10 #include "internal/internal.h"
11 #include <linux/icmp.h>
12 #include <linux/icmpv6.h>
14 static const uint8_t invmap_icmp[] = {
15 [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
16 [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
17 [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
18 [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
19 [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
20 [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
21 [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
22 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
25 #ifndef ICMPV6_NI_QUERY
26 #define ICMPV6_NI_QUERY 139
29 #ifndef ICMPV6_NI_REPLY
30 #define ICMPV6_NI_REPLY 140
33 static const uint8_t invmap_icmpv6[] = {
34 [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
35 [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
36 [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
37 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
41 set_attr_orig_ipv4_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
43 ct->head.orig.src.v4 = *((uint32_t *) value);
47 set_attr_orig_ipv4_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
49 ct->head.orig.dst.v4 = *((uint32_t *) value);
53 set_attr_repl_ipv4_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
55 ct->repl.src.v4 = *((uint32_t *) value);
59 set_attr_repl_ipv4_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
61 ct->repl.dst.v4 = *((uint32_t *) value);
65 set_attr_orig_ipv6_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
67 memcpy(&ct->head.orig.src.v6, value,
sizeof(uint32_t)*4);
71 set_attr_orig_ipv6_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
73 memcpy(&ct->head.orig.dst.v6, value,
sizeof(uint32_t)*4);
77 set_attr_repl_ipv6_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
79 memcpy(&ct->repl.src.v6, value,
sizeof(uint32_t)*4);
83 set_attr_repl_ipv6_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
85 memcpy(&ct->repl.dst.v6, value,
sizeof(uint32_t)*4);
89 set_attr_orig_port_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
91 ct->head.orig.l4src.all = *((uint16_t *) value);
95 set_attr_orig_port_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
97 ct->head.orig.l4dst.all = *((uint16_t *) value);
101 set_attr_repl_port_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
103 ct->repl.l4src.all = *((uint16_t *) value);
107 set_attr_repl_port_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
109 ct->repl.l4dst.all = *((uint16_t *) value);
113 set_attr_orig_zone(
struct nf_conntrack *ct,
const void *value,
size_t len)
115 ct->head.orig.zone = *((uint16_t *) value);
119 set_attr_repl_zone(
struct nf_conntrack *ct,
const void *value,
size_t len)
121 ct->repl.zone = *((uint16_t *) value);
125 set_attr_icmp_type(
struct nf_conntrack *ct,
const void *value,
size_t len)
129 ct->head.orig.l4dst.icmp.type = *((uint8_t *) value);
131 switch(ct->head.orig.l3protonum) {
133 rtype = invmap_icmp[*((uint8_t *) value)];
137 rtype = invmap_icmpv6[*((uint8_t *) value) - 128];
145 ct->repl.l4dst.icmp.type = rtype - 1;
147 ct->repl.l4dst.icmp.type = 255;
152 set_attr_icmp_code(
struct nf_conntrack *ct,
const void *value,
size_t len)
154 ct->head.orig.l4dst.icmp.code = *((uint8_t *) value);
155 ct->repl.l4dst.icmp.code = *((uint8_t *) value);
159 set_attr_icmp_id(
struct nf_conntrack *ct,
const void *value,
size_t len)
161 ct->head.orig.l4src.icmp.id = *((uint16_t *) value);
162 ct->repl.l4src.icmp.id = *((uint16_t *) value);
166 set_attr_orig_l3proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
168 ct->head.orig.l3protonum = *((uint8_t *) value);
172 set_attr_repl_l3proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
174 ct->repl.l3protonum = *((uint8_t *) value);
178 set_attr_orig_l4proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
180 ct->head.orig.protonum = *((uint8_t *) value);
184 set_attr_repl_l4proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
186 ct->repl.protonum = *((uint8_t *) value);
190 set_attr_tcp_state(
struct nf_conntrack *ct,
const void *value,
size_t len)
192 ct->protoinfo.tcp.state = *((uint8_t *) value);
196 set_attr_tcp_flags_orig(
struct nf_conntrack *ct,
const void *value,
size_t len)
198 ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((uint8_t *) value);
202 set_attr_tcp_mask_orig(
struct nf_conntrack *ct,
const void *value,
size_t len)
204 ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((uint8_t *) value);
208 set_attr_tcp_flags_repl(
struct nf_conntrack *ct,
const void *value,
size_t len)
210 ct->protoinfo.tcp.flags[__DIR_REPL].value = *((uint8_t *) value);
214 set_attr_tcp_mask_repl(
struct nf_conntrack *ct,
const void *value,
size_t len)
216 ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((uint8_t *) value);
220 set_attr_sctp_state(
struct nf_conntrack *ct,
const void *value,
size_t len)
222 ct->protoinfo.sctp.state = *((uint8_t *) value);
226 set_attr_sctp_vtag_orig(
struct nf_conntrack *ct,
const void *value,
size_t len)
228 ct->protoinfo.sctp.vtag[__DIR_ORIG] = *((uint32_t *) value);
232 set_attr_sctp_vtag_repl(
struct nf_conntrack *ct,
const void *value,
size_t len)
234 ct->protoinfo.sctp.vtag[__DIR_REPL] = *((uint32_t *) value);
238 set_attr_snat_ipv4(
struct nf_conntrack *ct,
const void *value,
size_t len)
240 ct->snat.min_ip.v4 = ct->snat.max_ip.v4 = *((uint32_t *) value);
244 set_attr_dnat_ipv4(
struct nf_conntrack *ct,
const void *value,
size_t len)
246 ct->dnat.min_ip.v4 = ct->dnat.max_ip.v4 = *((uint32_t *) value);
250 set_attr_snat_ipv6(
struct nf_conntrack *ct,
const void *value,
size_t len)
252 memcpy(&ct->snat.min_ip.v6, value,
sizeof(
struct in6_addr));
253 memcpy(&ct->snat.max_ip.v6, value,
sizeof(
struct in6_addr));
257 set_attr_dnat_ipv6(
struct nf_conntrack *ct,
const void *value,
size_t len)
259 memcpy(&ct->dnat.min_ip.v6, value,
sizeof(
struct in6_addr));
260 memcpy(&ct->dnat.max_ip.v6, value,
sizeof(
struct in6_addr));
264 set_attr_snat_port(
struct nf_conntrack *ct,
const void *value,
size_t len)
266 ct->snat.l4min.all = ct->snat.l4max.all = *((uint16_t *) value);
270 set_attr_dnat_port(
struct nf_conntrack *ct,
const void *value,
size_t len)
272 ct->dnat.l4min.all = ct->dnat.l4max.all = *((uint16_t *) value);
276 set_attr_timeout(
struct nf_conntrack *ct,
const void *value,
size_t len)
278 ct->timeout = *((uint32_t *) value);
282 set_attr_mark(
struct nf_conntrack *ct,
const void *value,
size_t len)
284 ct->mark = *((uint32_t *) value);
288 set_attr_secmark(
struct nf_conntrack *ct,
const void *value,
size_t len)
290 ct->secmark = *((uint32_t *) value);
294 set_attr_status(
struct nf_conntrack *ct,
const void *value,
size_t len)
296 ct->status = *((uint32_t *) value);
300 set_attr_id(
struct nf_conntrack *ct,
const void *value,
size_t len)
302 ct->id = *((uint32_t *) value);
306 set_attr_master_ipv4_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
308 ct->master.src.v4 = *((uint32_t *) value);
312 set_attr_master_ipv4_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
314 ct->master.dst.v4 = *((uint32_t *) value);
318 set_attr_master_ipv6_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
320 memcpy(&ct->master.src.v6, value,
sizeof(uint32_t)*4);
324 set_attr_master_ipv6_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
326 memcpy(&ct->master.dst.v6, value,
sizeof(uint32_t)*4);
330 set_attr_master_port_src(
struct nf_conntrack *ct,
const void *value,
size_t len)
332 ct->master.l4src.all = *((uint16_t *) value);
336 set_attr_master_port_dst(
struct nf_conntrack *ct,
const void *value,
size_t len)
338 ct->master.l4dst.all = *((uint16_t *) value);
342 set_attr_master_l3proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
344 ct->master.l3protonum = *((uint8_t *) value);
348 set_attr_master_l4proto(
struct nf_conntrack *ct,
const void *value,
size_t len)
350 ct->master.protonum = *((uint8_t *) value);
354 set_attr_orig_cor_pos(
struct nf_conntrack *ct,
const void *value,
size_t len)
356 ct->natseq[__DIR_ORIG].correction_pos = *((uint32_t *) value);
360 set_attr_orig_off_bfr(
struct nf_conntrack *ct,
const void *value,
size_t len)
362 ct->natseq[__DIR_ORIG].offset_before = *((uint32_t *) value);
366 set_attr_orig_off_aft(
struct nf_conntrack *ct,
const void *value,
size_t len)
368 ct->natseq[__DIR_ORIG].offset_after = *((uint32_t *) value);
372 set_attr_repl_cor_pos(
struct nf_conntrack *ct,
const void *value,
size_t len)
374 ct->natseq[__DIR_REPL].correction_pos = *((uint32_t *) value);
378 set_attr_repl_off_bfr(
struct nf_conntrack *ct,
const void *value,
size_t len)
380 ct->natseq[__DIR_REPL].offset_before = *((uint32_t *) value);
384 set_attr_repl_off_aft(
struct nf_conntrack *ct,
const void *value,
size_t len)
386 ct->natseq[__DIR_REPL].offset_after = *((uint32_t *) value);
390 set_attr_helper_name(
struct nf_conntrack *ct,
const void *value,
size_t len)
392 strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX);
393 ct->helper_name[NFCT_HELPER_NAME_MAX-1] =
'\0';
397 set_attr_dccp_state(
struct nf_conntrack *ct,
const void *value,
size_t len)
399 ct->protoinfo.dccp.state = *((uint8_t *) value);
403 set_attr_dccp_role(
struct nf_conntrack *ct,
const void *value,
size_t len)
405 ct->protoinfo.dccp.role = *((uint8_t *) value);
409 set_attr_dccp_handshake_seq(
struct nf_conntrack *ct,
const void *value,
412 ct->protoinfo.dccp.handshake_seq = *((uint64_t *) value);
416 set_attr_tcp_wscale_orig(
struct nf_conntrack *ct,
const void *value,
size_t len)
418 ct->protoinfo.tcp.wscale[__DIR_ORIG] = *((uint8_t *) value);
422 set_attr_tcp_wscale_repl(
struct nf_conntrack *ct,
const void *value,
size_t len)
424 ct->protoinfo.tcp.wscale[__DIR_REPL] = *((uint8_t *) value);
428 set_attr_zone(
struct nf_conntrack *ct,
const void *value,
size_t len)
430 ct->zone = *((uint16_t *) value);
434 set_attr_helper_info(
struct nf_conntrack *ct,
const void *value,
size_t len)
436 if (ct->helper_info == NULL) {
438 ct->helper_info = calloc(1, len);
439 if (ct->helper_info == NULL)
442 memcpy(ct->helper_info, value, len);
444 free(ct->helper_info);
450 do_set_attr_connlabels(
struct nfct_bitmask *current,
const void *value)
452 if (current && current != value)
453 nfct_bitmask_destroy(current);
457 set_attr_connlabels(
struct nf_conntrack *ct,
const void *value,
size_t len)
459 do_set_attr_connlabels(ct->connlabels, value);
460 ct->connlabels = (
void *) value;
464 set_attr_connlabels_mask(
struct nf_conntrack *ct,
const void *value,
size_t len)
466 do_set_attr_connlabels(ct->connlabels_mask, value);
467 ct->connlabels_mask = (
void *) value;
471 set_attr_do_nothing(
struct nf_conntrack *ct,
const void *value,
size_t len) {}
473 const set_attr set_attr_array[ATTR_MAX] = {
474 [ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src,
475 [ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst,
476 [ATTR_REPL_IPV4_SRC] = set_attr_repl_ipv4_src,
477 [ATTR_REPL_IPV4_DST] = set_attr_repl_ipv4_dst,
478 [ATTR_ORIG_IPV6_SRC] = set_attr_orig_ipv6_src,
479 [ATTR_ORIG_IPV6_DST] = set_attr_orig_ipv6_dst,
480 [ATTR_REPL_IPV6_SRC] = set_attr_repl_ipv6_src,
481 [ATTR_REPL_IPV6_DST] = set_attr_repl_ipv6_dst,
482 [ATTR_ORIG_PORT_SRC] = set_attr_orig_port_src,
483 [ATTR_ORIG_PORT_DST] = set_attr_orig_port_dst,
484 [ATTR_REPL_PORT_SRC] = set_attr_repl_port_src,
485 [ATTR_REPL_PORT_DST] = set_attr_repl_port_dst,
486 [ATTR_ICMP_TYPE] = set_attr_icmp_type,
487 [ATTR_ICMP_CODE] = set_attr_icmp_code,
488 [ATTR_ICMP_ID] = set_attr_icmp_id,
489 [ATTR_ORIG_L3PROTO] = set_attr_orig_l3proto,
490 [ATTR_REPL_L3PROTO] = set_attr_repl_l3proto,
491 [ATTR_ORIG_L4PROTO] = set_attr_orig_l4proto,
492 [ATTR_REPL_L4PROTO] = set_attr_repl_l4proto,
493 [ATTR_TCP_STATE] = set_attr_tcp_state,
494 [ATTR_SNAT_IPV4] = set_attr_snat_ipv4,
495 [ATTR_DNAT_IPV4] = set_attr_dnat_ipv4,
496 [ATTR_SNAT_PORT] = set_attr_snat_port,
497 [ATTR_DNAT_PORT] = set_attr_dnat_port,
498 [ATTR_TIMEOUT] = set_attr_timeout,
499 [ATTR_MARK] = set_attr_mark,
500 [ATTR_ORIG_COUNTER_PACKETS] = set_attr_do_nothing,
501 [ATTR_REPL_COUNTER_PACKETS] = set_attr_do_nothing,
502 [ATTR_ORIG_COUNTER_BYTES] = set_attr_do_nothing,
503 [ATTR_REPL_COUNTER_BYTES] = set_attr_do_nothing,
504 [ATTR_USE] = set_attr_do_nothing,
505 [ATTR_ID] = set_attr_id,
506 [ATTR_STATUS] = set_attr_status,
507 [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig,
508 [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl,
509 [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig,
510 [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl,
511 [ATTR_MASTER_IPV4_SRC] = set_attr_master_ipv4_src,
512 [ATTR_MASTER_IPV4_DST] = set_attr_master_ipv4_dst,
513 [ATTR_MASTER_IPV6_SRC] = set_attr_master_ipv6_src,
514 [ATTR_MASTER_IPV6_DST] = set_attr_master_ipv6_dst,
515 [ATTR_MASTER_PORT_SRC] = set_attr_master_port_src,
516 [ATTR_MASTER_PORT_DST] = set_attr_master_port_dst,
517 [ATTR_MASTER_L3PROTO] = set_attr_master_l3proto,
518 [ATTR_MASTER_L4PROTO] = set_attr_master_l4proto,
519 [ATTR_SECMARK] = set_attr_secmark,
520 [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = set_attr_orig_cor_pos,
521 [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = set_attr_orig_off_bfr,
522 [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = set_attr_orig_off_aft,
523 [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = set_attr_repl_cor_pos,
524 [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = set_attr_repl_off_bfr,
525 [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = set_attr_repl_off_aft,
526 [ATTR_SCTP_STATE] = set_attr_sctp_state,
527 [ATTR_SCTP_VTAG_ORIG] = set_attr_sctp_vtag_orig,
528 [ATTR_SCTP_VTAG_REPL] = set_attr_sctp_vtag_repl,
529 [ATTR_HELPER_NAME] = set_attr_helper_name,
530 [ATTR_DCCP_STATE] = set_attr_dccp_state,
531 [ATTR_DCCP_ROLE] = set_attr_dccp_role,
532 [ATTR_DCCP_HANDSHAKE_SEQ] = set_attr_dccp_handshake_seq,
533 [ATTR_TCP_WSCALE_ORIG] = set_attr_tcp_wscale_orig,
534 [ATTR_TCP_WSCALE_REPL] = set_attr_tcp_wscale_repl,
535 [ATTR_ZONE] = set_attr_zone,
536 [ATTR_ORIG_ZONE] = set_attr_orig_zone,
537 [ATTR_REPL_ZONE] = set_attr_repl_zone,
538 [ATTR_SECCTX] = set_attr_do_nothing,
539 [ATTR_TIMESTAMP_START] = set_attr_do_nothing,
540 [ATTR_TIMESTAMP_STOP] = set_attr_do_nothing,
541 [ATTR_HELPER_INFO] = set_attr_helper_info,
542 [ATTR_CONNLABELS] = set_attr_connlabels,
543 [ATTR_CONNLABELS_MASK] = set_attr_connlabels_mask,
544 [ATTR_SNAT_IPV6] = set_attr_snat_ipv6,
545 [ATTR_DNAT_IPV6] = set_attr_dnat_ipv6,