netfilter: ctnetlink: add full support for SCTP to ctnetlink

This patch adds full support for SCTP to ctnetlink. This includes three new attributes: state, original vtag and reply vtag. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2008-06-09 18:56:39 -0400
committer: David S. Miller <davem@davemloft.net> 2008-06-09 18:56:39 -0400
commit: a258860e01b80e8f554a4ab1a6c95e6042eb8b73 (patch)
tree: 4d8782c3ca8504086a7654cf207de709e0d0865c /net/netfilter
parent: 0adf9d67489cd30bab8eb93f7de81a674e44e1c3 (diff)
1 files changed, 80 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index cbf2e27a22b2..41183a4d2d62 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -463,6 +463,82 @@ static bool sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
        return true;
 }
+#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
+                          const struct nf_conn *ct)
+{
+        struct nlattr *nest_parms;
+        read_lock_bh(&sctp_lock);
+        nest_parms = nla_nest_start(skb, CTA_PROTOINFO_SCTP | NLA_F_NESTED);
+        if (!nest_parms)
+                goto nla_put_failure;
+        NLA_PUT_U8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state);
+        NLA_PUT_BE32(skb,
+                     CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
+                     htonl(ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]));
+        NLA_PUT_BE32(skb,
+                     CTA_PROTOINFO_SCTP_VTAG_REPLY,
+                     htonl(ct->proto.sctp.vtag[IP_CT_DIR_REPLY]));
+        read_unlock_bh(&sctp_lock);
+        nla_nest_end(skb, nest_parms);
+        return 0;
+nla_put_failure:
+        read_unlock_bh(&sctp_lock);
+        return -1;
+}
+static const struct nla_policy sctp_nla_policy[CTA_PROTOINFO_SCTP_MAX+1] = {
+        [CTA_PROTOINFO_SCTP_STATE]          = { .type = NLA_U8 },
+        [CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]  = { .type = NLA_U32 },
+        [CTA_PROTOINFO_SCTP_VTAG_REPLY]     = { .type = NLA_U32 },
+};
+static int nlattr_to_sctp(struct nlattr *cda[], struct nf_conn *ct)
+{
+        struct nlattr *attr = cda[CTA_PROTOINFO_SCTP];
+        struct nlattr *tb[CTA_PROTOINFO_SCTP_MAX+1];
+        int err;
+        /* updates may not contain the internal protocol info, skip parsing */
+        if (!attr)
+                return 0;
+        err = nla_parse_nested(tb,
+                               CTA_PROTOINFO_SCTP_MAX,
+                               attr,
+                               sctp_nla_policy);
+        if (err < 0)
+                return err;
+        if (!tb[CTA_PROTOINFO_SCTP_STATE] ||
+            !tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] ||
+            !tb[CTA_PROTOINFO_SCTP_VTAG_REPLY])
+                return -EINVAL;
+        write_lock_bh(&sctp_lock);
+        ct->proto.sctp.state = nla_get_u8(tb[CTA_PROTOINFO_SCTP_STATE]);
+        ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] =
+                ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]));
+        ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
+                ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY]));
+        write_unlock_bh(&sctp_lock);
+        return 0;
+}
+#endif
 #ifdef CONFIG_SYSCTL
 static unsigned int sctp_sysctl_table_users;
 static struct ctl_table_header *sctp_sysctl_header;
@@ -591,6 +667,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
        .new                    = sctp_new,
        .me                     = THIS_MODULE,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
+        .to_nlattr              = sctp_to_nlattr,
+        .from_nlattr            = nlattr_to_sctp,
        .tuple_to_nlattr        = nf_ct_port_tuple_to_nlattr,
        .nlattr_to_tuple        = nf_ct_port_nlattr_to_tuple,
        .nla_policy             = nf_ct_port_nla_policy,
@@ -617,6 +695,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
        .new                    = sctp_new,
        .me                     = THIS_MODULE,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
+        .to_nlattr              = sctp_to_nlattr,
+        .from_nlattr            = nlattr_to_sctp,
        .tuple_to_nlattr        = nf_ct_port_tuple_to_nlattr,
        .nlattr_to_tuple        = nf_ct_port_nlattr_to_tuple,
        .nla_policy             = nf_ct_port_nla_policy,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2008-06-09 18:56:39 -0400
committer	David S. Miller <davem@davemloft.net>	2008-06-09 18:56:39 -0400
commit	a258860e01b80e8f554a4ab1a6c95e6042eb8b73 (patch)
tree	4d8782c3ca8504086a7654cf207de709e0d0865c /net/netfilter
parent	0adf9d67489cd30bab8eb93f7de81a674e44e1c3 (diff)

diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index cbf2e27a22b2..41183a4d2d62 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -463,6 +463,82 @@ static bool sctp_new(struct nf_conn ct, const struct sk_buff skb,
463	return true;	463	return true;
464	}	464	}
465		465
		466	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
		467
		468	#include <linux/netfilter/nfnetlink.h>
		469	#include <linux/netfilter/nfnetlink_conntrack.h>
		470
		471	static int sctp_to_nlattr(struct sk_buff skb, struct nlattr nla,
		472	const struct nf_conn *ct)
		473	{
		474	struct nlattr *nest_parms;
		475
		476	read_lock_bh(&sctp_lock);
		477	nest_parms = nla_nest_start(skb, CTA_PROTOINFO_SCTP \| NLA_F_NESTED);
		478	if (!nest_parms)
		479	goto nla_put_failure;
		480
		481	NLA_PUT_U8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state);
		482
		483	NLA_PUT_BE32(skb,
		484	CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
		485	htonl(ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]));
		486
		487	NLA_PUT_BE32(skb,
		488	CTA_PROTOINFO_SCTP_VTAG_REPLY,
		489	htonl(ct->proto.sctp.vtag[IP_CT_DIR_REPLY]));
		490
		491	read_unlock_bh(&sctp_lock);
		492
		493	nla_nest_end(skb, nest_parms);
		494
		495	return 0;
		496
		497	nla_put_failure:
		498	read_unlock_bh(&sctp_lock);
		499	return -1;
		500	}
		501
		502	static const struct nla_policy sctp_nla_policy[CTA_PROTOINFO_SCTP_MAX+1] = {
		503	[CTA_PROTOINFO_SCTP_STATE] = { .type = NLA_U8 },
		504	[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] = { .type = NLA_U32 },
		505	[CTA_PROTOINFO_SCTP_VTAG_REPLY] = { .type = NLA_U32 },
		506	};
		507
		508	static int nlattr_to_sctp(struct nlattr cda[], struct nf_conn ct)
		509	{
		510	struct nlattr *attr = cda[CTA_PROTOINFO_SCTP];
		511	struct nlattr *tb[CTA_PROTOINFO_SCTP_MAX+1];
		512	int err;
		513
		514	/* updates may not contain the internal protocol info, skip parsing */
		515	if (!attr)
		516	return 0;
		517
		518	err = nla_parse_nested(tb,
		519	CTA_PROTOINFO_SCTP_MAX,
		520	attr,
		521	sctp_nla_policy);
		522	if (err < 0)
		523	return err;
		524
		525	if (!tb[CTA_PROTOINFO_SCTP_STATE] \|\|
		526	!tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] \|\|
		527	!tb[CTA_PROTOINFO_SCTP_VTAG_REPLY])
		528	return -EINVAL;
		529
		530	write_lock_bh(&sctp_lock);
		531	ct->proto.sctp.state = nla_get_u8(tb[CTA_PROTOINFO_SCTP_STATE]);
		532	ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] =
		533	ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]));
		534	ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
		535	ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY]));
		536	write_unlock_bh(&sctp_lock);
		537
		538	return 0;
		539	}
		540	#endif
		541
466	#ifdef CONFIG_SYSCTL	542	#ifdef CONFIG_SYSCTL
467	static unsigned int sctp_sysctl_table_users;	543	static unsigned int sctp_sysctl_table_users;
468	static struct ctl_table_header *sctp_sysctl_header;	544	static struct ctl_table_header *sctp_sysctl_header;
@@ -591,6 +667,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
591	.new = sctp_new,	667	.new = sctp_new,
592	.me = THIS_MODULE,	668	.me = THIS_MODULE,
593	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)	669	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
		670	.to_nlattr = sctp_to_nlattr,
		671	.from_nlattr = nlattr_to_sctp,
594	.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,	672	.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
595	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,	673	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
596	.nla_policy = nf_ct_port_nla_policy,	674	.nla_policy = nf_ct_port_nla_policy,
@@ -617,6 +695,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
617	.new = sctp_new,	695	.new = sctp_new,
618	.me = THIS_MODULE,	696	.me = THIS_MODULE,
619	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)	697	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
		698	.to_nlattr = sctp_to_nlattr,
		699	.from_nlattr = nlattr_to_sctp,
620	.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,	700	.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
621	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,	701	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
622	.nla_policy = nf_ct_port_nla_policy,	702	.nla_policy = nf_ct_port_nla_policy,