG_IPV6_SRC] = set_attr_orig_ipv6_src,
00356 [ATTR_ORIG_IPV6_DST] = set_attr_orig_ipv6_dst,
00357 [ATTR_REPL_IPV6_SRC] = set_attr_repl_ipv6_src,
00358 [ATTR_REPL_IPV6_DST] = set_attr_repl_ipv6_dst,
00359 [ATTR_ORIG_PORT_SRC] = set_attr_orig_port_src,
00360 [ATTR_ORIG_PORT_DST] = set_attr_orig_port_dst,
00361 [ATTR_REPL_PORT_SRC] = set_attr_repl_port_src,
00362 [ATTR_REPL_PORT_DST] = set_attr_repl_port_dst,
00363 [ATTR_ICMP_TYPE] = set_attr_icmp_type,
00364 [ATTR_ICMP_CODE] = set_attr_icmp_code,
00365 [ATTR_ICMP_ID] = set_attr_icmp_id,
00366 [ATTR_ORIG_L3PROTO] = set_attr_orig_l3proto,
00367 [ATTR_REPL_L3PROTO] = set_attr_repl_l3proto,
00368 [ATTR_ORIG_L4PROTO] = set_attr_orig_l4proto,
00369 [ATTR_REPL_L4PROTO] = set_attr_repl_l4proto,
00370 [ATTR_TCP_STATE] = set_attr_tcp_state,
00371 [ATTR_SNAT_IPV4] = set_attr_snat_ipv4,
00372 [ATTR_DNAT_IPV4] = set_attr_dnat_ipv4,
00373 [ATTR_SNAT_PORT] = set_attr_snat_port,
00374 [ATTR_DNAT_PORT] = set_attr_dnat_port,
00375 [ATTR_TIMEOUT] = set_attr_timeout,
00376 [ATTR_MARK] = set_attr_mark,
00377 [ATTR_ORIG_COUNTER_PACKETS] = set_attr_do_nothing,
00378 [ATTR_REPL_COUNTER_PACKETS] = set_attr_do_nothing,
00379 [ATTR_ORIG_COUNTER_BYTES] = set_attr_do_nothing,
00380 [ATTR_REPL_COUNTER_BYTES] = set_attr_do_nothing,
00381 [ATTR_USE] = set_attr_do_nothing,
00382 [ATTR_ID] = set_attr_id,
00383 [ATTR_STATUS] = set_attr_status,
00384 [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig,
00385 [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl,
00386 [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig,
00387 [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl,
00388 [ATTR_MASTER_IPV4_SRC] = set_attr_master_ipv4_src,
00389 [ATTR_MASTER_IPV4_DST] = set_attr_master_ipv4_dst,
00390 [ATTR_MASTER_IPV6_SRC] = set_attr_master_ipv6_src,
00391 [ATTR_MASTER_IPV6_DST] = set_attr_master_ipv6_dst,
00392 [ATTR_MASTER_PORT_SRC] = set_attr_master_port_src,
00393 [ATTR_MASTER_PORT_DST] = set_attr_master_port_dst,
00394 [ATTR_MASTER_L3PROTO] = set_attr_master_l3proto,
00395 [ATTR_MASTER_L4PROTO] = set_attr_master_l4proto,
00396 [ATTR_SECMARK] = set_attr_secmark,
00397 [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = set_attr_orig_cor_pos,
00398 [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = set_attr_orig_off_bfr,
00399 [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = set_attr_orig_off_aft,
00400 [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = set_attr_repl_cor_pos,
00401 [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = set_attr_repl_off_bfr,
00402 [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = set_attr_repl_off_aft,
00403 [ATTR_SCTP_STATE] = set_attr_sctp_state,
00404 [ATTR_SCTP_VTAG_ORIG] = set_attr_sctp_vtag_orig,
00405 [ATTR_SCTP_VTAG_REPL] = set_attr_sctp_vtag_repl,
00406 [ATTR_HELPER_NAME] = set_attr_helper_name,
00407 [ATTR_DCCP_STATE] = set_attr_dccp_state,
00408 [ATTR_DCCP_ROLE] = set_attr_dccp_role,
00409 [ATTR_DCCP_HANDSHAKE_SEQ] = set_attr_dccp_handshake_seq,
00410 [ATTR_TCP_WSCALE_ORIG] = set_attr_tcp_wscale_orig,
00411 [ATTR_TCP_WSCALE_REPL] = set_attr_tcp_wscale_repl,
00412 [ATTR_ZONE] = set_attr_zone,
00413 [ATTR_SECCTX] = set_attr_do_nothing,
00414 };
