2
* (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org>
4
* This program is free software; you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation; either version 2 of the License, or
7
* (at your option) any later version.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program; if not, write to the Free Software
16
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
23
static void addattr(struct netpld *pld, int attr, const void *data, size_t len)
26
int tlen = NTA_LENGTH(len);
29
nta->nta_attr = htons(attr);
30
nta->nta_len = htons(len);
31
memcpy(NTA_DATA(nta), data, len);
32
pld->len += NTA_ALIGN(tlen);
35
static void __build_u8(const struct nf_conntrack *ct,
39
uint8_t data = nfct_get_attr_u8(ct, attr);
40
addattr(pld, attr, &data, sizeof(uint8_t));
43
static void __build_u16(const struct nf_conntrack *ct,
47
uint16_t data = nfct_get_attr_u16(ct, attr);
49
addattr(pld, attr, &data, sizeof(uint16_t));
52
static void __build_u32(const struct nf_conntrack *ct,
56
uint32_t data = nfct_get_attr_u32(ct, attr);
58
addattr(pld, attr, &data, sizeof(uint32_t));
61
static void __build_pointer_be(const struct nf_conntrack *ct,
66
addattr(pld, attr, nfct_get_attr(ct, attr), size);
69
static void __nat_build_u32(uint32_t data, struct netpld *pld, int attr)
72
addattr(pld, attr, &data, sizeof(uint32_t));
75
static void __nat_build_u16(uint16_t data, struct netpld *pld, int attr)
78
addattr(pld, attr, &data, sizeof(uint16_t));
81
/* XXX: ICMP not supported */
82
void build_netpld(struct nf_conntrack *ct, struct netpld *pld, int query)
84
if (nfct_attr_is_set(ct, ATTR_IPV4_SRC))
85
__build_pointer_be(ct, pld, ATTR_IPV4_SRC, sizeof(uint32_t));
86
if (nfct_attr_is_set(ct, ATTR_IPV4_DST))
87
__build_pointer_be(ct, pld, ATTR_IPV4_DST, sizeof(uint32_t));
88
if (nfct_attr_is_set(ct, ATTR_IPV6_SRC))
89
__build_pointer_be(ct, pld, ATTR_IPV6_SRC, sizeof(uint32_t)*4);
90
if (nfct_attr_is_set(ct, ATTR_IPV6_DST))
91
__build_pointer_be(ct, pld, ATTR_IPV6_DST, sizeof(uint32_t)*4);
92
if (nfct_attr_is_set(ct, ATTR_L3PROTO))
93
__build_u8(ct, pld, ATTR_L3PROTO);
94
if (nfct_attr_is_set(ct, ATTR_PORT_SRC))
95
__build_u16(ct, pld, ATTR_PORT_SRC);
96
if (nfct_attr_is_set(ct, ATTR_PORT_DST))
97
__build_u16(ct, pld, ATTR_PORT_DST);
98
if (nfct_attr_is_set(ct, ATTR_L4PROTO)) {
101
__build_u8(ct, pld, ATTR_L4PROTO);
102
proto = nfct_get_attr_u8(ct, ATTR_L4PROTO);
103
if (proto == IPPROTO_TCP) {
104
if (nfct_attr_is_set(ct, ATTR_TCP_STATE))
105
__build_u8(ct, pld, ATTR_TCP_STATE);
108
if (nfct_attr_is_set(ct, ATTR_TIMEOUT))
109
__build_u32(ct, pld, ATTR_TIMEOUT);
110
if (nfct_attr_is_set(ct, ATTR_MARK))
111
__build_u32(ct, pld, ATTR_MARK);
112
if (nfct_attr_is_set(ct, ATTR_SECMARK))
113
__build_u32(ct, pld, ATTR_SECMARK);
114
if (nfct_attr_is_set(ct, ATTR_STATUS))
115
__build_u32(ct, pld, ATTR_STATUS);
117
/* setup the master conntrack */
118
if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_SRC))
119
__build_u32(ct, pld, ATTR_MASTER_IPV4_SRC);
120
if (nfct_attr_is_set(ct, ATTR_MASTER_IPV4_DST))
121
__build_u32(ct, pld, ATTR_MASTER_IPV4_DST);
122
if (nfct_attr_is_set(ct, ATTR_MASTER_L3PROTO))
123
__build_u8(ct, pld, ATTR_MASTER_L3PROTO);
124
if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_SRC))
125
__build_u16(ct, pld, ATTR_MASTER_PORT_SRC);
126
if (nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST))
127
__build_u16(ct, pld, ATTR_MASTER_PORT_DST);
128
if (nfct_attr_is_set(ct, ATTR_MASTER_L4PROTO))
129
__build_u8(ct, pld, ATTR_MASTER_L4PROTO);
132
if (nfct_getobjopt(ct, NFCT_GOPT_IS_SNAT)) {
133
uint32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
134
__nat_build_u32(data, pld, ATTR_SNAT_IPV4);
136
if (nfct_getobjopt(ct, NFCT_GOPT_IS_DNAT)) {
137
uint32_t data = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC);
138
__nat_build_u32(data, pld, ATTR_DNAT_IPV4);
140
if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT)) {
141
uint16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST);
142
__nat_build_u16(data, pld, ATTR_SNAT_PORT);
144
if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT)) {
145
uint16_t data = nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC);
146
__nat_build_u16(data, pld, ATTR_DNAT_PORT);
149
/* NAT sequence adjustment */
150
if (nfct_attr_is_set(ct, ATTR_ORIG_NAT_SEQ_CORRECTION_POS))
151
__build_u32(ct, pld, ATTR_ORIG_NAT_SEQ_CORRECTION_POS);
152
if (nfct_attr_is_set(ct, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE))
153
__build_u32(ct, pld, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE);
154
if (nfct_attr_is_set(ct, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER))
155
__build_u32(ct, pld, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER);
156
if (nfct_attr_is_set(ct, ATTR_REPL_NAT_SEQ_CORRECTION_POS))
157
__build_u32(ct, pld, ATTR_REPL_NAT_SEQ_CORRECTION_POS);
158
if (nfct_attr_is_set(ct, ATTR_REPL_NAT_SEQ_OFFSET_BEFORE))
159
__build_u32(ct, pld, ATTR_REPL_NAT_SEQ_OFFSET_BEFORE);
160
if (nfct_attr_is_set(ct, ATTR_REPL_NAT_SEQ_OFFSET_AFTER))
161
__build_u32(ct, pld, ATTR_REPL_NAT_SEQ_OFFSET_AFTER);
165
PLD_HOST2NETWORK(pld);
added
removed
src/build.c
