18a44513648da0c5f5551f96b329cf56b66f5b303pkanwar/* 28a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org> 38a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * 48a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * This program is free software; you can redistribute it and/or modify it 58a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * under the terms of the GNU General Public License as published by 68a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * the Free Software Foundation; either version 2 of the License, or 78a44513648da0c5f5551f96b329cf56b66f5b303pkanwar * (at your option) any later version. 88a44513648da0c5f5551f96b329cf56b66f5b303pkanwar */ 98a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 108a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include "internal/internal.h" 118a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 128a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_l4proto(struct nfct_filter *filter, const void *value) 138a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 148a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->l4proto_len >= __FILTER_L4PROTO_MAX) 158a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 168a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 178a44513648da0c5f5551f96b329cf56b66f5b303pkanwar set_bit(*((int *) value), filter->l4proto_map); 188a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l4proto_len++; 198a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 208a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 218a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void 228a44513648da0c5f5551f96b329cf56b66f5b303pkanwarfilter_attr_l4proto_state(struct nfct_filter *filter, const void *value) 238a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 248a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_proto *this = value; 258a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 268a44513648da0c5f5551f96b329cf56b66f5b303pkanwar set_bit_u16(this->state, &filter->l4proto_state[this->proto].map); 278a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l4proto_state[this->proto].len++; 288a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 298a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 308a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value) 318a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 328a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_ipv4 *this = value; 338a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 348a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->l3proto_elems[0] >= __FILTER_ADDR_MAX) 358a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 368a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 378a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr; 388a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask; 398a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto_elems[0]++; 408a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 418a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 428a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value) 438a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 448a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_ipv4 *this = value; 458a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 468a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->l3proto_elems[1] >= __FILTER_ADDR_MAX) 478a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 488a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 498a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr; 508a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask; 518a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto_elems[1]++; 528a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 538a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 548a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_src_ipv6(struct nfct_filter *filter, const void *value) 558a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 568a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_ipv6 *this = value; 578a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 588a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->l3proto_elems_ipv6[0] >= __FILTER_IPV6_MAX) 598a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 608a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 618a44513648da0c5f5551f96b329cf56b66f5b303pkanwar memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr, 628a44513648da0c5f5551f96b329cf56b66f5b303pkanwar this->addr, sizeof(uint32_t)*4); 638a44513648da0c5f5551f96b329cf56b66f5b303pkanwar memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask, 648a44513648da0c5f5551f96b329cf56b66f5b303pkanwar this->mask, sizeof(uint32_t)*4); 658a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto_elems_ipv6[0]++; 668a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 678a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 688a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_dst_ipv6(struct nfct_filter *filter, const void *value) 698a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 708a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_ipv6 *this = value; 718a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 728a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->l3proto_elems_ipv6[1] >= __FILTER_IPV6_MAX) 738a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 748a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 758a44513648da0c5f5551f96b329cf56b66f5b303pkanwar memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr, 768a44513648da0c5f5551f96b329cf56b66f5b303pkanwar this->addr, sizeof(uint32_t)*4); 778a44513648da0c5f5551f96b329cf56b66f5b303pkanwar memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask, 788a44513648da0c5f5551f96b329cf56b66f5b303pkanwar this->mask, sizeof(uint32_t)*4); 798a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->l3proto_elems_ipv6[1]++; 808a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 818a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 828a44513648da0c5f5551f96b329cf56b66f5b303pkanwarstatic void filter_attr_mark(struct nfct_filter *filter, const void *value) 838a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 848a44513648da0c5f5551f96b329cf56b66f5b303pkanwar const struct nfct_filter_dump_mark *this = value; 858a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 868a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (filter->mark_elems >= __FILTER_MARK_MAX) 878a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return; 888a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 898a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->mark[filter->mark_elems].val = this->val; 908a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->mark[filter->mark_elems].mask = this->mask; 918a44513648da0c5f5551f96b329cf56b66f5b303pkanwar filter->mark_elems++; 928a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 938a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 948a44513648da0c5f5551f96b329cf56b66f5b303pkanwarconst filter_attr filter_attr_array[NFCT_FILTER_MAX] = { 958a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_L4PROTO] = filter_attr_l4proto, 968a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_L4PROTO_STATE] = filter_attr_l4proto_state, 978a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_SRC_IPV4] = filter_attr_src_ipv4, 988a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_DST_IPV4] = filter_attr_dst_ipv4, 998a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_SRC_IPV6] = filter_attr_src_ipv6, 1008a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_DST_IPV6] = filter_attr_dst_ipv6, 1018a44513648da0c5f5551f96b329cf56b66f5b303pkanwar [NFCT_FILTER_MARK] = filter_attr_mark, 1028a44513648da0c5f5551f96b329cf56b66f5b303pkanwar}; 103