[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration con
From: |
Eric Leblond |
Subject: |
[Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection |
Date: |
Fri, 07 Apr 2006 23:59:18 +0200 |
User-agent: |
Debian Thunderbird 1.0.7 (X11/20051017) |
Hi,
This patch add support for the IPS_FIXED_TIMEOUT state.
BR,
--
Regit
Index: include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
===================================================================
--- include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h (révision 6576)
+++ include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h (copie de
travail)
@@ -29,6 +29,7 @@
CTA_HELP,
CTA_NAT,
CTA_TIMEOUT,
+ CTA_FIXED_TIMEOUT,
CTA_MARK,
CTA_COUNTERS_ORIG,
CTA_COUNTERS_REPLY,
Index: include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- include/libnetfilter_conntrack/libnetfilter_conntrack.h (révision 6576)
+++ include/libnetfilter_conntrack/libnetfilter_conntrack.h (copie de
travail)
@@ -89,6 +89,7 @@
struct nfct_tuple tuple[NFCT_DIR_MAX];
u_int32_t timeout;
+ u_int32_t fixed_timeout;
u_int32_t mark;
u_int32_t status;
u_int32_t use;
@@ -125,19 +126,22 @@
NFCT_TIMEOUT_BIT = 2,
NFCT_TIMEOUT = (1 << NFCT_TIMEOUT_BIT),
- NFCT_MARK_BIT = 3,
+ NFCT_FIXED_TIMEOUT_BIT = 3,
+ NFCT_FIXED_TIMEOUT = (1 << NFCT_FIXED_TIMEOUT_BIT),
+
+ NFCT_MARK_BIT = 4,
NFCT_MARK = (1 << NFCT_MARK_BIT),
- NFCT_COUNTERS_ORIG_BIT = 4,
+ NFCT_COUNTERS_ORIG_BIT = 5,
NFCT_COUNTERS_ORIG = (1 << NFCT_COUNTERS_ORIG_BIT),
- NFCT_COUNTERS_RPLY_BIT = 5,
+ NFCT_COUNTERS_RPLY_BIT = 6,
NFCT_COUNTERS_RPLY = (1 << NFCT_COUNTERS_RPLY_BIT),
- NFCT_USE_BIT = 6,
+ NFCT_USE_BIT = 7,
NFCT_USE = (1 << NFCT_USE_BIT),
- NFCT_ID_BIT = 7,
+ NFCT_ID_BIT = 8,
NFCT_ID = (1 << NFCT_ID_BIT)
};
Index: src/libnetfilter_conntrack.c
===================================================================
--- src/libnetfilter_conntrack.c (révision 6576)
+++ src/libnetfilter_conntrack.c (copie de travail)
@@ -548,6 +548,11 @@
flags |= NFCT_TIMEOUT;
}
+ if (cda[CTA_FIXED_TIMEOUT-1]) {
+ ct.fixed_timeout = ntohl(*(u_int32_t
*)NFA_DATA(cda[CTA_FIXED_TIMEOUT-1]));
+ flags |= NFCT_FIXED_TIMEOUT;
+ }
+
if (cda[CTA_MARK-1]) {
ct.mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
flags |= NFCT_MARK;
@@ -596,6 +601,13 @@
return sprintf(buf, "%u ", ct->timeout);
}
+int nfct_sprintf_fixed_timeout(char *buf, struct nfct_conntrack *ct)
+{
+ return sprintf(buf, "%u ", ct->fixed_timeout);
+}
+
+
+
int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct)
{
int size = 0;
@@ -664,7 +676,10 @@
if (flags & NFCT_TIMEOUT)
size += nfct_sprintf_timeout(buf+size, ct);
- if (flags & NFCT_PROTOINFO)
+ if (flags & NFCT_FIXED_TIMEOUT)
+ size += nfct_sprintf_fixed_timeout(buf+size, ct);
+
+ if (flags & NFCT_PROTOINFO)
size += nfct_sprintf_protoinfo(buf+size, ct);
size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
@@ -954,6 +969,7 @@
char buf[NFCT_BUFSIZE];
u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
u_int32_t timeout = htonl(ct->timeout);
+ u_int32_t fixed_timeout = htonl(ct->fixed_timeout);
u_int32_t mark = htonl(ct->mark);
u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
@@ -975,6 +991,10 @@
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout,
sizeof(u_int32_t));
+
+ if (fixed_timeout)
+ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_FIXED_TIMEOUT,
&fixed_timeout,
+ sizeof(u_int32_t));
if (ct->mark != 0)
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
@@ -993,6 +1013,7 @@
char buf[NFCT_BUFSIZE];
u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
u_int32_t timeout = htonl(ct->timeout);
+ u_int32_t fixed_timeout = htonl(ct->fixed_timeout);
u_int32_t id = htonl(ct->id);
u_int32_t mark = htonl(ct->mark);
u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
@@ -1015,7 +1036,12 @@
if (ct->timeout != 0)
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout,
sizeof(u_int32_t));
+
+ if (ct->fixed_timeout != 0)
+ nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_FIXED_TIMEOUT,
&fixed_timeout,
+ sizeof(u_int32_t));
+
if (ct->mark != 0)
nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
sizeof(u_int32_t));
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, (continued)
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Harald Welte, 2006/04/12
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Harald Welte, 2006/04/12
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Patrick McHardy, 2006/04/12
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Eric Leblond, 2006/04/13
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Patrick McHardy, 2006/04/20
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Eric Leblond, 2006/04/21
- [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, Patrick McHardy, 2006/04/21
- [Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection,
Eric Leblond <=
- [Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection, Patrick McHardy, 2006/04/08
- [Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection, Eric Leblond, 2006/04/08
- [Nufw-devel] Re: [PATCH 0/3] [conntrack] fixed duration connection, Eric Leblond, 2006/04/07
- [Nufw-devel] Re: [PATCH 3/3] [conntrack] fixed duration connection, Eric Leblond, 2006/04/07