libnetfilter_conntrack: filter.c Source File

00001 /*
00002  * (C) 2008 by Pablo Neira Ayuso <pablo@netfilter.org>
00003  *
00004  * This software may be used and distributed according to the terms
00005  * of the GNU General Public License, incorporated herein by reference.
00006  */
00007 
00008 #include "internal/internal.h"
00009 
00010 static void filter_attr_l4proto(struct nfct_filter *filter, const void *value)
00011 {
00012         if (filter->l4proto_len >= __FILTER_L4PROTO_MAX)
00013                 return;
00014 
00015         set_bit(*((int *) value), filter->l4proto_map);
00016         filter->l4proto_len++;
00017 }
00018 
00019 static void 
00020 filter_attr_l4proto_state(struct nfct_filter *filter, const void *value)
00021 {
00022         const struct nfct_filter_proto *this = value;
00023 
00024         set_bit_u16(this->state, &filter->l4proto_state[this->proto].map);
00025         filter->l4proto_state[this->proto].len++;
00026 }
00027 
00028 static void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value)
00029 {
00030         const struct nfct_filter_ipv4 *this = value;
00031 
00032         if (filter->l3proto_elems[0] >= __FILTER_ADDR_MAX)
00033                 return;
00034 
00035         filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr;
00036         filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask;
00037         filter->l3proto_elems[0]++;
00038 }
00039 
00040 static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value)
00041 {
00042         const struct nfct_filter_ipv4 *this = value;
00043 
00044         if (filter->l3proto_elems[1] >= __FILTER_ADDR_MAX)
00045                 return;
00046 
00047         filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr;
00048         filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask;
00049         filter->l3proto_elems[1]++;
00050 }
00051 
00052 static void filter_attr_src_ipv6(struct nfct_filter *filter, const void *value)
00053 {
00054         const struct nfct_filter_ipv6 *this = value;
00055 
00056         if (filter->l3proto_elems_ipv6[0] >= __FILTER_IPV6_MAX)
00057                 return;
00058 
00059         memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr,
00060                this->addr, sizeof(u_int32_t)*4);
00061         memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask,
00062                this->mask, sizeof(u_int32_t)*4);
00063         filter->l3proto_elems_ipv6[0]++;
00064 }
00065 
00066 static void filter_attr_dst_ipv6(struct nfct_filter *filter, const void *value)
00067 {
00068         const struct nfct_filter_ipv6 *this = value;
00069 
00070         if (filter->l3proto_elems_ipv6[1] >= __FILTER_IPV6_MAX)
00071                 return;
00072 
00073         memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr,
00074                this->addr, sizeof(u_int32_t)*4);
00075         memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask,
00076                this->mask, sizeof(u_int32_t)*4);
00077         filter->l3proto_elems_ipv6[1]++;
00078 }
00079 
00080 const filter_attr filter_attr_array[NFCT_FILTER_MAX] = {
00081         [NFCT_FILTER_L4PROTO]           = filter_attr_l4proto,
00082         [NFCT_FILTER_L4PROTO_STATE]     = filter_attr_l4proto_state,
00083         [NFCT_FILTER_SRC_IPV4]          = filter_attr_src_ipv4,
00084         [NFCT_FILTER_DST_IPV4]          = filter_attr_dst_ipv4,
00085         [NFCT_FILTER_SRC_IPV6]          = filter_attr_src_ipv6,
00086         [NFCT_FILTER_DST_IPV6]          = filter_attr_dst_ipv6,
00087 };