2
* (C) 2006-2007 by Pablo Neira Ayuso <pablo@netfilter.org>
4
* This program is free software; you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation; either version 2 of the License, or
7
* (at your option) any later version.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program; if not, write to the Free Software
16
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22
#include "conntrackd.h"
25
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
29
/* XXX: These should be configurable, better use a rb-tree */
30
#define IGNORE_POOL_SIZE 128
31
#define IGNORE_POOL_LIMIT INT_MAX
33
static uint32_t hash(const void *data, struct hashtable *table)
35
const uint32_t *ip = data;
37
return jhash_1word(*ip, 0) % table->hashsize;
40
static uint32_t hash6(const void *data, struct hashtable *table)
42
return jhash(data, sizeof(uint32_t)*4, 0) % table->hashsize;
45
static int compare(const void *data1, const void *data2)
47
const uint32_t *ip1 = data1;
48
const uint32_t *ip2 = data2;
53
static int compare6(const void *data1, const void *data2)
55
return memcmp(data1, data2, sizeof(uint32_t)*4) == 0;
58
struct ignore_pool *ignore_pool_create(void)
60
struct ignore_pool *ip;
62
ip = malloc(sizeof(struct ignore_pool));
65
memset(ip, 0, sizeof(struct ignore_pool));
67
ip->h = hashtable_create(IGNORE_POOL_SIZE,
77
ip->h6 = hashtable_create(IGNORE_POOL_SIZE,
91
void ignore_pool_destroy(struct ignore_pool *ip)
93
hashtable_destroy(ip->h);
94
hashtable_destroy(ip->h6);
98
int ignore_pool_add(struct ignore_pool *ip, void *data, uint8_t family)
102
if (!hashtable_add(ip->h, data))
106
if (!hashtable_add(ip->h6, data))
114
__ignore_pool_test_ipv4(struct ignore_pool *ip, struct nf_conntrack *ct)
119
return (hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_SRC)) ||
120
hashtable_test(ip->h, nfct_get_attr(ct, ATTR_ORIG_IPV4_DST)) ||
121
hashtable_test(ip->h, nfct_get_attr(ct, ATTR_REPL_IPV4_SRC)) ||
122
hashtable_test(ip->h, nfct_get_attr(ct, ATTR_REPL_IPV4_DST)));
126
__ignore_pool_test_ipv6(struct ignore_pool *ip, struct nf_conntrack *ct)
131
return (hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC)) ||
132
hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_ORIG_IPV6_DST)) ||
133
hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_SRC)) ||
134
hashtable_test(ip->h6, nfct_get_attr(ct, ATTR_REPL_IPV6_DST)));
137
int ignore_pool_test(struct ignore_pool *ip, struct nf_conntrack *ct)
141
switch(nfct_get_attr_u8(ct, ATTR_ORIG_L3PROTO)) {
143
ret = __ignore_pool_test_ipv4(ip, ct);
146
ret = __ignore_pool_test_ipv6(ip, ct);
149
dlog(LOG_WARNING, "unknown layer 3 protocol?");