};
union nfnl_exp_protodata {
- struct {
- uint16_t src;
- uint16_t dst;
- } port;
- struct {
- uint16_t id;
- uint8_t type;
- uint8_t code;
- } icmp;
+ struct {
+ uint16_t src;
+ uint16_t dst;
+ } port;
+ struct {
+ uint16_t id;
+ uint8_t type;
+ uint8_t code;
+ } icmp;
};
// Allow for different master/expect l4 protocols
struct nfnl_exp_proto
{
- uint8_t l4protonum;
- union nfnl_exp_protodata l4protodata;
+ uint8_t l4protonum;
+ union nfnl_exp_protodata l4protodata;
};
struct nfnl_exp_dir {
- struct nl_addr * src;
- struct nl_addr * dst;
- struct nfnl_exp_proto proto;
+ struct nl_addr * src;
+ struct nl_addr * dst;
+ struct nfnl_exp_proto proto;
};
struct nfnl_exp {
- NLHDR_COMMON
-
- uint8_t exp_family; // IPv4, IPv6, etc - required
- uint32_t exp_timeout; // required afaik
- uint32_t exp_id; // optional
- uint16_t exp_zone; // optional
- uint32_t exp_class; // optional
- uint32_t exp_flags; // optional
- char * exp_helper_name; //optional
- char * exp_fn; //optional
- uint8_t exp_nat_dir; // optional
-
- struct nfnl_exp_dir exp_expect; // required
- struct nfnl_exp_dir exp_master; // required
- struct nfnl_exp_dir exp_mask; // required
- struct nfnl_exp_dir exp_nat; // optional
+ NLHDR_COMMON
+
+ uint8_t exp_family;
+ uint32_t exp_timeout;
+ uint32_t exp_id;
+ uint16_t exp_zone;
+ uint32_t exp_class;
+ uint32_t exp_flags;
+ char * exp_helper_name;
+ char * exp_fn;
+ uint8_t exp_nat_dir;
+
+ struct nfnl_exp_dir exp_expect;
+ struct nfnl_exp_dir exp_master;
+ struct nfnl_exp_dir exp_mask;
+ struct nfnl_exp_dir exp_nat;
};
struct nfnl_log {
struct nfnl_exp;
enum nfnl_exp_tuples {
- NFNL_EXP_TUPLE_EXPECT,
- NFNL_EXP_TUPLE_MASTER,
- NFNL_EXP_TUPLE_MASK,
- NFNL_EXP_TUPLE_NAT,
- NFNL_EXP_TUPLE_MAX
+ NFNL_EXP_TUPLE_EXPECT,
+ NFNL_EXP_TUPLE_MASTER,
+ NFNL_EXP_TUPLE_MASK,
+ NFNL_EXP_TUPLE_NAT,
+ NFNL_EXP_TUPLE_MAX
};
extern struct nl_object_ops exp_obj_ops;
extern int nfnl_exp_dump_request(struct nl_sock *);
extern int nfnl_exp_build_add_request(const struct nfnl_exp *, int,
- struct nl_msg **);
+ struct nl_msg **);
extern int nfnl_exp_add(struct nl_sock *, const struct nfnl_exp *, int);
extern int nfnl_exp_build_delete_request(const struct nfnl_exp *, int,
- struct nl_msg **);
+ struct nl_msg **);
extern int nfnl_exp_del(struct nl_sock *, const struct nfnl_exp *, int);
extern int nfnl_exp_build_query_request(const struct nfnl_exp *, int,
- struct nl_msg **);
+ struct nl_msg **);
extern int nfnl_exp_query(struct nl_sock *, const struct nfnl_exp *, int);
extern void nfnl_exp_set_family(struct nfnl_exp *, uint8_t);
extern uint8_t nfnl_exp_get_icmp_type(const struct nfnl_exp *, int);
extern uint8_t nfnl_exp_get_icmp_code(const struct nfnl_exp *, int);
-
#ifdef __cplusplus
}
#endif
static struct nl_cache_ops nfnl_exp_ops;
static struct nla_policy exp_policy[CTA_EXPECT_MAX+1] = {
- [CTA_EXPECT_MASTER] = { .type = NLA_NESTED },
- [CTA_EXPECT_TUPLE] = { .type = NLA_NESTED },
- [CTA_EXPECT_MASK] = { .type = NLA_NESTED },
- [CTA_EXPECT_TIMEOUT] = { .type = NLA_U32 },
- [CTA_EXPECT_ID] = { .type = NLA_U32 },
- [CTA_EXPECT_HELP_NAME] = { .type = NLA_STRING },
- [CTA_EXPECT_ZONE] = { .type = NLA_U16 }, // Added in kernel 2.6.34
- [CTA_EXPECT_FLAGS] = { .type = NLA_U32 }, // Added in kernel 2.6.37
- [CTA_EXPECT_CLASS] = { .type = NLA_U32 }, // Added in kernel 3.5
- [CTA_EXPECT_NAT] = { .type = NLA_NESTED }, // Added in kernel 3.5
- [CTA_EXPECT_FN] = { .type = NLA_STRING }, // Added in kernel 3.5
+ [CTA_EXPECT_MASTER] = { .type = NLA_NESTED },
+ [CTA_EXPECT_TUPLE] = { .type = NLA_NESTED },
+ [CTA_EXPECT_MASK] = { .type = NLA_NESTED },
+ [CTA_EXPECT_TIMEOUT] = { .type = NLA_U32 },
+ [CTA_EXPECT_ID] = { .type = NLA_U32 },
+ [CTA_EXPECT_HELP_NAME] = { .type = NLA_STRING },
+ [CTA_EXPECT_ZONE] = { .type = NLA_U16 },
+ [CTA_EXPECT_FLAGS] = { .type = NLA_U32 }, // Added in kernel 2.6.37
+ [CTA_EXPECT_CLASS] = { .type = NLA_U32 }, // Added in kernel 3.5
+ [CTA_EXPECT_NAT] = { .type = NLA_NESTED }, // Added in kernel 3.5
+ [CTA_EXPECT_FN] = { .type = NLA_STRING }, // Added in kernel 3.5
};
static struct nla_policy exp_tuple_policy[CTA_TUPLE_MAX+1] = {
};
static struct nla_policy exp_proto_policy[CTA_PROTO_MAX+1] = {
- [CTA_PROTO_NUM] = { .type = NLA_U8 },
+ [CTA_PROTO_NUM] = { .type = NLA_U8 },
[CTA_PROTO_SRC_PORT] = { .type = NLA_U16 },
[CTA_PROTO_DST_PORT] = { .type = NLA_U16 },
- [CTA_PROTO_ICMP_ID] = { .type = NLA_U16 },
+ [CTA_PROTO_ICMP_ID] = { .type = NLA_U16 },
[CTA_PROTO_ICMP_TYPE] = { .type = NLA_U8 },
[CTA_PROTO_ICMP_CODE] = { .type = NLA_U8 },
[CTA_PROTO_ICMPV6_ID] = { .type = NLA_U16 },
};
static struct nla_policy exp_nat_policy[CTA_EXPECT_NAT_MAX+1] = {
- [CTA_EXPECT_NAT_DIR] = { .type = NLA_U8 },
- [CTA_EXPECT_NAT_TUPLE] = { .type = NLA_NESTED },
+ [CTA_EXPECT_NAT_DIR] = { .type = NLA_U8 },
+ [CTA_EXPECT_NAT_TUPLE] = { .type = NLA_NESTED },
};
static int exp_parse_ip(struct nfnl_exp *exp, int tuple, struct nlattr *attr)
struct nl_addr *addr;
int err;
- err = nla_parse_nested(tb, CTA_IP_MAX, attr, exp_ip_policy);
+ err = nla_parse_nested(tb, CTA_IP_MAX, attr, exp_ip_policy);
if (err < 0)
goto errout;
nfnl_exp_set_l4protonum(exp, tuple, nla_get_u8(tb[CTA_PROTO_NUM]));
if (tb[CTA_PROTO_SRC_PORT])
- srcport = ntohs(nla_get_u16(tb[CTA_PROTO_SRC_PORT]));
+ srcport = ntohs(nla_get_u16(tb[CTA_PROTO_SRC_PORT]));
if (tb[CTA_PROTO_DST_PORT])
- dstport = ntohs(nla_get_u16(tb[CTA_PROTO_DST_PORT]));
+ dstport = ntohs(nla_get_u16(tb[CTA_PROTO_DST_PORT]));
if (tb[CTA_PROTO_SRC_PORT] || tb[CTA_PROTO_DST_PORT])
- nfnl_exp_set_ports(exp, tuple, srcport, dstport);
+ nfnl_exp_set_ports(exp, tuple, srcport, dstport);
if (tb[CTA_PROTO_ICMP_ID])
- icmpid = ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID]));
+ icmpid = ntohs(nla_get_u16(tb[CTA_PROTO_ICMP_ID]));
if (tb[CTA_PROTO_ICMP_TYPE])
icmptype = nla_get_u8(tb[CTA_PROTO_ICMP_TYPE]);
if (tb[CTA_PROTO_ICMP_CODE])
icmpcode = nla_get_u8(tb[CTA_PROTO_ICMP_CODE]);
if (tb[CTA_PROTO_ICMP_ID] || tb[CTA_PROTO_ICMP_TYPE] || tb[CTA_PROTO_ICMP_CODE])
- nfnl_exp_set_icmp(exp, tuple, icmpid, icmptype, icmpcode);
+ nfnl_exp_set_icmp(exp, tuple, icmpid, icmptype, icmpcode);
return 0;
}
static int exp_parse_nat(struct nfnl_exp *exp, struct nlattr *attr)
{
- struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];
- int err;
+ struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];
+ int err;
- err = nla_parse_nested(tb, CTA_EXPECT_NAT_MAX, attr, exp_nat_policy);
- if (err < 0)
- return err;
+ err = nla_parse_nested(tb, CTA_EXPECT_NAT_MAX, attr, exp_nat_policy);
+ if (err < 0)
+ return err;
- if (tb[CTA_EXPECT_NAT_DIR])
- nfnl_exp_set_nat_dir(exp, nla_get_u8(tb[CTA_EXPECT_NAT_DIR]));
+ if (tb[CTA_EXPECT_NAT_DIR])
+ nfnl_exp_set_nat_dir(exp, nla_get_u8(tb[CTA_EXPECT_NAT_DIR]));
- if (tb[CTA_EXPECT_NAT_TUPLE]) {
- err = exp_parse_tuple(exp, NFNL_EXP_TUPLE_NAT, tb[CTA_EXPECT_NAT_TUPLE]);
- if (err < 0)
- return err;
- }
+ if (tb[CTA_EXPECT_NAT_TUPLE]) {
+ err = exp_parse_tuple(exp, NFNL_EXP_TUPLE_NAT, tb[CTA_EXPECT_NAT_TUPLE]);
+ if (err < 0)
+ return err;
+ }
- return 0;
+ return 0;
}
int nfnlmsg_exp_group(struct nlmsghdr *nlh)
nfnl_exp_set_family(exp, nfnlmsg_family(nlh));
if (tb[CTA_EXPECT_TUPLE]) {
- err = exp_parse_tuple(exp, NFNL_EXP_TUPLE_EXPECT, tb[CTA_EXPECT_TUPLE]);
- if (err < 0)
- goto errout;
- }
+ err = exp_parse_tuple(exp, NFNL_EXP_TUPLE_EXPECT, tb[CTA_EXPECT_TUPLE]);
+ if (err < 0)
+ goto errout;
+ }
if (tb[CTA_EXPECT_MASTER]) {
err = exp_parse_tuple(exp, NFNL_EXP_TUPLE_MASTER, tb[CTA_EXPECT_MASTER]);
if (err < 0)
goto errout;
}
- if (tb[CTA_EXPECT_NAT])
- err = exp_parse_nat(exp, tb[CTA_EXPECT_MASK]);
- if (err < 0)
- goto errout;
-
- if (tb[CTA_EXPECT_CLASS])
- nfnl_exp_set_class(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_CLASS])));
-
- if (tb[CTA_EXPECT_FN])
- nfnl_exp_set_fn(exp, nla_data(tb[CTA_EXPECT_FN]));
+ if (tb[CTA_EXPECT_NAT]) {
+ err = exp_parse_nat(exp, tb[CTA_EXPECT_MASK]);
+ if (err < 0)
+ goto errout;
+ }
+ if (tb[CTA_EXPECT_CLASS])
+ nfnl_exp_set_class(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_CLASS])));
+ if (tb[CTA_EXPECT_FN])
+ nfnl_exp_set_fn(exp, nla_data(tb[CTA_EXPECT_FN]));
if (tb[CTA_EXPECT_TIMEOUT])
nfnl_exp_set_timeout(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_TIMEOUT])));
nfnl_exp_set_id(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_ID])));
if (tb[CTA_EXPECT_HELP_NAME])
- nfnl_exp_set_helper_name(exp, nla_data(tb[CTA_EXPECT_HELP_NAME]));
+ nfnl_exp_set_helper_name(exp, nla_data(tb[CTA_EXPECT_HELP_NAME]));
- if (tb[CTA_EXPECT_ZONE])
- nfnl_exp_set_zone(exp, ntohs(nla_get_u16(tb[CTA_EXPECT_ZONE])));
+ if (tb[CTA_EXPECT_ZONE])
+ nfnl_exp_set_zone(exp, ntohs(nla_get_u16(tb[CTA_EXPECT_ZONE])));
- if (tb[CTA_EXPECT_FLAGS])
- nfnl_exp_set_flags(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_FLAGS])));
+ if (tb[CTA_EXPECT_FLAGS])
+ nfnl_exp_set_flags(exp, ntohl(nla_get_u32(tb[CTA_EXPECT_FLAGS])));
*result = exp;
return 0;
static int exp_get_tuple_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case CTA_EXPECT_MASTER:
- attr = NFNL_EXP_TUPLE_MASTER;
- break;
- case CTA_EXPECT_MASK:
- attr = NFNL_EXP_TUPLE_MASK;
- break;
- //case CTA_EXPECT_NAT:
- // attr = NFNL_EXP_TUPLE_NAT;
- // break;
- case CTA_EXPECT_TUPLE:
- default :
- attr = NFNL_EXP_TUPLE_EXPECT;
- break;
- }
-
- return attr;
+ int attr = 0;
+
+ switch (tuple) {
+ case CTA_EXPECT_MASTER:
+ attr = NFNL_EXP_TUPLE_MASTER;
+ break;
+ case CTA_EXPECT_MASK:
+ attr = NFNL_EXP_TUPLE_MASK;
+ break;
+ case CTA_EXPECT_NAT:
+ attr = NFNL_EXP_TUPLE_NAT;
+ break;
+ case CTA_EXPECT_TUPLE:
+ default :
+ attr = NFNL_EXP_TUPLE_EXPECT;
+ break;
+ }
+
+ return attr;
}
static int nfnl_exp_build_tuple(struct nl_msg *msg, const struct nfnl_exp *exp,
static int nfnl_exp_build_nat(struct nl_msg *msg, const struct nfnl_exp *exp)
{
- struct nlattr *nat;
- int err;
+ struct nlattr *nat;
+ int err;
- nat = nla_nest_start(msg, CTA_EXPECT_NAT);
+ nat = nla_nest_start(msg, CTA_EXPECT_NAT);
- if (nfnl_exp_test_nat_dir(exp)) {
- NLA_PUT_U8(msg, CTA_EXPECT_NAT_DIR,
- nfnl_exp_get_nat_dir(exp));
- }
+ if (nfnl_exp_test_nat_dir(exp)) {
+ NLA_PUT_U8(msg, CTA_EXPECT_NAT_DIR,
+ nfnl_exp_get_nat_dir(exp));
+ }
- if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_NAT_TUPLE)) < 0)
- goto nla_put_failure;
+ if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_NAT_TUPLE)) < 0)
+ goto nla_put_failure;
- nla_nest_end(msg, nat);
- return 0;
+ nla_nest_end(msg, nat);
+ return 0;
nla_put_failure:
- return -NLE_MSGSIZE;
+ return -NLE_MSGSIZE;
}
static int nfnl_exp_build_message(const struct nfnl_exp *exp, int cmd, int flags,
if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_TUPLE)) < 0)
goto err_out;
- if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASTER)) < 0)
- goto err_out;
-
- if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASK)) < 0)
- goto err_out;
+ if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASTER)) < 0)
+ goto err_out;
- if (nfnl_exp_test_src(exp, NFNL_EXP_TUPLE_NAT)) {
- if ((err = nfnl_exp_build_nat(msg, exp)) < 0)
- goto err_out;
- }
+ if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_MASK)) < 0)
+ goto err_out;
- if (nfnl_exp_test_class(exp))
- NLA_PUT_U32(msg, CTA_EXPECT_CLASS, htonl(nfnl_exp_get_class(exp)));
+ if (nfnl_exp_test_src(exp, NFNL_EXP_TUPLE_NAT)) {
+ if ((err = nfnl_exp_build_nat(msg, exp)) < 0)
+ goto err_out;
+ }
- if (nfnl_exp_test_fn(exp))
- NLA_PUT_STRING(msg, CTA_EXPECT_FN, nfnl_exp_get_fn(exp));
+ if (nfnl_exp_test_class(exp))
+ NLA_PUT_U32(msg, CTA_EXPECT_CLASS, htonl(nfnl_exp_get_class(exp)));
+ if (nfnl_exp_test_fn(exp))
+ NLA_PUT_STRING(msg, CTA_EXPECT_FN, nfnl_exp_get_fn(exp));
- if (nfnl_exp_test_id(exp))
- NLA_PUT_U32(msg, CTA_EXPECT_ID, htonl(nfnl_exp_get_id(exp)));
+ if (nfnl_exp_test_id(exp))
+ NLA_PUT_U32(msg, CTA_EXPECT_ID, htonl(nfnl_exp_get_id(exp)));
- if (nfnl_exp_test_timeout(exp))
- NLA_PUT_U32(msg, CTA_EXPECT_TIMEOUT, htonl(nfnl_exp_get_timeout(exp)));
+ if (nfnl_exp_test_timeout(exp))
+ NLA_PUT_U32(msg, CTA_EXPECT_TIMEOUT, htonl(nfnl_exp_get_timeout(exp)));
- if (nfnl_exp_test_helper_name(exp))
- NLA_PUT_STRING(msg, CTA_EXPECT_HELP_NAME, nfnl_exp_get_helper_name(exp));
+ if (nfnl_exp_test_helper_name(exp))
+ NLA_PUT_STRING(msg, CTA_EXPECT_HELP_NAME, nfnl_exp_get_helper_name(exp));
- if (nfnl_exp_test_zone(exp))
- NLA_PUT_U16(msg, CTA_EXPECT_ZONE, htons(nfnl_exp_get_zone(exp)));
+ if (nfnl_exp_test_zone(exp))
+ NLA_PUT_U16(msg, CTA_EXPECT_ZONE, htons(nfnl_exp_get_zone(exp)));
- if (nfnl_exp_test_flags(exp))
- NLA_PUT_U32(msg, CTA_EXPECT_FLAGS, htonl(nfnl_exp_get_flags(exp)));
+ if (nfnl_exp_test_flags(exp))
+ NLA_PUT_U32(msg, CTA_EXPECT_FLAGS, htonl(nfnl_exp_get_flags(exp)));
*result = msg;
return 0;
END_OF_MSGTYPES_LIST,
},
.co_protocol = NETLINK_NETFILTER,
- .co_groups = exp_groups,
+ .co_groups = exp_groups,
.co_request_update = exp_request_update,
.co_msg_parser = exp_msg_parser,
- .co_obj_ops = &exp_obj_ops,
+ .co_obj_ops = &exp_obj_ops,
};
static void __init exp_init(void)
// these parent attributes will include nested attributes.
/** @cond SKIP */
-#define EXP_ATTR_FAMILY (1UL << 0) // 8-bit
-#define EXP_ATTR_TIMEOUT (1UL << 1) // 32-bit
-#define EXP_ATTR_ID (1UL << 2) // 32-bit
-#define EXP_ATTR_HELPER_NAME (1UL << 3) // string (16 bytes max)
-#define EXP_ATTR_ZONE (1UL << 4) // 16-bit
-#define EXP_ATTR_FLAGS (1UL << 5) // 32-bit
-#define EXP_ATTR_CLASS (1UL << 6) // 32-bit ???
-#define EXP_ATTR_FN (1UL << 7) // String ???
+#define EXP_ATTR_FAMILY (1UL << 0) // 8-bit
+#define EXP_ATTR_TIMEOUT (1UL << 1) // 32-bit
+#define EXP_ATTR_ID (1UL << 2) // 32-bit
+#define EXP_ATTR_HELPER_NAME (1UL << 3) // string
+#define EXP_ATTR_ZONE (1UL << 4) // 16-bit
+#define EXP_ATTR_FLAGS (1UL << 5) // 32-bit
+#define EXP_ATTR_CLASS (1UL << 6) // 32-bit
+#define EXP_ATTR_FN (1UL << 7) // String
// Tuples
-#define EXP_ATTR_EXPECT_IP_SRC (1UL << 8)
-#define EXP_ATTR_EXPECT_IP_DST (1UL << 9)
-#define EXP_ATTR_EXPECT_L4PROTO_NUM (1UL << 10) // contains l4proto # + PORT attrs or ICMP attrs
-#define EXP_ATTR_EXPECT_L4PROTO_PORTS (1UL << 11)
-#define EXP_ATTR_EXPECT_L4PROTO_ICMP (1UL << 12)
-#define EXP_ATTR_MASTER_IP_SRC (1UL << 13)
-#define EXP_ATTR_MASTER_IP_DST (1UL << 14)
-#define EXP_ATTR_MASTER_L4PROTO_NUM (1UL << 15) // contains l4proto # + PORT attrs or ICMP attrs
-#define EXP_ATTR_MASTER_L4PROTO_PORTS (1UL << 16)
-#define EXP_ATTR_MASTER_L4PROTO_ICMP (1UL << 17)
-#define EXP_ATTR_MASK_IP_SRC (1UL << 18)
-#define EXP_ATTR_MASK_IP_DST (1UL << 19)
-#define EXP_ATTR_MASK_L4PROTO_NUM (1UL << 20) // contains l4proto # + PORT attrs or ICMP attrs
-#define EXP_ATTR_MASK_L4PROTO_PORTS (1UL << 21)
-#define EXP_ATTR_MASK_L4PROTO_ICMP (1UL << 22)
-#define EXP_ATTR_NAT_IP_SRC (1UL << 23)
-#define EXP_ATTR_NAT_IP_DST (1UL << 24)
-#define EXP_ATTR_NAT_L4PROTO_NUM (1UL << 25) // contains l4proto # + PORT attrs or ICMP attrs
-#define EXP_ATTR_NAT_L4PROTO_PORTS (1UL << 26)
-#define EXP_ATTR_NAT_L4PROTO_ICMP (1UL << 27)
-#define EXP_ATTR_NAT_DIR (1UL << 28) // 8-bit
+#define EXP_ATTR_EXPECT_IP_SRC (1UL << 8)
+#define EXP_ATTR_EXPECT_IP_DST (1UL << 9)
+#define EXP_ATTR_EXPECT_L4PROTO_NUM (1UL << 10)
+#define EXP_ATTR_EXPECT_L4PROTO_PORTS (1UL << 11)
+#define EXP_ATTR_EXPECT_L4PROTO_ICMP (1UL << 12)
+#define EXP_ATTR_MASTER_IP_SRC (1UL << 13)
+#define EXP_ATTR_MASTER_IP_DST (1UL << 14)
+#define EXP_ATTR_MASTER_L4PROTO_NUM (1UL << 15)
+#define EXP_ATTR_MASTER_L4PROTO_PORTS (1UL << 16)
+#define EXP_ATTR_MASTER_L4PROTO_ICMP (1UL << 17)
+#define EXP_ATTR_MASK_IP_SRC (1UL << 18)
+#define EXP_ATTR_MASK_IP_DST (1UL << 19)
+#define EXP_ATTR_MASK_L4PROTO_NUM (1UL << 20)
+#define EXP_ATTR_MASK_L4PROTO_PORTS (1UL << 21)
+#define EXP_ATTR_MASK_L4PROTO_ICMP (1UL << 22)
+#define EXP_ATTR_NAT_IP_SRC (1UL << 23)
+#define EXP_ATTR_NAT_IP_DST (1UL << 24)
+#define EXP_ATTR_NAT_L4PROTO_NUM (1UL << 25)
+#define EXP_ATTR_NAT_L4PROTO_PORTS (1UL << 26)
+#define EXP_ATTR_NAT_L4PROTO_ICMP (1UL << 27)
+#define EXP_ATTR_NAT_DIR (1UL << 28)
/** @endcond */
static void exp_free_data(struct nl_object *c)
if (exp == NULL)
return;
- nl_addr_put(exp->exp_expect.src);
- nl_addr_put(exp->exp_expect.dst);
- nl_addr_put(exp->exp_master.src);
- nl_addr_put(exp->exp_master.dst);
- nl_addr_put(exp->exp_mask.src);
- nl_addr_put(exp->exp_mask.dst);
- nl_addr_put(exp->exp_nat.src);
- nl_addr_put(exp->exp_nat.dst);
+ nl_addr_put(exp->exp_expect.src);
+ nl_addr_put(exp->exp_expect.dst);
+ nl_addr_put(exp->exp_master.src);
+ nl_addr_put(exp->exp_master.dst);
+ nl_addr_put(exp->exp_mask.src);
+ nl_addr_put(exp->exp_mask.dst);
+ nl_addr_put(exp->exp_nat.src);
+ nl_addr_put(exp->exp_nat.dst);
- free(exp->exp_fn);
- free(exp->exp_helper_name);
+ free(exp->exp_fn);
+ free(exp->exp_helper_name);
}
static int exp_clone(struct nl_object *_dst, struct nl_object *_src)
{
- struct nfnl_exp *dst = (struct nfnl_exp *) _dst;
- struct nfnl_exp *src = (struct nfnl_exp *) _src;
- struct nl_addr *addr;
-
- // Expectation
- if (src->exp_expect.src) {
- addr = nl_addr_clone(src->exp_expect.src);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_expect.src = addr;
- }
-
- if (src->exp_expect.dst) {
- addr = nl_addr_clone(src->exp_expect.dst);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_expect.dst = addr;
- }
-
- // Master CT
- if (src->exp_master.src) {
- addr = nl_addr_clone(src->exp_master.src);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_master.src = addr;
- }
-
- if (src->exp_master.dst) {
- addr = nl_addr_clone(src->exp_master.dst);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_master.dst = addr;
- }
-
- // Mask
- if (src->exp_mask.src) {
- addr = nl_addr_clone(src->exp_mask.src);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_mask.src = addr;
- }
-
- if (src->exp_mask.dst) {
- addr = nl_addr_clone(src->exp_mask.dst);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_mask.dst = addr;
- }
+ struct nfnl_exp *dst = (struct nfnl_exp *) _dst;
+ struct nfnl_exp *src = (struct nfnl_exp *) _src;
+ struct nl_addr *addr;
+
+ // Expectation
+ if (src->exp_expect.src) {
+ addr = nl_addr_clone(src->exp_expect.src);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_expect.src = addr;
+ }
+
+ if (src->exp_expect.dst) {
+ addr = nl_addr_clone(src->exp_expect.dst);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_expect.dst = addr;
+ }
+
+ // Master CT
+ if (src->exp_master.src) {
+ addr = nl_addr_clone(src->exp_master.src);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_master.src = addr;
+ }
+
+ if (src->exp_master.dst) {
+ addr = nl_addr_clone(src->exp_master.dst);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_master.dst = addr;
+ }
+
+ // Mask
+ if (src->exp_mask.src) {
+ addr = nl_addr_clone(src->exp_mask.src);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_mask.src = addr;
+ }
+
+ if (src->exp_mask.dst) {
+ addr = nl_addr_clone(src->exp_mask.dst);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_mask.dst = addr;
+ }
// NAT
- if (src->exp_nat.src) {
- addr = nl_addr_clone(src->exp_nat.src);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_nat.src = addr;
- }
-
- if (src->exp_nat.dst) {
- addr = nl_addr_clone(src->exp_nat.dst);
- if (!addr)
- return -NLE_NOMEM;
- dst->exp_nat.dst = addr;
- }
-
- if (src->exp_fn)
- dst->exp_fn = strdup(src->exp_fn);
-
- if (src->exp_helper_name)
- dst->exp_helper_name = strdup(src->exp_helper_name);
+ if (src->exp_nat.src) {
+ addr = nl_addr_clone(src->exp_nat.src);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_nat.src = addr;
+ }
+
+ if (src->exp_nat.dst) {
+ addr = nl_addr_clone(src->exp_nat.dst);
+ if (!addr)
+ return -NLE_NOMEM;
+ dst->exp_nat.dst = addr;
+ }
+
+ if (src->exp_fn)
+ dst->exp_fn = strdup(src->exp_fn);
+
+ if (src->exp_helper_name)
+ dst->exp_helper_name = strdup(src->exp_helper_name);
return 0;
}
{
if (nfnl_exp_test_icmp(exp, tuple)) {
- nl_dump(p, "icmp type %d ", nfnl_exp_get_icmp_type(exp, tuple));
+ nl_dump(p, "icmp type %d ", nfnl_exp_get_icmp_type(exp, tuple));
- nl_dump(p, "code %d ", nfnl_exp_get_icmp_code(exp, tuple));
+ nl_dump(p, "code %d ", nfnl_exp_get_icmp_code(exp, tuple));
- nl_dump(p, "id %d ", nfnl_exp_get_icmp_id(exp, tuple));
- }
+ nl_dump(p, "id %d ", nfnl_exp_get_icmp_id(exp, tuple));
+ }
}
static void exp_dump_tuples(struct nfnl_exp *exp, struct nl_dump_params *p)
struct nl_addr *tuple_src, *tuple_dst;
int tuple_sport, tuple_dport;
int i = 0;
- char buf[64];
+ char buf[64];
for (i = NFNL_EXP_TUPLE_EXPECT; i < NFNL_EXP_TUPLE_MAX; i++) {
- tuple_src = NULL;
- tuple_dst = NULL;
- tuple_sport = 0;
- tuple_dport = 0;
+ tuple_src = NULL;
+ tuple_dst = NULL;
+ tuple_sport = 0;
+ tuple_dport = 0;
- // Test needed for NAT case
- if (nfnl_exp_test_src(exp, i))
- tuple_src = nfnl_exp_get_src(exp, i);
- if (nfnl_exp_test_dst(exp, i))
- tuple_dst = nfnl_exp_get_dst(exp, i);
+ // Test needed for NAT case
+ if (nfnl_exp_test_src(exp, i))
+ tuple_src = nfnl_exp_get_src(exp, i);
+ if (nfnl_exp_test_dst(exp, i))
+ tuple_dst = nfnl_exp_get_dst(exp, i);
// Don't have tests for individual ports/types/codes/ids,
- if (nfnl_exp_test_l4protonum(exp, i)) {
- nl_dump(p, "%s ",
- nl_ip_proto2str(nfnl_exp_get_l4protonum(exp, i), buf, sizeof(buf)));
- }
-
- if (nfnl_exp_test_ports(exp, i)) {
- tuple_sport = nfnl_exp_get_src_port(exp, i);
- tuple_dport = nfnl_exp_get_dst_port(exp, i);
- }
-
- dump_addr(p, tuple_src, tuple_sport);
- dump_addr(p, tuple_dst, tuple_dport);
- dump_icmp(p, exp, 0);
- }
+ if (nfnl_exp_test_l4protonum(exp, i)) {
+ nl_dump(p, "%s ",
+ nl_ip_proto2str(nfnl_exp_get_l4protonum(exp, i), buf, sizeof(buf)));
+ }
+
+ if (nfnl_exp_test_ports(exp, i)) {
+ tuple_sport = nfnl_exp_get_src_port(exp, i);
+ tuple_dport = nfnl_exp_get_dst_port(exp, i);
+ }
+
+ dump_addr(p, tuple_src, tuple_sport);
+ dump_addr(p, tuple_dst, tuple_dport);
+ dump_icmp(p, exp, 0);
+ }
- if (nfnl_exp_test_nat_dir(exp))
- nl_dump(p, "nat dir %s ", exp->exp_nat_dir);
+ if (nfnl_exp_test_nat_dir(exp))
+ nl_dump(p, "nat dir %s ", exp->exp_nat_dir);
}
nl_msec2str(timeout_ms, buf, sizeof(buf)));
}
- if (nfnl_exp_test_helper_name(exp))
- nl_dump(p, "helper %s ", exp->exp_helper_name);
+ if (nfnl_exp_test_helper_name(exp))
+ nl_dump(p, "helper %s ", exp->exp_helper_name);
- if (nfnl_exp_test_fn(exp))
- nl_dump(p, "fn %s ", exp->exp_fn);
+ if (nfnl_exp_test_fn(exp))
+ nl_dump(p, "fn %s ", exp->exp_fn);
- if (nfnl_exp_test_class(exp))
- nl_dump(p, "class %u ", nfnl_exp_get_class(exp));
+ if (nfnl_exp_test_class(exp))
+ nl_dump(p, "class %u ", nfnl_exp_get_class(exp));
- if (nfnl_exp_test_zone(exp))
- nl_dump(p, "zone %u ", nfnl_exp_get_zone(exp));
+ if (nfnl_exp_test_zone(exp))
+ nl_dump(p, "zone %u ", nfnl_exp_get_zone(exp));
- if (nfnl_exp_test_flags(exp))
+ if (nfnl_exp_test_flags(exp))
nl_dump(p, "<");
#define PRINT_FLAG(str) \
{ nl_dump(p, "%s%s", fp++ ? "," : "", (str)); }
}
static int exp_cmp_l4proto_ports (union nfnl_exp_protodata *a, union nfnl_exp_protodata *b) {
- // Must return 0 for match, 1 for mismatch
- int d = 0;
- d = ( (a->port.src != b->port.src) ||
- (a->port.dst != b->port.dst) );
+ // Must return 0 for match, 1 for mismatch
+ int d = 0;
+ d = ( (a->port.src != b->port.src) ||
+ (a->port.dst != b->port.dst) );
- return d;
+ return d;
}
static int exp_cmp_l4proto_icmp (union nfnl_exp_protodata *a, union nfnl_exp_protodata *b) {
// Must return 0 for match, 1 for mismatch
- int d = 0;
- d = ( (a->icmp.code != b->icmp.code) ||
- (a->icmp.type != b->icmp.type) ||
- (a->icmp.id != b->icmp.id) );
+ int d = 0;
+ d = ( (a->icmp.code != b->icmp.code) ||
+ (a->icmp.type != b->icmp.type) ||
+ (a->icmp.id != b->icmp.id) );
- return d;
+ return d;
}
static int exp_compare(struct nl_object *_a, struct nl_object *_b,
- uint32_t attrs, int flags)
+ uint32_t attrs, int flags)
{
struct nfnl_exp *a = (struct nfnl_exp *) _a;
struct nfnl_exp *b = (struct nfnl_exp *) _b;
#define EXP_DIFF_VAL(ATTR, FIELD) EXP_DIFF(ATTR, a->FIELD != b->FIELD)
#define EXP_DIFF_STRING(ATTR, FIELD) EXP_DIFF(ATTR, (strcmp(a->FIELD, b->FIELD) != 0))
#define EXP_DIFF_ADDR(ATTR, FIELD) \
- ((flags & LOOSE_COMPARISON) \
- ? EXP_DIFF(ATTR, nl_addr_cmp_prefix(a->FIELD, b->FIELD)) \
- : EXP_DIFF(ATTR, nl_addr_cmp(a->FIELD, b->FIELD)))
+ ((flags & LOOSE_COMPARISON) \
+ ? EXP_DIFF(ATTR, nl_addr_cmp_prefix(a->FIELD, b->FIELD)) \
+ : EXP_DIFF(ATTR, nl_addr_cmp(a->FIELD, b->FIELD)))
#define EXP_DIFF_L4PROTO_PORTS(ATTR, FIELD) \
- EXP_DIFF(ATTR, exp_cmp_l4proto_ports(&(a->FIELD), &(b->FIELD)))
+ EXP_DIFF(ATTR, exp_cmp_l4proto_ports(&(a->FIELD), &(b->FIELD)))
#define EXP_DIFF_L4PROTO_ICMP(ATTR, FIELD) \
- EXP_DIFF(ATTR, exp_cmp_l4proto_icmp(&(a->FIELD), &(b->FIELD)))
-
- diff |= EXP_DIFF_VAL(FAMILY, exp_family);
- diff |= EXP_DIFF_VAL(TIMEOUT, exp_timeout);
- diff |= EXP_DIFF_VAL(ID, exp_id);
- diff |= EXP_DIFF_VAL(ZONE, exp_zone);
- diff |= EXP_DIFF_VAL(CLASS, exp_class);
- diff |= EXP_DIFF_VAL(FLAGS, exp_flags);
- diff |= EXP_DIFF_VAL(NAT_DIR, exp_nat_dir);
-
- diff |= EXP_DIFF_STRING(FN, exp_fn);
- diff |= EXP_DIFF_STRING(HELPER_NAME, exp_helper_name);
-
- diff |= EXP_DIFF_ADDR(EXPECT_IP_SRC, exp_expect.src);
- diff |= EXP_DIFF_ADDR(EXPECT_IP_DST, exp_expect.dst);
- diff |= EXP_DIFF_VAL(EXPECT_L4PROTO_NUM, exp_expect.proto.l4protonum);
- diff |= EXP_DIFF_L4PROTO_PORTS(EXPECT_L4PROTO_PORTS, exp_expect.proto.l4protodata);
- diff |= EXP_DIFF_L4PROTO_ICMP(EXPECT_L4PROTO_ICMP, exp_expect.proto.l4protodata);
-
- diff |= EXP_DIFF_ADDR(MASTER_IP_SRC, exp_master.src);
- diff |= EXP_DIFF_ADDR(MASTER_IP_DST, exp_master.dst);
- diff |= EXP_DIFF_VAL(MASTER_L4PROTO_NUM, exp_master.proto.l4protonum);
- diff |= EXP_DIFF_L4PROTO_PORTS(MASTER_L4PROTO_PORTS, exp_master.proto.l4protodata);
- diff |= EXP_DIFF_L4PROTO_ICMP(MASTER_L4PROTO_ICMP, exp_master.proto.l4protodata);
-
- diff |= EXP_DIFF_ADDR(MASK_IP_SRC, exp_mask.src);
- diff |= EXP_DIFF_ADDR(MASK_IP_DST, exp_mask.dst);
- diff |= EXP_DIFF_VAL(MASK_L4PROTO_NUM, exp_mask.proto.l4protonum);
- diff |= EXP_DIFF_L4PROTO_PORTS(MASK_L4PROTO_PORTS, exp_mask.proto.l4protodata);
- diff |= EXP_DIFF_L4PROTO_ICMP(MASK_L4PROTO_ICMP, exp_mask.proto.l4protodata);
-
- diff |= EXP_DIFF_ADDR(NAT_IP_SRC, exp_nat.src);
- diff |= EXP_DIFF_ADDR(NAT_IP_DST, exp_nat.dst);
- diff |= EXP_DIFF_VAL(NAT_L4PROTO_NUM, exp_nat.proto.l4protonum);
- diff |= EXP_DIFF_L4PROTO_PORTS(NAT_L4PROTO_PORTS, exp_nat.proto.l4protodata);
- diff |= EXP_DIFF_L4PROTO_ICMP(NAT_L4PROTO_ICMP, exp_nat.proto.l4protodata);
+ EXP_DIFF(ATTR, exp_cmp_l4proto_icmp(&(a->FIELD), &(b->FIELD)))
+
+ diff |= EXP_DIFF_VAL(FAMILY, exp_family);
+ diff |= EXP_DIFF_VAL(TIMEOUT, exp_timeout);
+ diff |= EXP_DIFF_VAL(ID, exp_id);
+ diff |= EXP_DIFF_VAL(ZONE, exp_zone);
+ diff |= EXP_DIFF_VAL(CLASS, exp_class);
+ diff |= EXP_DIFF_VAL(FLAGS, exp_flags);
+ diff |= EXP_DIFF_VAL(NAT_DIR, exp_nat_dir);
+
+ diff |= EXP_DIFF_STRING(FN, exp_fn);
+ diff |= EXP_DIFF_STRING(HELPER_NAME, exp_helper_name);
+
+ diff |= EXP_DIFF_ADDR(EXPECT_IP_SRC, exp_expect.src);
+ diff |= EXP_DIFF_ADDR(EXPECT_IP_DST, exp_expect.dst);
+ diff |= EXP_DIFF_VAL(EXPECT_L4PROTO_NUM, exp_expect.proto.l4protonum);
+ diff |= EXP_DIFF_L4PROTO_PORTS(EXPECT_L4PROTO_PORTS, exp_expect.proto.l4protodata);
+ diff |= EXP_DIFF_L4PROTO_ICMP(EXPECT_L4PROTO_ICMP, exp_expect.proto.l4protodata);
+
+ diff |= EXP_DIFF_ADDR(MASTER_IP_SRC, exp_master.src);
+ diff |= EXP_DIFF_ADDR(MASTER_IP_DST, exp_master.dst);
+ diff |= EXP_DIFF_VAL(MASTER_L4PROTO_NUM, exp_master.proto.l4protonum);
+ diff |= EXP_DIFF_L4PROTO_PORTS(MASTER_L4PROTO_PORTS, exp_master.proto.l4protodata);
+ diff |= EXP_DIFF_L4PROTO_ICMP(MASTER_L4PROTO_ICMP, exp_master.proto.l4protodata);
+
+ diff |= EXP_DIFF_ADDR(MASK_IP_SRC, exp_mask.src);
+ diff |= EXP_DIFF_ADDR(MASK_IP_DST, exp_mask.dst);
+ diff |= EXP_DIFF_VAL(MASK_L4PROTO_NUM, exp_mask.proto.l4protonum);
+ diff |= EXP_DIFF_L4PROTO_PORTS(MASK_L4PROTO_PORTS, exp_mask.proto.l4protodata);
+ diff |= EXP_DIFF_L4PROTO_ICMP(MASK_L4PROTO_ICMP, exp_mask.proto.l4protodata);
+
+ diff |= EXP_DIFF_ADDR(NAT_IP_SRC, exp_nat.src);
+ diff |= EXP_DIFF_ADDR(NAT_IP_DST, exp_nat.dst);
+ diff |= EXP_DIFF_VAL(NAT_L4PROTO_NUM, exp_nat.proto.l4protonum);
+ diff |= EXP_DIFF_L4PROTO_PORTS(NAT_L4PROTO_PORTS, exp_nat.proto.l4protodata);
+ diff |= EXP_DIFF_L4PROTO_ICMP(NAT_L4PROTO_ICMP, exp_nat.proto.l4protodata);
#undef EXP_DIFF
#undef EXP_DIFF_VAL
#undef EXP_DIFF_L4PROTO_PORTS
#undef EXP_DIFF_L4PROTO_ICMP
- return diff;
+ return diff;
}
// CLI arguments?
static const struct trans_tbl exp_attrs[] = {
- __ADD(EXP_ATTR_FAMILY, family)
- __ADD(EXP_ATTR_TIMEOUT, timeout)
- __ADD(EXP_ATTR_ID, id)
- __ADD(EXP_ATTR_HELPER_NAME, helpername)
- __ADD(EXP_ATTR_ZONE, zone)
- __ADD(EXP_ATTR_CLASS, class)
- __ADD(EXP_ATTR_FLAGS, flags)
- __ADD(EXP_ATTR_FN, function)
- __ADD(EXP_ATTR_EXPECT_IP_SRC, expectipsrc)
- __ADD(EXP_ATTR_EXPECT_IP_DST, expectipdst)
- __ADD(EXP_ATTR_EXPECT_L4PROTO_NUM, expectprotonum)
- __ADD(EXP_ATTR_EXPECT_L4PROTO_PORTS, expectports)
- __ADD(EXP_ATTR_EXPECT_L4PROTO_ICMP , expecticmp)
- __ADD(EXP_ATTR_MASTER_IP_SRC, masteripsrc)
- __ADD(EXP_ATTR_MASTER_IP_DST, masteripdst)
- __ADD(EXP_ATTR_MASTER_L4PROTO_NUM, masterprotonum)
- __ADD(EXP_ATTR_MASTER_L4PROTO_PORTS, masterports)
- __ADD(EXP_ATTR_MASTER_L4PROTO_ICMP , mastericmp)
- __ADD(EXP_ATTR_MASK_IP_SRC, maskipsrc)
- __ADD(EXP_ATTR_MASK_IP_DST, maskipdst)
- __ADD(EXP_ATTR_MASK_L4PROTO_NUM, maskprotonum)
- __ADD(EXP_ATTR_MASK_L4PROTO_PORTS, maskports)
- __ADD(EXP_ATTR_MASK_L4PROTO_ICMP , maskicmp)
- __ADD(EXP_ATTR_NAT_IP_SRC, natipsrc)
- __ADD(EXP_ATTR_NAT_IP_DST, natipdst)
- __ADD(EXP_ATTR_NAT_L4PROTO_NUM, natprotonum)
- __ADD(EXP_ATTR_NAT_L4PROTO_PORTS, natports)
- __ADD(EXP_ATTR_NAT_L4PROTO_ICMP, naticmp)
- __ADD(EXP_ATTR_NAT_DIR, natdir)
+ __ADD(EXP_ATTR_FAMILY, family)
+ __ADD(EXP_ATTR_TIMEOUT, timeout)
+ __ADD(EXP_ATTR_ID, id)
+ __ADD(EXP_ATTR_HELPER_NAME, helpername)
+ __ADD(EXP_ATTR_ZONE, zone)
+ __ADD(EXP_ATTR_CLASS, class)
+ __ADD(EXP_ATTR_FLAGS, flags)
+ __ADD(EXP_ATTR_FN, function)
+ __ADD(EXP_ATTR_EXPECT_IP_SRC, expectipsrc)
+ __ADD(EXP_ATTR_EXPECT_IP_DST, expectipdst)
+ __ADD(EXP_ATTR_EXPECT_L4PROTO_NUM, expectprotonum)
+ __ADD(EXP_ATTR_EXPECT_L4PROTO_PORTS, expectports)
+ __ADD(EXP_ATTR_EXPECT_L4PROTO_ICMP, expecticmp)
+ __ADD(EXP_ATTR_MASTER_IP_SRC, masteripsrc)
+ __ADD(EXP_ATTR_MASTER_IP_DST, masteripdst)
+ __ADD(EXP_ATTR_MASTER_L4PROTO_NUM, masterprotonum)
+ __ADD(EXP_ATTR_MASTER_L4PROTO_PORTS, masterports)
+ __ADD(EXP_ATTR_MASTER_L4PROTO_ICMP, mastericmp)
+ __ADD(EXP_ATTR_MASK_IP_SRC, maskipsrc)
+ __ADD(EXP_ATTR_MASK_IP_DST, maskipdst)
+ __ADD(EXP_ATTR_MASK_L4PROTO_NUM, maskprotonum)
+ __ADD(EXP_ATTR_MASK_L4PROTO_PORTS, maskports)
+ __ADD(EXP_ATTR_MASK_L4PROTO_ICMP, maskicmp)
+ __ADD(EXP_ATTR_NAT_IP_SRC, natipsrc)
+ __ADD(EXP_ATTR_NAT_IP_DST, natipdst)
+ __ADD(EXP_ATTR_NAT_L4PROTO_NUM, natprotonum)
+ __ADD(EXP_ATTR_NAT_L4PROTO_PORTS, natports)
+ __ADD(EXP_ATTR_NAT_L4PROTO_ICMP, naticmp)
+ __ADD(EXP_ATTR_NAT_DIR, natdir)
};
static char *exp_attrs2str(int attrs, char *buf, size_t len)
int nfnl_exp_test_flags(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_FLAGS);
+ return !!(exp->ce_mask & EXP_ATTR_FLAGS);
}
void nfnl_exp_unset_flags(struct nfnl_exp *exp, uint32_t flags)
return exp->exp_id;
}
-int nfnl_exp_set_helper_name(struct nfnl_exp *exp, void *name)
+int nfnl_exp_set_helper_name(struct nfnl_exp *exp, void *name)
{
- free(exp->exp_helper_name);
- exp->exp_helper_name = strdup(name);
- if (!exp->exp_helper_name)
- return -NLE_NOMEM;
+ free(exp->exp_helper_name);
+ exp->exp_helper_name = strdup(name);
+ if (!exp->exp_helper_name)
+ return -NLE_NOMEM;
- exp->ce_mask |= EXP_ATTR_HELPER_NAME;
- return 0;
+ exp->ce_mask |= EXP_ATTR_HELPER_NAME;
+ return 0;
}
int nfnl_exp_test_helper_name(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_HELPER_NAME);
+ return !!(exp->ce_mask & EXP_ATTR_HELPER_NAME);
}
const char * nfnl_exp_get_helper_name(const struct nfnl_exp *exp)
{
- return exp->exp_helper_name;
+ return exp->exp_helper_name;
}
void nfnl_exp_set_zone(struct nfnl_exp *exp, uint16_t zone)
{
- exp->exp_zone = zone;
- exp->ce_mask |= EXP_ATTR_ZONE;
+ exp->exp_zone = zone;
+ exp->ce_mask |= EXP_ATTR_ZONE;
}
int nfnl_exp_test_zone(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_ZONE);
+ return !!(exp->ce_mask & EXP_ATTR_ZONE);
}
uint16_t nfnl_exp_get_zone(const struct nfnl_exp *exp)
{
- return exp->exp_zone;
+ return exp->exp_zone;
}
void nfnl_exp_set_class(struct nfnl_exp *exp, uint32_t class)
{
- exp->exp_class = class;
- exp->ce_mask |= EXP_ATTR_CLASS;
+ exp->exp_class = class;
+ exp->ce_mask |= EXP_ATTR_CLASS;
}
int nfnl_exp_test_class(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_CLASS);
+ return !!(exp->ce_mask & EXP_ATTR_CLASS);
}
uint32_t nfnl_exp_get_class(const struct nfnl_exp *exp)
{
- return exp->exp_class;
+ return exp->exp_class;
}
int nfnl_exp_set_fn(struct nfnl_exp *exp, void *fn)
{
- free(exp->exp_fn);
- exp->exp_fn = strdup(fn);
- if (!exp->exp_fn)
- return -NLE_NOMEM;
+ free(exp->exp_fn);
+ exp->exp_fn = strdup(fn);
+ if (!exp->exp_fn)
+ return -NLE_NOMEM;
- exp->ce_mask |= EXP_ATTR_FN;
- return 0;
+ exp->ce_mask |= EXP_ATTR_FN;
+ return 0;
}
int nfnl_exp_test_fn(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_FN);
+ return !!(exp->ce_mask & EXP_ATTR_FN);
}
const char * nfnl_exp_get_fn(const struct nfnl_exp *exp)
{
- return exp->exp_fn;
+ return exp->exp_fn;
}
void nfnl_exp_set_nat_dir(struct nfnl_exp *exp, uint8_t nat_dir)
{
- exp->exp_nat_dir = nat_dir;
- exp->ce_mask |= EXP_ATTR_NAT_DIR;
+ exp->exp_nat_dir = nat_dir;
+ exp->ce_mask |= EXP_ATTR_NAT_DIR;
}
int nfnl_exp_test_nat_dir(const struct nfnl_exp *exp)
{
- return !!(exp->ce_mask & EXP_ATTR_NAT_DIR);
+ return !!(exp->ce_mask & EXP_ATTR_NAT_DIR);
}
uint8_t nfnl_exp_get_nat_dir(const struct nfnl_exp *exp)
{
- return exp->exp_nat_dir;
+ return exp->exp_nat_dir;
}
#define EXP_GET_TUPLE(e, t) \
- (t == NFNL_EXP_TUPLE_MASTER) ? \
- &(e->exp_master) : \
- (t == NFNL_EXP_TUPLE_MASK) ? \
- &(e->exp_mask) : \
- (t == NFNL_EXP_TUPLE_NAT) ? \
- &(e->exp_nat) : &(exp->exp_expect)
+ (t == NFNL_EXP_TUPLE_MASTER) ? \
+ &(e->exp_master) : \
+ (t == NFNL_EXP_TUPLE_MASK) ? \
+ &(e->exp_mask) : \
+ (t == NFNL_EXP_TUPLE_NAT) ? \
+ &(e->exp_nat) : &(exp->exp_expect)
static int exp_get_src_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case NFNL_EXP_TUPLE_MASTER:
- attr = EXP_ATTR_MASTER_IP_SRC;
- break;
- case NFNL_EXP_TUPLE_MASK:
- attr = EXP_ATTR_MASK_IP_SRC;
- break;
- case NFNL_EXP_TUPLE_NAT:
- attr = EXP_ATTR_NAT_IP_SRC;
- break;
- case NFNL_EXP_TUPLE_EXPECT:
- default :
- attr = EXP_ATTR_EXPECT_IP_SRC;
- break;
- }
+ int attr = 0;
+
+ switch (tuple) {
+ case NFNL_EXP_TUPLE_MASTER:
+ attr = EXP_ATTR_MASTER_IP_SRC;
+ break;
+ case NFNL_EXP_TUPLE_MASK:
+ attr = EXP_ATTR_MASK_IP_SRC;
+ break;
+ case NFNL_EXP_TUPLE_NAT:
+ attr = EXP_ATTR_NAT_IP_SRC;
+ break;
+ case NFNL_EXP_TUPLE_EXPECT:
+ default :
+ attr = EXP_ATTR_EXPECT_IP_SRC;
+ }
- return attr;
+ return attr;
}
static int exp_get_dst_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case NFNL_EXP_TUPLE_MASTER:
- attr = EXP_ATTR_MASTER_IP_DST;
- break;
- case NFNL_EXP_TUPLE_MASK:
- attr = EXP_ATTR_MASK_IP_DST;
- break;
- case NFNL_EXP_TUPLE_NAT:
- attr = EXP_ATTR_NAT_IP_DST;
- break;
- case NFNL_EXP_TUPLE_EXPECT:
- default :
- attr = EXP_ATTR_EXPECT_IP_DST;
- break;
- }
+ int attr = 0;
+
+ switch (tuple) {
+ case NFNL_EXP_TUPLE_MASTER:
+ attr = EXP_ATTR_MASTER_IP_DST;
+ break;
+ case NFNL_EXP_TUPLE_MASK:
+ attr = EXP_ATTR_MASK_IP_DST;
+ break;
+ case NFNL_EXP_TUPLE_NAT:
+ attr = EXP_ATTR_NAT_IP_DST;
+ break;
+ case NFNL_EXP_TUPLE_EXPECT:
+ default :
+ attr = EXP_ATTR_EXPECT_IP_DST;
+ }
- return attr;
+ return attr;
}
int nfnl_exp_set_dst(struct nfnl_exp *exp, int tuple, struct nl_addr *addr)
{
- struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
- return exp_set_addr(exp, addr, exp_get_dst_attr(tuple), &dir->dst);
+ return exp_set_addr(exp, addr, exp_get_dst_attr(tuple), &dir->dst);
}
int nfnl_exp_test_src(const struct nfnl_exp *exp, int tuple)
{
- return !!(exp->ce_mask & exp_get_src_attr(tuple));
+ return !!(exp->ce_mask & exp_get_src_attr(tuple));
}
int nfnl_exp_test_dst(const struct nfnl_exp *exp, int tuple)
{
-
- return !!(exp->ce_mask & exp_get_dst_attr(tuple));
+ return !!(exp->ce_mask & exp_get_dst_attr(tuple));
}
struct nl_addr *nfnl_exp_get_src(const struct nfnl_exp *exp, int tuple)
{
- const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
- if (!(exp->ce_mask & exp_get_src_attr(tuple)))
+ if (!(exp->ce_mask & exp_get_src_attr(tuple)))
return NULL;
return dir->src;
}
static int exp_get_l4protonum_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case NFNL_EXP_TUPLE_MASTER:
- attr = EXP_ATTR_MASTER_L4PROTO_NUM;
- break;
- case NFNL_EXP_TUPLE_MASK:
- attr = EXP_ATTR_MASK_L4PROTO_NUM;
- break;
- case NFNL_EXP_TUPLE_NAT:
- attr = EXP_ATTR_NAT_L4PROTO_NUM;
- break;
- case NFNL_EXP_TUPLE_EXPECT:
- default :
- attr = EXP_ATTR_EXPECT_L4PROTO_NUM;
- break;
- }
+ int attr = 0;
+
+ switch (tuple) {
+ case NFNL_EXP_TUPLE_MASTER:
+ attr = EXP_ATTR_MASTER_L4PROTO_NUM;
+ break;
+ case NFNL_EXP_TUPLE_MASK:
+ attr = EXP_ATTR_MASK_L4PROTO_NUM;
+ break;
+ case NFNL_EXP_TUPLE_NAT:
+ attr = EXP_ATTR_NAT_L4PROTO_NUM;
+ break;
+ case NFNL_EXP_TUPLE_EXPECT:
+ default :
+ attr = EXP_ATTR_EXPECT_L4PROTO_NUM;
+ }
- return attr;
+ return attr;
}
void nfnl_exp_set_l4protonum(struct nfnl_exp *exp, int tuple, uint8_t l4protonum)
{
- struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
- dir->proto.l4protonum = l4protonum;
- exp->ce_mask |= exp_get_l4protonum_attr(tuple);
+ dir->proto.l4protonum = l4protonum;
+ exp->ce_mask |= exp_get_l4protonum_attr(tuple);
}
int nfnl_exp_test_l4protonum(const struct nfnl_exp *exp, int tuple)
{
- return !!(exp->ce_mask & exp_get_l4protonum_attr(tuple));
+ return !!(exp->ce_mask & exp_get_l4protonum_attr(tuple));
}
uint8_t nfnl_exp_get_l4protonum(const struct nfnl_exp *exp, int tuple)
{
- const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
- return dir->proto.l4protonum;
+ const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ return dir->proto.l4protonum;
}
static int exp_get_l4ports_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case NFNL_EXP_TUPLE_MASTER:
- attr = EXP_ATTR_MASTER_L4PROTO_PORTS;
- break;
- case NFNL_EXP_TUPLE_MASK:
- attr = EXP_ATTR_MASK_L4PROTO_PORTS;
- break;
- case NFNL_EXP_TUPLE_NAT:
- attr = EXP_ATTR_NAT_L4PROTO_PORTS;
- break;
- case NFNL_EXP_TUPLE_EXPECT:
- default :
- attr = EXP_ATTR_EXPECT_L4PROTO_PORTS;
- break;
- }
+ int attr = 0;
+
+ switch (tuple) {
+ case NFNL_EXP_TUPLE_MASTER:
+ attr = EXP_ATTR_MASTER_L4PROTO_PORTS;
+ break;
+ case NFNL_EXP_TUPLE_MASK:
+ attr = EXP_ATTR_MASK_L4PROTO_PORTS;
+ break;
+ case NFNL_EXP_TUPLE_NAT:
+ attr = EXP_ATTR_NAT_L4PROTO_PORTS;
+ break;
+ case NFNL_EXP_TUPLE_EXPECT:
+ default :
+ attr = EXP_ATTR_EXPECT_L4PROTO_PORTS;
+ }
- return attr;
+ return attr;
}
void nfnl_exp_set_ports(struct nfnl_exp *exp, int tuple, uint16_t srcport, uint16_t dstport)
uint16_t nfnl_exp_get_dst_port(const struct nfnl_exp *exp, int tuple)
{
- const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
return dir->proto.l4protodata.port.dst;
}
static int exp_get_l4icmp_attr(int tuple)
{
- int attr = 0;
-
- switch (tuple) {
- case NFNL_EXP_TUPLE_MASTER:
- attr = EXP_ATTR_MASTER_L4PROTO_ICMP;
- break;
- case NFNL_EXP_TUPLE_MASK:
- attr = EXP_ATTR_MASK_L4PROTO_ICMP;
- break;
- case NFNL_EXP_TUPLE_NAT:
- attr = EXP_ATTR_NAT_L4PROTO_ICMP;
- break;
- case NFNL_EXP_TUPLE_EXPECT:
- default :
- attr = EXP_ATTR_EXPECT_L4PROTO_ICMP;
- break;
- }
+ int attr = 0;
+
+ switch (tuple) {
+ case NFNL_EXP_TUPLE_MASTER:
+ attr = EXP_ATTR_MASTER_L4PROTO_ICMP;
+ break;
+ case NFNL_EXP_TUPLE_MASK:
+ attr = EXP_ATTR_MASK_L4PROTO_ICMP;
+ break;
+ case NFNL_EXP_TUPLE_NAT:
+ attr = EXP_ATTR_NAT_L4PROTO_ICMP;
+ break;
+ case NFNL_EXP_TUPLE_EXPECT:
+ default :
+ attr = EXP_ATTR_EXPECT_L4PROTO_ICMP;
+ }
- return attr;
+ return attr;
}
void nfnl_exp_set_icmp(struct nfnl_exp *exp, int tuple, uint16_t id, uint8_t type, uint8_t code)
dir->proto.l4protodata.icmp.id = id;
dir->proto.l4protodata.icmp.type = type;
- dir->proto.l4protodata.icmp.code = code;
+ dir->proto.l4protodata.icmp.code = code;
exp->ce_mask |= exp_get_l4icmp_attr(tuple);
}
uint8_t nfnl_exp_get_icmp_type(const struct nfnl_exp *exp, int tuple)
{
- const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
return dir->proto.l4protodata.icmp.type;
}
uint8_t nfnl_exp_get_icmp_code(const struct nfnl_exp *exp, int tuple)
{
- const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
+ const struct nfnl_exp_dir *dir = EXP_GET_TUPLE(exp, tuple);
return dir->proto.l4protodata.icmp.code;
}
/** @} */
struct nl_object_ops exp_obj_ops = {
- .oo_name = "netfilter/exp",
- .oo_size = sizeof(struct nfnl_exp),
+ .oo_name = "netfilter/exp",
+ .oo_size = sizeof(struct nfnl_exp),
.oo_free_data = exp_free_data,
- .oo_clone = exp_clone,
+ .oo_clone = exp_clone,
.oo_dump = {
- [NL_DUMP_LINE] = exp_dump_line,
- [NL_DUMP_DETAILS] = exp_dump_details,
+ [NL_DUMP_LINE] = exp_dump_line,
+ [NL_DUMP_DETAILS] = exp_dump_details,
},
- .oo_compare = exp_compare,
+ .oo_compare = exp_compare,
.oo_attrs2str = exp_attrs2str,
};
void nl_cli_exp_parse_helper_name(struct nfnl_exp *exp, char *arg)
{
- nfnl_exp_set_helper_name(exp, arg);
+ nfnl_exp_set_helper_name(exp, arg);
}
void nl_cli_exp_parse_zone(struct nfnl_exp *exp, char *arg)
{
- uint32_t zone = nl_cli_parse_u32(arg);
- nfnl_exp_set_zone(exp, zone);
+ uint32_t zone = nl_cli_parse_u32(arg);
+ nfnl_exp_set_zone(exp, zone);
}
void nl_cli_exp_parse_flags(struct nfnl_exp *exp, char *arg)
{
- uint32_t flags = nl_cli_parse_u32(arg);
- nfnl_exp_set_flags(exp, flags);
+ uint32_t flags = nl_cli_parse_u32(arg);
+ nfnl_exp_set_flags(exp, flags);
}
void nl_cli_exp_parse_class(struct nfnl_exp *exp, char *arg)
{
- uint32_t class = nl_cli_parse_u32(arg);
- nfnl_exp_set_class(exp, class);
+ uint32_t class = nl_cli_parse_u32(arg);
+ nfnl_exp_set_class(exp, class);
}
void nl_cli_exp_parse_nat_dir(struct nfnl_exp *exp, char *arg)
{
- uint32_t nat_dir = nl_cli_parse_u32(arg);
- nfnl_exp_set_nat_dir(exp, nat_dir);
+ uint32_t nat_dir = nl_cli_parse_u32(arg);
+ nfnl_exp_set_nat_dir(exp, nat_dir);
}
void nl_cli_exp_parse_fn(struct nfnl_exp *exp, char *arg)
{
- nfnl_exp_set_fn(exp, arg);
+ nfnl_exp_set_fn(exp, arg);
}
void nl_cli_exp_parse_src(struct nfnl_exp *exp, int tuple, char *arg)
void nl_cli_exp_parse_l4protonum(struct nfnl_exp *exp, int tuple, char *arg)
{
- int l4protonum;
+ int l4protonum;
- if ((l4protonum = nl_str2ip_proto(arg)) < 0)
- nl_cli_fatal(l4protonum,
- "Unable to nl_cli_exp_parse protocol \"%s\": %s",
- arg, nl_geterror(l4protonum));
+ if ((l4protonum = nl_str2ip_proto(arg)) < 0)
+ nl_cli_fatal(l4protonum,
+ "Unable to nl_cli_exp_parse protocol \"%s\": %s",
+ arg, nl_geterror(l4protonum));
- nfnl_exp_set_l4protonum(exp, tuple, l4protonum);
+ nfnl_exp_set_l4protonum(exp, tuple, l4protonum);
}
void nl_cli_exp_parse_src_port(struct nfnl_exp *exp, int tuple, char *arg)
{
uint32_t sport = nl_cli_parse_u32(arg);
- uint16_t dport = nfnl_exp_get_dst_port(exp, tuple);
+ uint16_t dport = nfnl_exp_get_dst_port(exp, tuple);
nfnl_exp_set_ports(exp, tuple, sport, dport);
}
void nl_cli_exp_parse_icmp_id(struct nfnl_exp *exp, int tuple, char *arg)
{
- uint32_t id = nl_cli_parse_u32(arg);
- uint8_t type = nfnl_exp_get_icmp_type(exp, tuple);
- uint8_t code = nfnl_exp_get_icmp_code(exp, tuple);
- nfnl_exp_set_icmp(exp, tuple, id, type, code);
+ uint32_t id = nl_cli_parse_u32(arg);
+ uint8_t type = nfnl_exp_get_icmp_type(exp, tuple);
+ uint8_t code = nfnl_exp_get_icmp_code(exp, tuple);
+ nfnl_exp_set_icmp(exp, tuple, id, type, code);
}
void nl_cli_exp_parse_icmp_type(struct nfnl_exp *exp, int tuple, char *arg)
{
- uint32_t type = nl_cli_parse_u32(arg);
- uint16_t id = nfnl_exp_get_icmp_id(exp, tuple);
- uint8_t code = nfnl_exp_get_icmp_code(exp, tuple);
- nfnl_exp_set_icmp(exp, tuple, id, type, code);
+ uint32_t type = nl_cli_parse_u32(arg);
+ uint16_t id = nfnl_exp_get_icmp_id(exp, tuple);
+ uint8_t code = nfnl_exp_get_icmp_code(exp, tuple);
+ nfnl_exp_set_icmp(exp, tuple, id, type, code);
}
void nl_cli_exp_parse_icmp_code(struct nfnl_exp *exp, int tuple, char *arg)
{
- uint32_t code = nl_cli_parse_u32(arg);
- uint16_t id = nfnl_exp_get_icmp_id(exp, tuple);
- uint8_t type = nfnl_exp_get_icmp_type(exp, tuple);
- nfnl_exp_set_icmp(exp, tuple, id, type, code);
+ uint32_t code = nl_cli_parse_u32(arg);
+ uint16_t id = nfnl_exp_get_icmp_id(exp, tuple);
+ uint8_t type = nfnl_exp_get_icmp_type(exp, tuple);
+ nfnl_exp_set_icmp(exp, tuple, id, type, code);
}
/** @} */
"Usage: nf-exp-list [OPTION]... [CONNTRACK ENTRY]\n"
"\n"
"Options\n"
- " --replace Replace the address if it exists.\n"
- " -q, --quiet Do not print informal notifications.\n"
+ " --replace Replace the address if it exists.\n"
+ " -q, --quiet Do not print informal notifications.\n"
" -h, --help Show this help\n"
" -v, --version Show versioning information\n"
"\n"
"Expectation Selection\n"
" -i, --id=NUM Identifier\n"
- " --expect-proto=PROTOCOL Expectation protocol\n"
+ " --expect-proto=PROTOCOL Expectation protocol\n"
" --expect-src=ADDR Expectation source address\n"
" --expect-sport=PORT Expectation source port\n"
" --expect-dst=ADDR Expectation destination address\n"
" --expect-dport=PORT Expectation destination port\n"
- " --master-proto=PROTOCOL Master conntrack protocol\n"
+ " --master-proto=PROTOCOL Master conntrack protocol\n"
" --master-src=ADDR Master conntrack source address\n"
" --master-sport=PORT Master conntrack source port\n"
" --master-dst=ADDR Master conntrack destination address\n"
" --master-dport=PORT Master conntrack destination port\n"
- " --mask-proto=PROTOCOL Mask protocol\n"
- " --mask-src=ADDR Mask source address\n"
- " --mask-sport=PORT Mask source port\n"
- " --mask-dst=ADDR Mask destination address\n"
- " --mask-dport=PORT Mask destination port\n"
+ " --mask-proto=PROTOCOL Mask protocol\n"
+ " --mask-src=ADDR Mask source address\n"
+ " --mask-sport=PORT Mask source port\n"
+ " --mask-dst=ADDR Mask destination address\n"
+ " --mask-dport=PORT Mask destination port\n"
" -F, --family=FAMILY Address family\n"
" --timeout=NUM Timeout value\n"
- " --helper=STRING Helper Name\n"
+ " --helper=STRING Helper Name\n"
" --flags Flags (Kernel 2.6.37)\n"
);
exit(0);
ARG_EXPECT_SPORT,
ARG_EXPECT_DST,
ARG_EXPECT_DPORT,
- ARG_MASTER_PROTO,
+ ARG_MASTER_PROTO,
ARG_MASTER_SRC,
ARG_MASTER_SPORT,
ARG_MASTER_DST,
ARG_MASTER_DPORT,
- ARG_MASK_PROTO,
- ARG_MASK_SRC,
- ARG_MASK_SPORT,
- ARG_MASK_DST,
- ARG_MASK_DPORT,
+ ARG_MASK_PROTO,
+ ARG_MASK_SRC,
+ ARG_MASK_SPORT,
+ ARG_MASK_DST,
+ ARG_MASK_DPORT,
ARG_TIMEOUT,
- ARG_HELPER_NAME,
- ARG_REPLACE,
+ ARG_HELPER_NAME,
+ ARG_REPLACE,
ARG_FLAGS,
};
static struct option long_opts[] = {
{ "replace", 1, 0, ARG_REPLACE },
- { "quiet", 0, 0, 'q' },
+ { "quiet", 0, 0, 'q' },
{ "help", 0, 0, 'h' },
{ "version", 0, 0, 'v' },
{ "id", 1, 0, 'i' },
{ "expect-sport", 1, 0, ARG_EXPECT_SPORT },
{ "expect-dst", 1, 0, ARG_EXPECT_DST },
{ "expect-dport", 1, 0, ARG_EXPECT_DPORT },
- { "master-proto", 1, 0, ARG_MASTER_PROTO },
+ { "master-proto", 1, 0, ARG_MASTER_PROTO },
{ "master-src", 1, 0, ARG_MASTER_SRC },
{ "master-sport", 1, 0, ARG_MASTER_SPORT },
{ "master-dst", 1, 0, ARG_MASTER_DST },
{ "master-dport", 1, 0, ARG_MASTER_DPORT },
- { "mask-proto", 1, 0, ARG_MASK_PROTO },
- { "mask-src", 1, 0, ARG_MASK_SRC },
- { "mask-sport", 1, 0, ARG_MASK_SPORT },
- { "mask-dst", 1, 0, ARG_MASK_DST },
- { "mask-dport", 1, 0, ARG_MASK_DPORT },
+ { "mask-proto", 1, 0, ARG_MASK_PROTO },
+ { "mask-src", 1, 0, ARG_MASK_SRC },
+ { "mask-sport", 1, 0, ARG_MASK_SPORT },
+ { "mask-dst", 1, 0, ARG_MASK_DST },
+ { "mask-dport", 1, 0, ARG_MASK_DPORT },
{ "family", 1, 0, 'F' },
{ "timeout", 1, 0, ARG_TIMEOUT },
{ "helper", 1, 0, ARG_HELPER_NAME },
- { "flags", 1, 0, ARG_FLAGS},
+ { "flags", 1, 0, ARG_FLAGS},
{ 0, 0, 0, 0 }
};
switch (c) {
case '?': exit(NLE_INVAL);
- case ARG_REPLACE: nlflags |= NLM_F_REPLACE; break;
- case 'q': quiet = 1; break;
- case '4': nfnl_exp_set_family(exp, AF_INET); break;
+ case ARG_REPLACE: nlflags |= NLM_F_REPLACE; break;
+ case 'q': quiet = 1; break;
+ case '4': nfnl_exp_set_family(exp, AF_INET); break;
case '6': nfnl_exp_set_family(exp, AF_INET6); break;
case 'h': print_usage(); break;
case 'v': nl_cli_print_version(); break;
case ARG_EXPECT_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
- case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
+ case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
- case ARG_MASK_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
case 'F': nl_cli_exp_parse_family(exp, optarg); break;
case ARG_TIMEOUT: nl_cli_exp_parse_timeout(exp, optarg); break;
- case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
+ case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
case ARG_FLAGS: nl_cli_exp_parse_flags(exp, optarg); break;
}
}
sock = nl_cli_alloc_socket();
nl_cli_connect(sock, NETLINK_NETFILTER);
- if ((err = nfnl_exp_add(sock, exp, nlflags)) < 0)
- nl_cli_fatal(err, "Unable to add expectation: %s",
- nl_geterror(err));
-
- if (!quiet) {
- printf("Added ");
- nl_object_dump(OBJ_CAST(exp), ¶ms);
- }
+ if ((err = nfnl_exp_add(sock, exp, nlflags)) < 0)
+ nl_cli_fatal(err, "Unable to add expectation: %s", nl_geterror(err));
+ if (!quiet) {
+ printf("Added ");
+ nl_object_dump(OBJ_CAST(exp), ¶ms);
+ }
return 0;
}
"Usage: nf-exp-list [OPTION]... [CONNTRACK ENTRY]\n"
"\n"
"Options\n"
- " --replace Replace the address if it exists.\n"
- " -q, --quiet Do not print informal notifications.\n"
+ " --replace Replace the address if it exists.\n"
+ " -q, --quiet Do not print informal notifications.\n"
" -h, --help Show this help\n"
" -v, --version Show versioning information\n"
"\n"
"Expectation Selection\n"
" -i, --id=NUM Identifier\n"
- " --expect-proto=PROTOCOL Expectation protocol\n"
+ " --expect-proto=PROTOCOL Expectation protocol\n"
" --expect-src=ADDR Expectation source address\n"
" --expect-sport=PORT Expectation source port\n"
" --expect-dst=ADDR Expectation destination address\n"
" --expect-dport=PORT Expectation destination port\n"
- " --master-proto=PROTOCOL Master conntrack protocol\n"
+ " --master-proto=PROTOCOL Master conntrack protocol\n"
" --master-src=ADDR Master conntrack source address\n"
" --master-sport=PORT Master conntrack source port\n"
" --master-dst=ADDR Master conntrack destination address\n"
" --master-dport=PORT Master conntrack destination port\n"
- " --mask-proto=PROTOCOL Mask protocol\n"
- " --mask-src=ADDR Mask source address\n"
- " --mask-sport=PORT Mask source port\n"
- " --mask-dst=ADDR Mask destination address\n"
- " --mask-dport=PORT Mask destination port\n"
+ " --mask-proto=PROTOCOL Mask protocol\n"
+ " --mask-src=ADDR Mask source address\n"
+ " --mask-sport=PORT Mask source port\n"
+ " --mask-dst=ADDR Mask destination address\n"
+ " --mask-dport=PORT Mask destination port\n"
" -F, --family=FAMILY Address family\n"
" --timeout=NUM Timeout value\n"
- " --helper=STRING Helper Name\n"
+ " --helper=STRING Helper Name\n"
" --flags Flags\n"
);
exit(0);
ARG_EXPECT_SPORT,
ARG_EXPECT_DST,
ARG_EXPECT_DPORT,
- ARG_MASTER_PROTO,
+ ARG_MASTER_PROTO,
ARG_MASTER_SRC,
ARG_MASTER_SPORT,
ARG_MASTER_DST,
ARG_MASTER_DPORT,
- ARG_MASK_PROTO,
- ARG_MASK_SRC,
- ARG_MASK_SPORT,
- ARG_MASK_DST,
- ARG_MASK_DPORT,
+ ARG_MASK_PROTO,
+ ARG_MASK_SRC,
+ ARG_MASK_SPORT,
+ ARG_MASK_DST,
+ ARG_MASK_DPORT,
ARG_TIMEOUT,
- ARG_HELPER_NAME,
+ ARG_HELPER_NAME,
ARG_FLAGS,
};
static struct option long_opts[] = {
- { "quiet", 0, 0, 'q' },
+ { "quiet", 0, 0, 'q' },
{ "help", 0, 0, 'h' },
{ "version", 0, 0, 'v' },
{ "id", 1, 0, 'i' },
{ "expect-sport", 1, 0, ARG_EXPECT_SPORT },
{ "expect-dst", 1, 0, ARG_EXPECT_DST },
{ "expect-dport", 1, 0, ARG_EXPECT_DPORT },
- { "master-proto", 1, 0, ARG_MASTER_PROTO },
+ { "master-proto", 1, 0, ARG_MASTER_PROTO },
{ "master-src", 1, 0, ARG_MASTER_SRC },
{ "master-sport", 1, 0, ARG_MASTER_SPORT },
{ "master-dst", 1, 0, ARG_MASTER_DST },
{ "master-dport", 1, 0, ARG_MASTER_DPORT },
- { "mask-proto", 1, 0, ARG_MASK_PROTO },
- { "mask-src", 1, 0, ARG_MASK_SRC },
- { "mask-sport", 1, 0, ARG_MASK_SPORT },
- { "mask-dst", 1, 0, ARG_MASK_DST },
- { "mask-dport", 1, 0, ARG_MASK_DPORT },
+ { "mask-proto", 1, 0, ARG_MASK_PROTO },
+ { "mask-src", 1, 0, ARG_MASK_SRC },
+ { "mask-sport", 1, 0, ARG_MASK_SPORT },
+ { "mask-dst", 1, 0, ARG_MASK_DST },
+ { "mask-dport", 1, 0, ARG_MASK_DPORT },
{ "family", 1, 0, 'F' },
{ "timeout", 1, 0, ARG_TIMEOUT },
{ "helper", 1, 0, ARG_HELPER_NAME },
- { "flags", 1, 0, ARG_FLAGS},
+ { "flags", 1, 0, ARG_FLAGS},
{ 0, 0, 0, 0 }
};
switch (c) {
case '?': exit(NLE_INVAL);
- case 'q': quiet = 1; break;
- case '4': nfnl_exp_set_family(exp, AF_INET); break;
+ case 'q': quiet = 1; break;
+ case '4': nfnl_exp_set_family(exp, AF_INET); break;
case '6': nfnl_exp_set_family(exp, AF_INET6); break;
case 'h': print_usage(); break;
case 'v': nl_cli_print_version(); break;
case ARG_EXPECT_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
- case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
+ case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
- case ARG_MASK_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
- case ARG_MASK_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
+ case ARG_MASK_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASK, optarg); break;
case 'F': nl_cli_exp_parse_family(exp, optarg); break;
case ARG_TIMEOUT: nl_cli_exp_parse_timeout(exp, optarg); break;
- case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
+ case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
case ARG_FLAGS: nl_cli_exp_parse_flags(exp, optarg); break;
}
}
sock = nl_cli_alloc_socket();
nl_cli_connect(sock, NETLINK_NETFILTER);
- if ((err = nfnl_exp_del(sock, exp, nlflags)) < 0)
- nl_cli_fatal(err, "Unable to delete expectation: %s",
- nl_geterror(err));
-
- if (!quiet) {
- printf("Deleted ");
- nl_object_dump(OBJ_CAST(exp), ¶ms);
- }
+ if ((err = nfnl_exp_del(sock, exp, nlflags)) < 0)
+ nl_cli_fatal(err, "Unable to delete expectation: %s", nl_geterror(err));
+ if (!quiet) {
+ printf("Deleted ");
+ nl_object_dump(OBJ_CAST(exp), ¶ms);
+ }
return 0;
}
"\n"
"Expectation Selection\n"
" -i, --id=NUM Identifier\n"
- " --expect-proto=PROTOCOL Expectation protocol\n"
+ " --expect-proto=PROTOCOL Expectation protocol\n"
" --expect-src=ADDR Expectation source address\n"
" --expect-sport=PORT Expectation source port\n"
" --expect-dst=ADDR Expectation destination address\n"
" --expect-dport=PORT Expectation destination port\n"
- " --master-proto=PROTOCOL Master conntrack protocol\n"
+ " --master-proto=PROTOCOL Master conntrack protocol\n"
" --master-src=ADDR Master conntrack source address\n"
" --master-sport=PORT Master conntrack source port\n"
" --master-dst=ADDR Master conntrack destination address\n"
" --master-dport=PORT Master conntrack destination port\n"
" -F, --family=FAMILY Address family\n"
" --timeout=NUM Timeout value\n"
- " --helper=STRING Helper Name\n"
+ " --helper=STRING Helper Name\n"
//" --flags Flags\n"
);
exit(0);
ARG_EXPECT_SPORT,
ARG_EXPECT_DST,
ARG_EXPECT_DPORT,
- ARG_MASTER_PROTO,
+ ARG_MASTER_PROTO,
ARG_MASTER_SRC,
ARG_MASTER_SPORT,
ARG_MASTER_DST,
ARG_MASTER_DPORT,
ARG_TIMEOUT,
- ARG_HELPER_NAME,
- //ARG_FLAGS,
+ ARG_HELPER_NAME,
+ ARG_FLAGS,
};
static struct option long_opts[] = {
{ "format", 1, 0, 'f' },
{ "expect-sport", 1, 0, ARG_EXPECT_SPORT },
{ "expect-dst", 1, 0, ARG_EXPECT_DST },
{ "expect-dport", 1, 0, ARG_EXPECT_DPORT },
- { "master-proto", 1, 0, ARG_MASTER_PROTO },
+ { "master-proto", 1, 0, ARG_MASTER_PROTO },
{ "master-src", 1, 0, ARG_MASTER_SRC },
{ "master-sport", 1, 0, ARG_MASTER_SPORT },
{ "master-dst", 1, 0, ARG_MASTER_DST },
{ "family", 1, 0, 'F' },
{ "timeout", 1, 0, ARG_TIMEOUT },
{ "helper", 1, 0, ARG_HELPER_NAME },
- //{ "flags", 1, 0, ARG_FLAGS},
+ { "flags", 1, 0, ARG_FLAGS},
{ 0, 0, 0, 0 }
};
case ARG_EXPECT_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
case ARG_EXPECT_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_EXPECT, optarg); break;
- case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
+ case ARG_MASTER_PROTO: nl_cli_exp_parse_l4protonum(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SRC: nl_cli_exp_parse_src(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_SPORT: nl_cli_exp_parse_src_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DST: nl_cli_exp_parse_dst(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case ARG_MASTER_DPORT: nl_cli_exp_parse_dst_port(exp, NFNL_EXP_TUPLE_MASTER, optarg); break;
case 'F': nl_cli_exp_parse_family(exp, optarg); break;
case ARG_TIMEOUT: nl_cli_exp_parse_timeout(exp, optarg); break;
- case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
- //case ARG_FLAGS: nl_cli_exp_parse_flags(exp, optarg); break;
+ case ARG_HELPER_NAME: nl_cli_exp_parse_helper_name(exp, optarg); break;
+ case ARG_FLAGS: nl_cli_exp_parse_flags(exp, optarg); break;
}
}
projects / libnl / commitdiff