[Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration con

nufw-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration con

From:	Eric Leblond
Subject:	[Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection
Date:	Fri, 07 Apr 2006 23:59:18 +0200
User-agent:	Debian Thunderbird 1.0.7 (X11/20051017)

Hi,

This patch add support for the IPS_FIXED_TIMEOUT state.

BR,
--
Regit

Index: include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
===================================================================
--- include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h  (rÃ©vision 6576)
+++ include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h  (copie de 
travail)
@@ -29,6 +29,7 @@
        CTA_HELP,
        CTA_NAT,
        CTA_TIMEOUT,
+       CTA_FIXED_TIMEOUT,
        CTA_MARK,
        CTA_COUNTERS_ORIG,
        CTA_COUNTERS_REPLY,
Index: include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- include/libnetfilter_conntrack/libnetfilter_conntrack.h     (rÃ©vision 6576)
+++ include/libnetfilter_conntrack/libnetfilter_conntrack.h     (copie de 
travail)
@@ -89,6 +89,7 @@
        struct nfct_tuple tuple[NFCT_DIR_MAX];
        
        u_int32_t       timeout;
+       u_int32_t       fixed_timeout;
        u_int32_t       mark;
        u_int32_t       status;
        u_int32_t       use;
@@ -125,19 +126,22 @@
        NFCT_TIMEOUT_BIT = 2,
        NFCT_TIMEOUT = (1 << NFCT_TIMEOUT_BIT),
 
-       NFCT_MARK_BIT = 3,
+        NFCT_FIXED_TIMEOUT_BIT = 3,
+       NFCT_FIXED_TIMEOUT = (1 << NFCT_FIXED_TIMEOUT_BIT),
+
+       NFCT_MARK_BIT = 4,
        NFCT_MARK = (1 << NFCT_MARK_BIT),
 
-       NFCT_COUNTERS_ORIG_BIT = 4,
+       NFCT_COUNTERS_ORIG_BIT = 5,
        NFCT_COUNTERS_ORIG = (1 << NFCT_COUNTERS_ORIG_BIT),
 
-       NFCT_COUNTERS_RPLY_BIT = 5,
+       NFCT_COUNTERS_RPLY_BIT = 6,
        NFCT_COUNTERS_RPLY = (1 << NFCT_COUNTERS_RPLY_BIT),
 
-       NFCT_USE_BIT = 6,
+       NFCT_USE_BIT = 7,
        NFCT_USE = (1 << NFCT_USE_BIT),
 
-       NFCT_ID_BIT = 7,
+       NFCT_ID_BIT = 8,
        NFCT_ID = (1 << NFCT_ID_BIT)
 };
 
Index: src/libnetfilter_conntrack.c
===================================================================
--- src/libnetfilter_conntrack.c        (rÃ©vision 6576)
+++ src/libnetfilter_conntrack.c        (copie de travail)
@@ -548,6 +548,11 @@
                flags |= NFCT_TIMEOUT;
        }
        
+        if (cda[CTA_FIXED_TIMEOUT-1]) {
+               ct.fixed_timeout = ntohl(*(u_int32_t 
*)NFA_DATA(cda[CTA_FIXED_TIMEOUT-1]));
+               flags |= NFCT_FIXED_TIMEOUT;
+       }
+
        if (cda[CTA_MARK-1]) {
                ct.mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
                flags |= NFCT_MARK;
@@ -596,6 +601,13 @@
        return sprintf(buf, "%u ", ct->timeout);
 }
 
+int nfct_sprintf_fixed_timeout(char *buf, struct nfct_conntrack *ct)
+{
+       return sprintf(buf, "%u ", ct->fixed_timeout);
+}
+
+
+
 int nfct_sprintf_protoinfo(char *buf, struct nfct_conntrack *ct)
 {
        int size = 0;
@@ -664,7 +676,10 @@
        if (flags & NFCT_TIMEOUT)
                size += nfct_sprintf_timeout(buf+size, ct);
 
-        if (flags & NFCT_PROTOINFO)
+       if (flags & NFCT_FIXED_TIMEOUT)
+               size += nfct_sprintf_fixed_timeout(buf+size, ct);
+
+    if (flags & NFCT_PROTOINFO)
                size += nfct_sprintf_protoinfo(buf+size, ct);
 
        size += nfct_sprintf_address(buf+size, &ct->tuple[NFCT_DIR_ORIGINAL]);
@@ -954,6 +969,7 @@
        char buf[NFCT_BUFSIZE];
        u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
        u_int32_t timeout = htonl(ct->timeout);
+       u_int32_t fixed_timeout = htonl(ct->fixed_timeout);
        u_int32_t mark = htonl(ct->mark);
        u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
 
@@ -975,6 +991,10 @@
 
        nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout, 
                       sizeof(u_int32_t));
+
+        if (fixed_timeout)
+               nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_FIXED_TIMEOUT, 
&fixed_timeout, 
+                              sizeof(u_int32_t));
        
        if (ct->mark != 0)
                nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
@@ -993,6 +1013,7 @@
        char buf[NFCT_BUFSIZE];
        u_int32_t status = htonl(ct->status | IPS_CONFIRMED);
        u_int32_t timeout = htonl(ct->timeout);
+       u_int32_t fixed_timeout = htonl(ct->fixed_timeout);
        u_int32_t id = htonl(ct->id);
        u_int32_t mark = htonl(ct->mark);
        u_int8_t l3num = ct->tuple[NFCT_DIR_ORIGINAL].l3protonum;
@@ -1015,7 +1036,12 @@
        if (ct->timeout != 0)
                nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_TIMEOUT, &timeout, 
                               sizeof(u_int32_t));
+
+        if (ct->fixed_timeout != 0)
+               nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_FIXED_TIMEOUT, 
&fixed_timeout, 
+                              sizeof(u_int32_t));
        
+       
        if (ct->mark != 0)
                nfnl_addattr_l(&req->nlh, sizeof(buf), CTA_MARK, &mark,
                               sizeof(u_int32_t));

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection, (continued)

Prev by Date: [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection
Next by Date: [Nufw-devel] Re: [PATCH 0/3] [conntrack] fixed duration connection
Previous by thread: [Nufw-devel] Re: [PATCH 1/3] [kernel patch] fixed duration connection
Next by thread: [Nufw-devel] Re: [PATCH 2/3] [libnetfilter_conntrack] fixed duration connection
Index(es):
- Date
- Thread