filter.c revision 8a44513648da0c5f5551f96b329cf56b66f5b303 
1/*
2 * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 */
9
10#include "internal/internal.h"
11
12static void filter_attr_l4proto(struct nfct_filter *filter, const void *value)
13{
14	if (filter->l4proto_len >= __FILTER_L4PROTO_MAX)
15		return;
16
17	set_bit(*((int *) value), filter->l4proto_map);
18	filter->l4proto_len++;
19}
20
21static void
22filter_attr_l4proto_state(struct nfct_filter *filter, const void *value)
23{
24	const struct nfct_filter_proto *this = value;
25
26	set_bit_u16(this->state, &filter->l4proto_state[this->proto].map);
27	filter->l4proto_state[this->proto].len++;
28}
29
30static void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value)
31{
32	const struct nfct_filter_ipv4 *this = value;
33
34	if (filter->l3proto_elems[0] >= __FILTER_ADDR_MAX)
35		return;
36
37	filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr;
38	filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask;
39	filter->l3proto_elems[0]++;
40}
41
42static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value)
43{
44	const struct nfct_filter_ipv4 *this = value;
45
46	if (filter->l3proto_elems[1] >= __FILTER_ADDR_MAX)
47		return;
48
49	filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr;
50	filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask;
51	filter->l3proto_elems[1]++;
52}
53
54static void filter_attr_src_ipv6(struct nfct_filter *filter, const void *value)
55{
56	const struct nfct_filter_ipv6 *this = value;
57
58	if (filter->l3proto_elems_ipv6[0] >= __FILTER_IPV6_MAX)
59		return;
60
61	memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr,
62	       this->addr, sizeof(uint32_t)*4);
63	memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask,
64	       this->mask, sizeof(uint32_t)*4);
65	filter->l3proto_elems_ipv6[0]++;
66}
67
68static void filter_attr_dst_ipv6(struct nfct_filter *filter, const void *value)
69{
70	const struct nfct_filter_ipv6 *this = value;
71
72	if (filter->l3proto_elems_ipv6[1] >= __FILTER_IPV6_MAX)
73		return;
74
75	memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr,
76	       this->addr, sizeof(uint32_t)*4);
77	memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask,
78	       this->mask, sizeof(uint32_t)*4);
79	filter->l3proto_elems_ipv6[1]++;
80}
81
82static void filter_attr_mark(struct nfct_filter *filter, const void *value)
83{
84	const struct nfct_filter_dump_mark *this = value;
85
86	if (filter->mark_elems >= __FILTER_MARK_MAX)
87		return;
88
89	filter->mark[filter->mark_elems].val = this->val;
90	filter->mark[filter->mark_elems].mask = this->mask;
91	filter->mark_elems++;
92}
93
94const filter_attr filter_attr_array[NFCT_FILTER_MAX] = {
95	[NFCT_FILTER_L4PROTO]		= filter_attr_l4proto,
96	[NFCT_FILTER_L4PROTO_STATE]	= filter_attr_l4proto_state,
97	[NFCT_FILTER_SRC_IPV4]		= filter_attr_src_ipv4,
98	[NFCT_FILTER_DST_IPV4]		= filter_attr_dst_ipv4,
99	[NFCT_FILTER_SRC_IPV6]		= filter_attr_src_ipv6,
100	[NFCT_FILTER_DST_IPV6]		= filter_attr_dst_ipv6,
101	[NFCT_FILTER_MARK]		= filter_attr_mark,
102};
103