1 /* 2 * (C) 2005-2011 by Pablo Neira Ayuso <pablo (at) netfilter.org> 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 */ 9 10 #include "internal/internal.h" 11 12 static void filter_attr_l4proto(struct nfct_filter *filter, const void *value) 13 { 14 if (filter->l4proto_len >= __FILTER_L4PROTO_MAX) 15 return; 16 17 set_bit(*((int *) value), filter->l4proto_map); 18 filter->l4proto_len++; 19 } 20 21 static void 22 filter_attr_l4proto_state(struct nfct_filter *filter, const void *value) 23 { 24 const struct nfct_filter_proto *this = value; 25 26 set_bit_u16(this->state, &filter->l4proto_state[this->proto].map); 27 filter->l4proto_state[this->proto].len++; 28 } 29 30 static void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value) 31 { 32 const struct nfct_filter_ipv4 *this = value; 33 34 if (filter->l3proto_elems[0] >= __FILTER_ADDR_MAX) 35 return; 36 37 filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr; 38 filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask; 39 filter->l3proto_elems[0]++; 40 } 41 42 static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value) 43 { 44 const struct nfct_filter_ipv4 *this = value; 45 46 if (filter->l3proto_elems[1] >= __FILTER_ADDR_MAX) 47 return; 48 49 filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr; 50 filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask; 51 filter->l3proto_elems[1]++; 52 } 53 54 static void filter_attr_src_ipv6(struct nfct_filter *filter, const void *value) 55 { 56 const struct nfct_filter_ipv6 *this = value; 57 58 if (filter->l3proto_elems_ipv6[0] >= __FILTER_IPV6_MAX) 59 return; 60 61 memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].addr, 62 this->addr, sizeof(uint32_t)*4); 63 memcpy(filter->l3proto_ipv6[0][filter->l3proto_elems_ipv6[0]].mask, 64 this->mask, sizeof(uint32_t)*4); 65 filter->l3proto_elems_ipv6[0]++; 66 } 67 68 static void filter_attr_dst_ipv6(struct nfct_filter *filter, const void *value) 69 { 70 const struct nfct_filter_ipv6 *this = value; 71 72 if (filter->l3proto_elems_ipv6[1] >= __FILTER_IPV6_MAX) 73 return; 74 75 memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].addr, 76 this->addr, sizeof(uint32_t)*4); 77 memcpy(filter->l3proto_ipv6[1][filter->l3proto_elems_ipv6[1]].mask, 78 this->mask, sizeof(uint32_t)*4); 79 filter->l3proto_elems_ipv6[1]++; 80 } 81 82 static void filter_attr_mark(struct nfct_filter *filter, const void *value) 83 { 84 const struct nfct_filter_dump_mark *this = value; 85 86 if (filter->mark_elems >= __FILTER_MARK_MAX) 87 return; 88 89 filter->mark[filter->mark_elems].val = this->val; 90 filter->mark[filter->mark_elems].mask = this->mask; 91 filter->mark_elems++; 92 } 93 94 const filter_attr filter_attr_array[NFCT_FILTER_MAX] = { 95 [NFCT_FILTER_L4PROTO] = filter_attr_l4proto, 96 [NFCT_FILTER_L4PROTO_STATE] = filter_attr_l4proto_state, 97 [NFCT_FILTER_SRC_IPV4] = filter_attr_src_ipv4, 98 [NFCT_FILTER_DST_IPV4] = filter_attr_dst_ipv4, 99 [NFCT_FILTER_SRC_IPV6] = filter_attr_src_ipv6, 100 [NFCT_FILTER_DST_IPV6] = filter_attr_dst_ipv6, 101 [NFCT_FILTER_MARK] = filter_attr_mark, 102 }; 103
