1 /* 2 * (C) 2005-2011 by Pablo Neira Ayuso <pablo (at) netfilter.org> 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 */ 9 10 #include "internal/internal.h" 11 #include <linux/icmp.h> 12 #include <linux/icmpv6.h> 13 14 static const uint8_t invmap_icmp[] = { 15 [ICMP_ECHO] = ICMP_ECHOREPLY + 1, 16 [ICMP_ECHOREPLY] = ICMP_ECHO + 1, 17 [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, 18 [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, 19 [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, 20 [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, 21 [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, 22 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 23 }; 24 25 #ifndef ICMPV6_NI_QUERY 26 #define ICMPV6_NI_QUERY 139 27 #endif 28 29 #ifndef ICMPV6_NI_REPLY 30 #define ICMPV6_NI_REPLY 140 31 #endif 32 33 static const uint8_t invmap_icmpv6[] = { 34 [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1, 35 [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1, 36 [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1, 37 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1 38 }; 39 40 static void 41 set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len) 42 { 43 ct->head.orig.src.v4 = *((uint32_t *) value); 44 } 45 46 static void 47 set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len) 48 { 49 ct->head.orig.dst.v4 = *((uint32_t *) value); 50 } 51 52 static void 53 set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len) 54 { 55 ct->repl.src.v4 = *((uint32_t *) value); 56 } 57 58 static void 59 set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len) 60 { 61 ct->repl.dst.v4 = *((uint32_t *) value); 62 } 63 64 static void 65 set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len) 66 { 67 memcpy(&ct->head.orig.src.v6, value, sizeof(uint32_t)*4); 68 } 69 70 static void 71 set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len) 72 { 73 memcpy(&ct->head.orig.dst.v6, value, sizeof(uint32_t)*4); 74 } 75 76 static void 77 set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len) 78 { 79 memcpy(&ct->repl.src.v6, value, sizeof(uint32_t)*4); 80 } 81 82 static void 83 set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len) 84 { 85 memcpy(&ct->repl.dst.v6, value, sizeof(uint32_t)*4); 86 } 87 88 static void 89 set_attr_orig_port_src(struct nf_conntrack *ct, const void *value, size_t len) 90 { 91 ct->head.orig.l4src.all = *((uint16_t *) value); 92 } 93 94 static void 95 set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value, size_t len) 96 { 97 ct->head.orig.l4dst.all = *((uint16_t *) value); 98 } 99 100 static void 101 set_attr_repl_port_src(struct nf_conntrack *ct, const void *value, size_t len) 102 { 103 ct->repl.l4src.all = *((uint16_t *) value); 104 } 105 106 static void 107 set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value, size_t len) 108 { 109 ct->repl.l4dst.all = *((uint16_t *) value); 110 } 111 112 static void 113 set_attr_orig_zone(struct nf_conntrack *ct, const void *value, size_t len) 114 { 115 ct->head.orig.zone = *((uint16_t *) value); 116 } 117 118 static void 119 set_attr_repl_zone(struct nf_conntrack *ct, const void *value, size_t len) 120 { 121 ct->repl.zone = *((uint16_t *) value); 122 } 123 124 static void 125 set_attr_icmp_type(struct nf_conntrack *ct, const void *value, size_t len) 126 { 127 uint8_t rtype; 128 129 ct->head.orig.l4dst.icmp.type = *((uint8_t *) value); 130 131 switch(ct->head.orig.l3protonum) { 132 case AF_INET: 133 rtype = invmap_icmp[*((uint8_t *) value)]; 134 break; 135 136 case AF_INET6: 137 rtype = invmap_icmpv6[*((uint8_t *) value) - 128]; 138 break; 139 140 default: 141 rtype = 0; /* not found */ 142 } 143 144 if (rtype) 145 ct->repl.l4dst.icmp.type = rtype - 1; 146 else 147 ct->repl.l4dst.icmp.type = 255; /* will fail with -EINVAL */ 148 149 } 150 151 static void 152 set_attr_icmp_code(struct nf_conntrack *ct, const void *value, size_t len) 153 { 154 ct->head.orig.l4dst.icmp.code = *((uint8_t *) value); 155 ct->repl.l4dst.icmp.code = *((uint8_t *) value); 156 } 157 158 static void 159 set_attr_icmp_id(struct nf_conntrack *ct, const void *value, size_t len) 160 { 161 ct->head.orig.l4src.icmp.id = *((uint16_t *) value); 162 ct->repl.l4src.icmp.id = *((uint16_t *) value); 163 } 164 165 static void 166 set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value, size_t len) 167 { 168 ct->head.orig.l3protonum = *((uint8_t *) value); 169 } 170 171 static void 172 set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value, size_t len) 173 { 174 ct->repl.l3protonum = *((uint8_t *) value); 175 } 176 177 static void 178 set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value, size_t len) 179 { 180 ct->head.orig.protonum = *((uint8_t *) value); 181 } 182 183 static void 184 set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value, size_t len) 185 { 186 ct->repl.protonum = *((uint8_t *) value); 187 } 188 189 static void 190 set_attr_tcp_state(struct nf_conntrack *ct, const void *value, size_t len) 191 { 192 ct->protoinfo.tcp.state = *((uint8_t *) value); 193 } 194 195 static void 196 set_attr_tcp_flags_orig(struct nf_conntrack *ct, const void *value, size_t len) 197 { 198 ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((uint8_t *) value); 199 } 200 201 static void 202 set_attr_tcp_mask_orig(struct nf_conntrack *ct, const void *value, size_t len) 203 { 204 ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((uint8_t *) value); 205 } 206 207 static void 208 set_attr_tcp_flags_repl(struct nf_conntrack *ct, const void *value, size_t len) 209 { 210 ct->protoinfo.tcp.flags[__DIR_REPL].value = *((uint8_t *) value); 211 } 212 213 static void 214 set_attr_tcp_mask_repl(struct nf_conntrack *ct, const void *value, size_t len) 215 { 216 ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((uint8_t *) value); 217 } 218 219 static void 220 set_attr_sctp_state(struct nf_conntrack *ct, const void *value, size_t len) 221 { 222 ct->protoinfo.sctp.state = *((uint8_t *) value); 223 } 224 225 static void 226 set_attr_sctp_vtag_orig(struct nf_conntrack *ct, const void *value, size_t len) 227 { 228 ct->protoinfo.sctp.vtag[__DIR_ORIG] = *((uint32_t *) value); 229 } 230 231 static void 232 set_attr_sctp_vtag_repl(struct nf_conntrack *ct, const void *value, size_t len) 233 { 234 ct->protoinfo.sctp.vtag[__DIR_REPL] = *((uint32_t *) value); 235 } 236 237 static void 238 set_attr_snat_ipv4(struct nf_conntrack *ct, const void *value, size_t len) 239 { 240 ct->snat.min_ip.v4 = ct->snat.max_ip.v4 = *((uint32_t *) value); 241 } 242 243 static void 244 set_attr_dnat_ipv4(struct nf_conntrack *ct, const void *value, size_t len) 245 { 246 ct->dnat.min_ip.v4 = ct->dnat.max_ip.v4 = *((uint32_t *) value); 247 } 248 249 static void 250 set_attr_snat_ipv6(struct nf_conntrack *ct, const void *value, size_t len) 251 { 252 memcpy(&ct->snat.min_ip.v6, value, sizeof(struct in6_addr)); 253 memcpy(&ct->snat.max_ip.v6, value, sizeof(struct in6_addr)); 254 } 255 256 static void 257 set_attr_dnat_ipv6(struct nf_conntrack *ct, const void *value, size_t len) 258 { 259 memcpy(&ct->dnat.min_ip.v6, value, sizeof(struct in6_addr)); 260 memcpy(&ct->dnat.max_ip.v6, value, sizeof(struct in6_addr)); 261 } 262 263 static void 264 set_attr_snat_port(struct nf_conntrack *ct, const void *value, size_t len) 265 { 266 ct->snat.l4min.all = ct->snat.l4max.all = *((uint16_t *) value); 267 } 268 269 static void 270 set_attr_dnat_port(struct nf_conntrack *ct, const void *value, size_t len) 271 { 272 ct->dnat.l4min.all = ct->dnat.l4max.all = *((uint16_t *) value); 273 } 274 275 static void 276 set_attr_timeout(struct nf_conntrack *ct, const void *value, size_t len) 277 { 278 ct->timeout = *((uint32_t *) value); 279 } 280 281 static void 282 set_attr_mark(struct nf_conntrack *ct, const void *value, size_t len) 283 { 284 ct->mark = *((uint32_t *) value); 285 } 286 287 static void 288 set_attr_secmark(struct nf_conntrack *ct, const void *value, size_t len) 289 { 290 ct->secmark = *((uint32_t *) value); 291 } 292 293 static void 294 set_attr_status(struct nf_conntrack *ct, const void *value, size_t len) 295 { 296 ct->status = *((uint32_t *) value); 297 } 298 299 static void 300 set_attr_id(struct nf_conntrack *ct, const void *value, size_t len) 301 { 302 ct->id = *((uint32_t *) value); 303 } 304 305 static void 306 set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len) 307 { 308 ct->master.src.v4 = *((uint32_t *) value); 309 } 310 311 static void 312 set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len) 313 { 314 ct->master.dst.v4 = *((uint32_t *) value); 315 } 316 317 static void 318 set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len) 319 { 320 memcpy(&ct->master.src.v6, value, sizeof(uint32_t)*4); 321 } 322 323 static void 324 set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len) 325 { 326 memcpy(&ct->master.dst.v6, value, sizeof(uint32_t)*4); 327 } 328 329 static void 330 set_attr_master_port_src(struct nf_conntrack *ct, const void *value, size_t len) 331 { 332 ct->master.l4src.all = *((uint16_t *) value); 333 } 334 335 static void 336 set_attr_master_port_dst(struct nf_conntrack *ct, const void *value, size_t len) 337 { 338 ct->master.l4dst.all = *((uint16_t *) value); 339 } 340 341 static void 342 set_attr_master_l3proto(struct nf_conntrack *ct, const void *value, size_t len) 343 { 344 ct->master.l3protonum = *((uint8_t *) value); 345 } 346 347 static void 348 set_attr_master_l4proto(struct nf_conntrack *ct, const void *value, size_t len) 349 { 350 ct->master.protonum = *((uint8_t *) value); 351 } 352 353 static void 354 set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value, size_t len) 355 { 356 ct->natseq[__DIR_ORIG].correction_pos = *((uint32_t *) value); 357 } 358 359 static void 360 set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value, size_t len) 361 { 362 ct->natseq[__DIR_ORIG].offset_before = *((uint32_t *) value); 363 } 364 365 static void 366 set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value, size_t len) 367 { 368 ct->natseq[__DIR_ORIG].offset_after = *((uint32_t *) value); 369 } 370 371 static void 372 set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value, size_t len) 373 { 374 ct->natseq[__DIR_REPL].correction_pos = *((uint32_t *) value); 375 } 376 377 static void 378 set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value, size_t len) 379 { 380 ct->natseq[__DIR_REPL].offset_before = *((uint32_t *) value); 381 } 382 383 static void 384 set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value, size_t len) 385 { 386 ct->natseq[__DIR_REPL].offset_after = *((uint32_t *) value); 387 } 388 389 static void 390 set_attr_helper_name(struct nf_conntrack *ct, const void *value, size_t len) 391 { 392 strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX); 393 ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0'; 394 } 395 396 static void 397 set_attr_dccp_state(struct nf_conntrack *ct, const void *value, size_t len) 398 { 399 ct->protoinfo.dccp.state = *((uint8_t *) value); 400 } 401 402 static void 403 set_attr_dccp_role(struct nf_conntrack *ct, const void *value, size_t len) 404 { 405 ct->protoinfo.dccp.role = *((uint8_t *) value); 406 } 407 408 static void 409 set_attr_dccp_handshake_seq(struct nf_conntrack *ct, const void *value, 410 size_t len) 411 { 412 ct->protoinfo.dccp.handshake_seq = *((uint64_t *) value); 413 } 414 415 static void 416 set_attr_tcp_wscale_orig(struct nf_conntrack *ct, const void *value, size_t len) 417 { 418 ct->protoinfo.tcp.wscale[__DIR_ORIG] = *((uint8_t *) value); 419 } 420 421 static void 422 set_attr_tcp_wscale_repl(struct nf_conntrack *ct, const void *value, size_t len) 423 { 424 ct->protoinfo.tcp.wscale[__DIR_REPL] = *((uint8_t *) value); 425 } 426 427 static void 428 set_attr_zone(struct nf_conntrack *ct, const void *value, size_t len) 429 { 430 ct->zone = *((uint16_t *) value); 431 } 432 433 static void 434 set_attr_helper_info(struct nf_conntrack *ct, const void *value, size_t len) 435 { 436 if (ct->helper_info == NULL) { 437 retry: 438 ct->helper_info = calloc(1, len); 439 if (ct->helper_info == NULL) 440 return; 441 442 memcpy(ct->helper_info, value, len); 443 } else { 444 free(ct->helper_info); 445 goto retry; 446 } 447 } 448 449 static void 450 do_set_attr_connlabels(struct nfct_bitmask *current, const void *value) 451 { 452 if (current && current != value) 453 nfct_bitmask_destroy(current); 454 } 455 456 static void 457 set_attr_connlabels(struct nf_conntrack *ct, const void *value, size_t len) 458 { 459 do_set_attr_connlabels(ct->connlabels, value); 460 ct->connlabels = (void *) value; 461 } 462 463 static void 464 set_attr_connlabels_mask(struct nf_conntrack *ct, const void *value, size_t len) 465 { 466 do_set_attr_connlabels(ct->connlabels_mask, value); 467 ct->connlabels_mask = (void *) value; 468 } 469 470 static void 471 set_attr_do_nothing(struct nf_conntrack *ct, const void *value, size_t len) {} 472 473 const set_attr set_attr_array[ATTR_MAX] = { 474 [ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src, 475 [ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst, 476 [ATTR_REPL_IPV4_SRC] = set_attr_repl_ipv4_src, 477 [ATTR_REPL_IPV4_DST] = set_attr_repl_ipv4_dst, 478 [ATTR_ORIG_IPV6_SRC] = set_attr_orig_ipv6_src, 479 [ATTR_ORIG_IPV6_DST] = set_attr_orig_ipv6_dst, 480 [ATTR_REPL_IPV6_SRC] = set_attr_repl_ipv6_src, 481 [ATTR_REPL_IPV6_DST] = set_attr_repl_ipv6_dst, 482 [ATTR_ORIG_PORT_SRC] = set_attr_orig_port_src, 483 [ATTR_ORIG_PORT_DST] = set_attr_orig_port_dst, 484 [ATTR_REPL_PORT_SRC] = set_attr_repl_port_src, 485 [ATTR_REPL_PORT_DST] = set_attr_repl_port_dst, 486 [ATTR_ICMP_TYPE] = set_attr_icmp_type, 487 [ATTR_ICMP_CODE] = set_attr_icmp_code, 488 [ATTR_ICMP_ID] = set_attr_icmp_id, 489 [ATTR_ORIG_L3PROTO] = set_attr_orig_l3proto, 490 [ATTR_REPL_L3PROTO] = set_attr_repl_l3proto, 491 [ATTR_ORIG_L4PROTO] = set_attr_orig_l4proto, 492 [ATTR_REPL_L4PROTO] = set_attr_repl_l4proto, 493 [ATTR_TCP_STATE] = set_attr_tcp_state, 494 [ATTR_SNAT_IPV4] = set_attr_snat_ipv4, 495 [ATTR_DNAT_IPV4] = set_attr_dnat_ipv4, 496 [ATTR_SNAT_PORT] = set_attr_snat_port, 497 [ATTR_DNAT_PORT] = set_attr_dnat_port, 498 [ATTR_TIMEOUT] = set_attr_timeout, 499 [ATTR_MARK] = set_attr_mark, 500 [ATTR_ORIG_COUNTER_PACKETS] = set_attr_do_nothing, 501 [ATTR_REPL_COUNTER_PACKETS] = set_attr_do_nothing, 502 [ATTR_ORIG_COUNTER_BYTES] = set_attr_do_nothing, 503 [ATTR_REPL_COUNTER_BYTES] = set_attr_do_nothing, 504 [ATTR_USE] = set_attr_do_nothing, 505 [ATTR_ID] = set_attr_id, 506 [ATTR_STATUS] = set_attr_status, 507 [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig, 508 [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl, 509 [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig, 510 [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl, 511 [ATTR_MASTER_IPV4_SRC] = set_attr_master_ipv4_src, 512 [ATTR_MASTER_IPV4_DST] = set_attr_master_ipv4_dst, 513 [ATTR_MASTER_IPV6_SRC] = set_attr_master_ipv6_src, 514 [ATTR_MASTER_IPV6_DST] = set_attr_master_ipv6_dst, 515 [ATTR_MASTER_PORT_SRC] = set_attr_master_port_src, 516 [ATTR_MASTER_PORT_DST] = set_attr_master_port_dst, 517 [ATTR_MASTER_L3PROTO] = set_attr_master_l3proto, 518 [ATTR_MASTER_L4PROTO] = set_attr_master_l4proto, 519 [ATTR_SECMARK] = set_attr_secmark, 520 [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = set_attr_orig_cor_pos, 521 [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = set_attr_orig_off_bfr, 522 [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = set_attr_orig_off_aft, 523 [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = set_attr_repl_cor_pos, 524 [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = set_attr_repl_off_bfr, 525 [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = set_attr_repl_off_aft, 526 [ATTR_SCTP_STATE] = set_attr_sctp_state, 527 [ATTR_SCTP_VTAG_ORIG] = set_attr_sctp_vtag_orig, 528 [ATTR_SCTP_VTAG_REPL] = set_attr_sctp_vtag_repl, 529 [ATTR_HELPER_NAME] = set_attr_helper_name, 530 [ATTR_DCCP_STATE] = set_attr_dccp_state, 531 [ATTR_DCCP_ROLE] = set_attr_dccp_role, 532 [ATTR_DCCP_HANDSHAKE_SEQ] = set_attr_dccp_handshake_seq, 533 [ATTR_TCP_WSCALE_ORIG] = set_attr_tcp_wscale_orig, 534 [ATTR_TCP_WSCALE_REPL] = set_attr_tcp_wscale_repl, 535 [ATTR_ZONE] = set_attr_zone, 536 [ATTR_ORIG_ZONE] = set_attr_orig_zone, 537 [ATTR_REPL_ZONE] = set_attr_repl_zone, 538 [ATTR_SECCTX] = set_attr_do_nothing, 539 [ATTR_TIMESTAMP_START] = set_attr_do_nothing, 540 [ATTR_TIMESTAMP_STOP] = set_attr_do_nothing, 541 [ATTR_HELPER_INFO] = set_attr_helper_info, 542 [ATTR_CONNLABELS] = set_attr_connlabels, 543 [ATTR_CONNLABELS_MASK] = set_attr_connlabels_mask, 544 [ATTR_SNAT_IPV6] = set_attr_snat_ipv6, 545 [ATTR_DNAT_IPV6] = set_attr_dnat_ipv6, 546 }; 547
