00001
00002
00003
00004
00005
00006
00007
00008 #include "internal/internal.h"
00009 #include <linux/icmp.h>
00010 #include <linux/icmpv6.h>
00011
00012 static const u_int8_t invmap_icmp[] = {
00013 [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
00014 [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
00015 [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
00016 [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
00017 [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
00018 [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
00019 [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
00020 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
00021 };
00022
00023 #ifndef ICMPV6_NI_QUERY
00024 #define ICMPV6_NI_QUERY 139
00025 #endif
00026
00027 #ifndef ICMPV6_NI_REPLY
00028 #define ICMPV6_NI_REPLY 140
00029 #endif
00030
00031 static const u_int8_t invmap_icmpv6[] = {
00032 [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
00033 [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
00034 [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
00035 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
00036 };
00037
00038 static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value)
00039 {
00040 const struct nfct_attr_grp_ipv4 *this = value;
00041 ct->tuple[__DIR_ORIG].src.v4 = this->src;
00042 ct->tuple[__DIR_ORIG].dst.v4 = this->dst;
00043 ct->tuple[__DIR_ORIG].l3protonum = AF_INET;
00044 }
00045
00046 static void set_attr_grp_repl_ipv4(struct nf_conntrack *ct, const void *value)
00047 {
00048 const struct nfct_attr_grp_ipv4 *this = value;
00049 ct->tuple[__DIR_REPL].src.v4 = this->src;
00050 ct->tuple[__DIR_REPL].dst.v4 = this->dst;
00051 ct->tuple[__DIR_REPL].l3protonum = AF_INET;
00052 }
00053
00054 static void set_attr_grp_orig_ipv6(struct nf_conntrack *ct, const void *value)
00055 {
00056 const struct nfct_attr_grp_ipv6 *this = value;
00057 memcpy(&ct->tuple[__DIR_ORIG].src.v6, this->src, sizeof(u_int32_t)*4);
00058 memcpy(&ct->tuple[__DIR_ORIG].dst.v6, this->dst, sizeof(u_int32_t)*4);
00059 ct->tuple[__DIR_ORIG].l3protonum = AF_INET6;
00060 }
00061
00062 static void set_attr_grp_repl_ipv6(struct nf_conntrack *ct, const void *value)
00063 {
00064 const struct nfct_attr_grp_ipv6 *this = value;
00065 memcpy(&ct->tuple[__DIR_REPL].src.v6, this->src, sizeof(u_int32_t)*4);
00066 memcpy(&ct->tuple[__DIR_REPL].dst.v6, this->dst, sizeof(u_int32_t)*4);
00067 ct->tuple[__DIR_REPL].l3protonum = AF_INET6;
00068 }
00069
00070 static void set_attr_grp_orig_port(struct nf_conntrack *ct, const void *value)
00071 {
00072 const struct nfct_attr_grp_port *this = value;
00073 ct->tuple[__DIR_ORIG].l4src.all = this->sport;
00074 ct->tuple[__DIR_ORIG].l4dst.all = this->dport;
00075 }
00076
00077 static void set_attr_grp_repl_port(struct nf_conntrack *ct, const void *value)
00078 {
00079 const struct nfct_attr_grp_port *this = value;
00080 ct->tuple[__DIR_REPL].l4src.all = this->sport;
00081 ct->tuple[__DIR_REPL].l4dst.all = this->dport;
00082 }
00083
00084 static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value)
00085 {
00086 u_int8_t rtype;
00087 const struct nfct_attr_grp_icmp *this = value;
00088
00089 ct->tuple[__DIR_ORIG].l4dst.icmp.type = this->type;
00090
00091 switch(ct->tuple[__DIR_ORIG].l3protonum) {
00092 case AF_INET:
00093 rtype = invmap_icmp[this->type];
00094 break;
00095
00096 case AF_INET6:
00097 rtype = invmap_icmpv6[this->type - 128];
00098 break;
00099
00100 default:
00101 rtype = 0;
00102 }
00103
00104 if (rtype)
00105 ct->tuple[__DIR_REPL].l4dst.icmp.type = rtype - 1;
00106 else
00107 ct->tuple[__DIR_REPL].l4dst.icmp.type = 255;
00108
00109 ct->tuple[__DIR_ORIG].l4dst.icmp.code = this->code;
00110 ct->tuple[__DIR_REPL].l4dst.icmp.code = this->code;
00111
00112 ct->tuple[__DIR_ORIG].l4src.icmp.id = this->id;
00113 ct->tuple[__DIR_REPL].l4src.icmp.id = this->id;
00114 }
00115
00116 static void set_attr_grp_master_ipv4(struct nf_conntrack *ct, const void *value)
00117 {
00118 const struct nfct_attr_grp_ipv4 *this = value;
00119 ct->tuple[__DIR_MASTER].src.v4 = this->src;
00120 ct->tuple[__DIR_MASTER].dst.v4 = this->dst;
00121 ct->tuple[__DIR_MASTER].l3protonum = AF_INET;
00122 }
00123
00124 static void set_attr_grp_master_ipv6(struct nf_conntrack *ct, const void *value)
00125 {
00126 const struct nfct_attr_grp_ipv6 *this = value;
00127 memcpy(&ct->tuple[__DIR_MASTER].src.v6, this->src, sizeof(u_int32_t)*4);
00128 memcpy(&ct->tuple[__DIR_MASTER].dst.v6, this->dst, sizeof(u_int32_t)*4);
00129 ct->tuple[__DIR_MASTER].l3protonum = AF_INET6;
00130 }
00131
00132 static void set_attr_grp_master_port(struct nf_conntrack *ct, const void *value)
00133 {
00134 const struct nfct_attr_grp_port *this = value;
00135 ct->tuple[__DIR_MASTER].l4src.all = this->sport;
00136 ct->tuple[__DIR_MASTER].l4dst.all = this->dport;
00137 }
00138
00139 static void set_attr_grp_do_nothing(struct nf_conntrack *ct, const void *value)
00140 {
00141 }
00142
00143 const set_attr_grp set_attr_grp_array[ATTR_GRP_MAX] = {
00144 [ATTR_GRP_ORIG_IPV4] = set_attr_grp_orig_ipv4,
00145 [ATTR_GRP_REPL_IPV4] = set_attr_grp_repl_ipv4,
00146 [ATTR_GRP_ORIG_IPV6] = set_attr_grp_orig_ipv6,
00147 [ATTR_GRP_REPL_IPV6] = set_attr_grp_repl_ipv6,
00148 [ATTR_GRP_ORIG_PORT] = set_attr_grp_orig_port,
00149 [ATTR_GRP_REPL_PORT] = set_attr_grp_repl_port,
00150 [ATTR_GRP_ICMP] = set_attr_grp_icmp,
00151 [ATTR_GRP_MASTER_IPV4] = set_attr_grp_master_ipv4,
00152 [ATTR_GRP_MASTER_IPV6] = set_attr_grp_master_ipv6,
00153 [ATTR_GRP_MASTER_PORT] = set_attr_grp_master_port,
00154 [ATTR_GRP_ORIG_COUNTERS] = set_attr_grp_do_nothing,
00155 [ATTR_GRP_REPL_COUNTERS] = set_attr_grp_do_nothing,
00156 };
