libnl 3.7.0
ct_obj.c
1/* SPDX-License-Identifier: LGPL-2.1-only */
2/*
3 * Copyright (c) 2003-2008 Thomas Graf <tgraf@suug.ch>
4 * Copyright (c) 2007 Philip Craig <philipc@snapgear.com>
5 * Copyright (c) 2007 Secure Computing Corporation
6 */
7
8#include <sys/types.h>
9#include <linux/netfilter/nfnetlink_conntrack.h>
10#include <linux/netfilter/nf_conntrack_common.h>
11#include <linux/netfilter/nf_conntrack_tcp.h>
12
13#include <netlink-private/netlink.h>
14#include <netlink/netfilter/nfnl.h>
15#include <netlink/netfilter/ct.h>
16
17/** @cond SKIP */
18#define CT_ATTR_FAMILY (1UL << 0)
19#define CT_ATTR_PROTO (1UL << 1)
20
21#define CT_ATTR_TCP_STATE (1UL << 2)
22
23#define CT_ATTR_STATUS (1UL << 3)
24#define CT_ATTR_TIMEOUT (1UL << 4)
25#define CT_ATTR_MARK (1UL << 5)
26#define CT_ATTR_USE (1UL << 6)
27#define CT_ATTR_ID (1UL << 7)
28
29#define CT_ATTR_ORIG_SRC (1UL << 8)
30#define CT_ATTR_ORIG_DST (1UL << 9)
31#define CT_ATTR_ORIG_SRC_PORT (1UL << 10)
32#define CT_ATTR_ORIG_DST_PORT (1UL << 11)
33#define CT_ATTR_ORIG_ICMP_ID (1UL << 12)
34#define CT_ATTR_ORIG_ICMP_TYPE (1UL << 13)
35#define CT_ATTR_ORIG_ICMP_CODE (1UL << 14)
36#define CT_ATTR_ORIG_PACKETS (1UL << 15)
37#define CT_ATTR_ORIG_BYTES (1UL << 16)
38
39#define CT_ATTR_REPL_SRC (1UL << 17)
40#define CT_ATTR_REPL_DST (1UL << 18)
41#define CT_ATTR_REPL_SRC_PORT (1UL << 19)
42#define CT_ATTR_REPL_DST_PORT (1UL << 20)
43#define CT_ATTR_REPL_ICMP_ID (1UL << 21)
44#define CT_ATTR_REPL_ICMP_TYPE (1UL << 22)
45#define CT_ATTR_REPL_ICMP_CODE (1UL << 23)
46#define CT_ATTR_REPL_PACKETS (1UL << 24)
47#define CT_ATTR_REPL_BYTES (1UL << 25)
48#define CT_ATTR_TIMESTAMP (1UL << 26)
49#define CT_ATTR_ZONE (1UL << 27)
50/** @endcond */
51
52static void ct_free_data(struct nl_object *c)
53{
54 struct nfnl_ct *ct = (struct nfnl_ct *) c;
55
56 if (ct == NULL)
57 return;
58
59 nl_addr_put(ct->ct_orig.src);
60 nl_addr_put(ct->ct_orig.dst);
61 nl_addr_put(ct->ct_repl.src);
62 nl_addr_put(ct->ct_repl.dst);
63}
64
65static int ct_clone(struct nl_object *_dst, struct nl_object *_src)
66{
67 struct nfnl_ct *dst = (struct nfnl_ct *) _dst;
68 struct nfnl_ct *src = (struct nfnl_ct *) _src;
69 struct nl_addr *addr;
70
71 dst->ct_orig.src = NULL;
72 dst->ct_orig.dst = NULL;
73 dst->ct_repl.src = NULL;
74 dst->ct_repl.dst = NULL;
75
76 if (src->ct_orig.src) {
77 addr = nl_addr_clone(src->ct_orig.src);
78 if (!addr)
79 return -NLE_NOMEM;
80 dst->ct_orig.src = addr;
81 }
82
83 if (src->ct_orig.dst) {
84 addr = nl_addr_clone(src->ct_orig.dst);
85 if (!addr)
86 return -NLE_NOMEM;
87 dst->ct_orig.dst = addr;
88 }
89
90 if (src->ct_repl.src) {
91 addr = nl_addr_clone(src->ct_repl.src);
92 if (!addr)
93 return -NLE_NOMEM;
94 dst->ct_repl.src = addr;
95 }
96
97 if (src->ct_repl.dst) {
98 addr = nl_addr_clone(src->ct_repl.dst);
99 if (!addr)
100 return -NLE_NOMEM;
101 dst->ct_repl.dst = addr;
102 }
103
104 return 0;
105}
106
107static void dump_addr(struct nl_dump_params *p, struct nl_addr *addr, int port)
108{
109 char buf[64];
110
111 if (addr)
112 nl_dump(p, "%s", nl_addr2str(addr, buf, sizeof(buf)));
113
114 if (port)
115 nl_dump(p, ":%u ", port);
116 else if (addr)
117 nl_dump(p, " ");
118}
119
120static void dump_icmp(struct nl_dump_params *p, struct nfnl_ct *ct, int reply)
121{
122 if (nfnl_ct_test_icmp_type(ct, reply))
123 nl_dump(p, "icmp type %d ", nfnl_ct_get_icmp_type(ct, reply));
124
125 if (nfnl_ct_test_icmp_code(ct, reply))
126 nl_dump(p, "code %d ", nfnl_ct_get_icmp_code(ct, reply));
127
128 if (nfnl_ct_test_icmp_id(ct, reply))
129 nl_dump(p, "id %d ", nfnl_ct_get_icmp_id(ct, reply));
130}
131
132static void ct_dump_tuples(struct nfnl_ct *ct, struct nl_dump_params *p)
133{
134 struct nl_addr *orig_src, *orig_dst, *reply_src, *reply_dst;
135 int orig_sport = 0, orig_dport = 0, reply_sport = 0, reply_dport = 0;
136 int sync = 0;
137
138 orig_src = nfnl_ct_get_src(ct, 0);
139 orig_dst = nfnl_ct_get_dst(ct, 0);
140 reply_src = nfnl_ct_get_src(ct, 1);
141 reply_dst = nfnl_ct_get_dst(ct, 1);
142
143 if (nfnl_ct_test_src_port(ct, 0))
144 orig_sport = nfnl_ct_get_src_port(ct, 0);
145
146 if (nfnl_ct_test_dst_port(ct, 0))
147 orig_dport = nfnl_ct_get_dst_port(ct, 0);
148
149 if (nfnl_ct_test_src_port(ct, 1))
150 reply_sport = nfnl_ct_get_src_port(ct, 1);
151
152 if (nfnl_ct_test_dst_port(ct, 1))
153 reply_dport = nfnl_ct_get_dst_port(ct, 1);
154
155 if (orig_src && orig_dst && reply_src && reply_dst &&
156 orig_sport == reply_dport && orig_dport == reply_sport &&
157 !nl_addr_cmp(orig_src, reply_dst) &&
158 !nl_addr_cmp(orig_dst, reply_src))
159 sync = 1;
160
161 dump_addr(p, orig_src, orig_sport);
162 nl_dump(p, sync ? "<-> " : "-> ");
163 dump_addr(p, orig_dst, orig_dport);
164 dump_icmp(p, ct, 0);
165
166 if (!sync) {
167 dump_addr(p, reply_src, reply_sport);
168 nl_dump(p, "<- ");
169 dump_addr(p, reply_dst, reply_dport);
170 dump_icmp(p, ct, 1);
171 }
172}
173
174/* Compatible with /proc/net/nf_conntrack */
175static void ct_dump_line(struct nl_object *a, struct nl_dump_params *p)
176{
177 struct nfnl_ct *ct = (struct nfnl_ct *) a;
178 char buf[64];
179
180 nl_new_line(p);
181
182 if (nfnl_ct_test_proto(ct))
183 nl_dump(p, "%s ",
184 nl_ip_proto2str(nfnl_ct_get_proto(ct), buf, sizeof(buf)));
185
186 if (nfnl_ct_test_tcp_state(ct))
187 nl_dump(p, "%s ",
188 nfnl_ct_tcp_state2str(nfnl_ct_get_tcp_state(ct),
189 buf, sizeof(buf)));
190
191 ct_dump_tuples(ct, p);
192
193 if (nfnl_ct_test_mark(ct) && nfnl_ct_get_mark(ct))
194 nl_dump(p, "mark %u ", nfnl_ct_get_mark(ct));
195
196 if (nfnl_ct_test_zone(ct))
197 nl_dump(p, "zone %hu ", nfnl_ct_get_zone(ct));
198
199 if (nfnl_ct_test_timestamp(ct)) {
200 const struct nfnl_ct_timestamp *tstamp = nfnl_ct_get_timestamp(ct);
201 int64_t delta_time = tstamp->stop - tstamp->start;
202
203 if (delta_time > 0)
204 delta_time /= NSEC_PER_SEC;
205 else
206 delta_time = 0;
207 nl_dump(p, "delta-time %llu ", (long long unsigned)delta_time);
208 }
209
210 nl_dump(p, "\n");
211}
212
213static void ct_dump_details(struct nl_object *a, struct nl_dump_params *p)
214{
215 struct nfnl_ct *ct = (struct nfnl_ct *) a;
216 char buf[64];
217 int fp = 0;
218
219 ct_dump_line(a, p);
220
221 nl_dump(p, " id 0x%x ", ct->ct_id);
222 if (ct->ce_mask & CT_ATTR_FAMILY)
223 nl_dump_line(p, "family %s ",
224 nl_af2str(ct->ct_family, buf, sizeof(buf)));
225
226 if (nfnl_ct_test_use(ct))
227 nl_dump(p, "refcnt %u ", nfnl_ct_get_use(ct));
228
229 if (nfnl_ct_test_timeout(ct)) {
230 uint64_t timeout_ms = nfnl_ct_get_timeout(ct) * 1000UL;
231 nl_dump(p, "timeout %s ",
232 nl_msec2str(timeout_ms, buf, sizeof(buf)));
233 }
234
235 if (ct->ct_status)
236 nl_dump(p, "<");
237
238#define PRINT_FLAG(str) \
239 { nl_dump(p, "%s%s", fp++ ? "," : "", (str)); }
240
241 if (ct->ct_status & IPS_EXPECTED)
242 PRINT_FLAG("EXPECTED");
243 if (!(ct->ct_status & IPS_SEEN_REPLY))
244 PRINT_FLAG("NOREPLY");
245 if (ct->ct_status & IPS_ASSURED)
246 PRINT_FLAG("ASSURED");
247 if (!(ct->ct_status & IPS_CONFIRMED))
248 PRINT_FLAG("NOTSENT");
249 if (ct->ct_status & IPS_SRC_NAT)
250 PRINT_FLAG("SNAT");
251 if (ct->ct_status & IPS_DST_NAT)
252 PRINT_FLAG("DNAT");
253 if (ct->ct_status & IPS_SEQ_ADJUST)
254 PRINT_FLAG("SEQADJUST");
255 if (!(ct->ct_status & IPS_SRC_NAT_DONE))
256 PRINT_FLAG("SNAT_INIT");
257 if (!(ct->ct_status & IPS_DST_NAT_DONE))
258 PRINT_FLAG("DNAT_INIT");
259 if (ct->ct_status & IPS_DYING)
260 PRINT_FLAG("DYING");
261 if (ct->ct_status & IPS_FIXED_TIMEOUT)
262 PRINT_FLAG("FIXED_TIMEOUT");
263#undef PRINT_FLAG
264
265 if (ct->ct_status)
266 nl_dump(p, ">");
267 nl_dump(p, "\n");
268}
269
270static void ct_dump_stats(struct nl_object *a, struct nl_dump_params *p)
271{
272 struct nfnl_ct *ct = (struct nfnl_ct *) a;
273 double res;
274 char *unit;
275 uint64_t packets;
276 const char * const names[] = {"rx", "tx"};
277 int i;
278
279 ct_dump_details(a, p);
280
281 if (!nfnl_ct_test_bytes(ct, 0) ||
282 !nfnl_ct_test_packets(ct, 0) ||
283 !nfnl_ct_test_bytes(ct, 1) ||
284 !nfnl_ct_test_packets(ct, 1))
285 {
286 nl_dump_line(p, " Statistics are not available.\n");
287 nl_dump_line(p, " Please set sysctl net.netfilter.nf_conntrack_acct=1\n");
288 nl_dump_line(p, " (Require kernel 2.6.27)\n");
289 return;
290 }
291
292 nl_dump_line(p, " # packets volume\n");
293 for (i=0; i<=1; i++) {
294 res = nl_cancel_down_bytes(nfnl_ct_get_bytes(ct, i), &unit);
295 packets = nfnl_ct_get_packets(ct, i);
296 nl_dump_line(p, " %s %10" PRIu64 " %7.2f %s\n", names[i], packets, res, unit);
297 }
298}
299
300static uint64_t ct_compare(struct nl_object *_a, struct nl_object *_b,
301 uint64_t attrs, int flags)
302{
303 struct nfnl_ct *a = (struct nfnl_ct *) _a;
304 struct nfnl_ct *b = (struct nfnl_ct *) _b;
305 uint64_t diff = 0;
306
307#define CT_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, CT_ATTR_##ATTR, a, b, EXPR)
308#define CT_DIFF_VAL(ATTR, FIELD) CT_DIFF(ATTR, a->FIELD != b->FIELD)
309#define CT_DIFF_ADDR(ATTR, FIELD) \
310 ((flags & LOOSE_COMPARISON) \
311 ? CT_DIFF(ATTR, nl_addr_cmp_prefix(a->FIELD, b->FIELD)) \
312 : CT_DIFF(ATTR, nl_addr_cmp(a->FIELD, b->FIELD)))
313
314 diff |= CT_DIFF_VAL(FAMILY, ct_family);
315 diff |= CT_DIFF_VAL(PROTO, ct_proto);
316 diff |= CT_DIFF_VAL(TCP_STATE, ct_protoinfo.tcp.state);
317 diff |= CT_DIFF_VAL(TIMEOUT, ct_timeout);
318 diff |= CT_DIFF_VAL(MARK, ct_mark);
319 diff |= CT_DIFF_VAL(USE, ct_use);
320 diff |= CT_DIFF_VAL(ID, ct_id);
321 diff |= CT_DIFF_ADDR(ORIG_SRC, ct_orig.src);
322 diff |= CT_DIFF_ADDR(ORIG_DST, ct_orig.dst);
323 diff |= CT_DIFF_VAL(ORIG_SRC_PORT, ct_orig.proto.port.src);
324 diff |= CT_DIFF_VAL(ORIG_DST_PORT, ct_orig.proto.port.dst);
325 diff |= CT_DIFF_VAL(ORIG_ICMP_ID, ct_orig.proto.icmp.id);
326 diff |= CT_DIFF_VAL(ORIG_ICMP_TYPE, ct_orig.proto.icmp.type);
327 diff |= CT_DIFF_VAL(ORIG_ICMP_CODE, ct_orig.proto.icmp.code);
328 diff |= CT_DIFF_VAL(ORIG_PACKETS, ct_orig.packets);
329 diff |= CT_DIFF_VAL(ORIG_BYTES, ct_orig.bytes);
330 diff |= CT_DIFF_ADDR(REPL_SRC, ct_repl.src);
331 diff |= CT_DIFF_ADDR(REPL_DST, ct_repl.dst);
332 diff |= CT_DIFF_VAL(REPL_SRC_PORT, ct_repl.proto.port.src);
333 diff |= CT_DIFF_VAL(REPL_DST_PORT, ct_repl.proto.port.dst);
334 diff |= CT_DIFF_VAL(REPL_ICMP_ID, ct_repl.proto.icmp.id);
335 diff |= CT_DIFF_VAL(REPL_ICMP_TYPE, ct_repl.proto.icmp.type);
336 diff |= CT_DIFF_VAL(REPL_ICMP_CODE, ct_repl.proto.icmp.code);
337 diff |= CT_DIFF_VAL(REPL_PACKETS, ct_repl.packets);
338 diff |= CT_DIFF_VAL(REPL_BYTES, ct_repl.bytes);
339
340 if (flags & LOOSE_COMPARISON)
341 diff |= CT_DIFF(STATUS, (a->ct_status ^ b->ct_status) &
342 b->ct_status_mask);
343 else
344 diff |= CT_DIFF(STATUS, a->ct_status != b->ct_status);
345
346#undef CT_DIFF
347#undef CT_DIFF_VAL
348#undef CT_DIFF_ADDR
349
350 return diff;
351}
352
353static const struct trans_tbl ct_attrs[] = {
354 __ADD(CT_ATTR_FAMILY, family),
355 __ADD(CT_ATTR_PROTO, proto),
356 __ADD(CT_ATTR_TCP_STATE, tcpstate),
357 __ADD(CT_ATTR_STATUS, status),
358 __ADD(CT_ATTR_TIMEOUT, timeout),
359 __ADD(CT_ATTR_MARK, mark),
360 __ADD(CT_ATTR_USE, use),
361 __ADD(CT_ATTR_ID, id),
362 __ADD(CT_ATTR_ORIG_SRC, origsrc),
363 __ADD(CT_ATTR_ORIG_DST, origdst),
364 __ADD(CT_ATTR_ORIG_SRC_PORT, origsrcport),
365 __ADD(CT_ATTR_ORIG_DST_PORT, origdstport),
366 __ADD(CT_ATTR_ORIG_ICMP_ID, origicmpid),
367 __ADD(CT_ATTR_ORIG_ICMP_TYPE, origicmptype),
368 __ADD(CT_ATTR_ORIG_ICMP_CODE, origicmpcode),
369 __ADD(CT_ATTR_ORIG_PACKETS, origpackets),
370 __ADD(CT_ATTR_ORIG_BYTES, origbytes),
371 __ADD(CT_ATTR_REPL_SRC, replysrc),
372 __ADD(CT_ATTR_REPL_DST, replydst),
373 __ADD(CT_ATTR_REPL_SRC_PORT, replysrcport),
374 __ADD(CT_ATTR_REPL_DST_PORT, replydstport),
375 __ADD(CT_ATTR_REPL_ICMP_ID, replyicmpid),
376 __ADD(CT_ATTR_REPL_ICMP_TYPE, replyicmptype),
377 __ADD(CT_ATTR_REPL_ICMP_CODE, replyicmpcode),
378 __ADD(CT_ATTR_REPL_PACKETS, replypackets),
379 __ADD(CT_ATTR_REPL_BYTES, replybytes),
380};
381
382static char *ct_attrs2str(int attrs, char *buf, size_t len)
383{
384 return __flags2str(attrs, buf, len, ct_attrs, ARRAY_SIZE(ct_attrs));
385}
386
387/**
388 * @name Allocation/Freeing
389 * @{
390 */
391
392struct nfnl_ct *nfnl_ct_alloc(void)
393{
394 return (struct nfnl_ct *) nl_object_alloc(&ct_obj_ops);
395}
396
397void nfnl_ct_get(struct nfnl_ct *ct)
398{
399 nl_object_get((struct nl_object *) ct);
400}
401
402void nfnl_ct_put(struct nfnl_ct *ct)
403{
404 nl_object_put((struct nl_object *) ct);
405}
406
407/** @} */
408
409/**
410 * @name Attributes
411 * @{
412 */
413
414void nfnl_ct_set_family(struct nfnl_ct *ct, uint8_t family)
415{
416 ct->ct_family = family;
417 ct->ce_mask |= CT_ATTR_FAMILY;
418}
419
420uint8_t nfnl_ct_get_family(const struct nfnl_ct *ct)
421{
422 if (ct->ce_mask & CT_ATTR_FAMILY)
423 return ct->ct_family;
424 else
425 return AF_UNSPEC;
426}
427
428void nfnl_ct_set_proto(struct nfnl_ct *ct, uint8_t proto)
429{
430 ct->ct_proto = proto;
431 ct->ce_mask |= CT_ATTR_PROTO;
432}
433
434int nfnl_ct_test_proto(const struct nfnl_ct *ct)
435{
436 return !!(ct->ce_mask & CT_ATTR_PROTO);
437}
438
439uint8_t nfnl_ct_get_proto(const struct nfnl_ct *ct)
440{
441 return ct->ct_proto;
442}
443
444void nfnl_ct_set_tcp_state(struct nfnl_ct *ct, uint8_t state)
445{
446 ct->ct_protoinfo.tcp.state = state;
447 ct->ce_mask |= CT_ATTR_TCP_STATE;
448}
449
450int nfnl_ct_test_tcp_state(const struct nfnl_ct *ct)
451{
452 return !!(ct->ce_mask & CT_ATTR_TCP_STATE);
453}
454
455uint8_t nfnl_ct_get_tcp_state(const struct nfnl_ct *ct)
456{
457 return ct->ct_protoinfo.tcp.state;
458}
459
460static const struct trans_tbl tcp_states[] = {
461 __ADD(TCP_CONNTRACK_NONE,NONE),
462 __ADD(TCP_CONNTRACK_SYN_SENT,SYN_SENT),
463 __ADD(TCP_CONNTRACK_SYN_RECV,SYN_RECV),
464 __ADD(TCP_CONNTRACK_ESTABLISHED,ESTABLISHED),
465 __ADD(TCP_CONNTRACK_FIN_WAIT,FIN_WAIT),
466 __ADD(TCP_CONNTRACK_CLOSE_WAIT,CLOSE_WAIT),
467 __ADD(TCP_CONNTRACK_LAST_ACK,LAST_ACK),
468 __ADD(TCP_CONNTRACK_TIME_WAIT,TIME_WAIT),
469 __ADD(TCP_CONNTRACK_CLOSE,CLOSE),
470 __ADD(TCP_CONNTRACK_LISTEN,LISTEN),
471};
472
473char *nfnl_ct_tcp_state2str(uint8_t state, char *buf, size_t len)
474{
475 return __type2str(state, buf, len, tcp_states, ARRAY_SIZE(tcp_states));
476}
477
478int nfnl_ct_str2tcp_state(const char *name)
479{
480 return __str2type(name, tcp_states, ARRAY_SIZE(tcp_states));
481}
482
483void nfnl_ct_set_status(struct nfnl_ct *ct, uint32_t status)
484{
485 ct->ct_status_mask |= status;
486 ct->ct_status |= status;
487 ct->ce_mask |= CT_ATTR_STATUS;
488}
489
490void nfnl_ct_unset_status(struct nfnl_ct *ct, uint32_t status)
491{
492 ct->ct_status_mask |= status;
493 ct->ct_status &= ~status;
494 ct->ce_mask |= CT_ATTR_STATUS;
495}
496
497int nfnl_ct_test_status(const struct nfnl_ct *ct)
498{
499 return !!(ct->ce_mask & CT_ATTR_STATUS);
500}
501
502uint32_t nfnl_ct_get_status(const struct nfnl_ct *ct)
503{
504 return ct->ct_status;
505}
506
507static const struct trans_tbl status_flags[] = {
508 __ADD(IPS_EXPECTED, expected),
509 __ADD(IPS_SEEN_REPLY, seen_reply),
510 __ADD(IPS_ASSURED, assured),
511 __ADD(IPS_CONFIRMED, confirmed),
512 __ADD(IPS_SRC_NAT, snat),
513 __ADD(IPS_DST_NAT, dnat),
514 __ADD(IPS_SEQ_ADJUST, seqadjust),
515 __ADD(IPS_SRC_NAT_DONE, snat_done),
516 __ADD(IPS_DST_NAT_DONE, dnat_done),
517 __ADD(IPS_DYING, dying),
518 __ADD(IPS_FIXED_TIMEOUT, fixed_timeout),
519};
520
521char * nfnl_ct_status2str(int flags, char *buf, size_t len)
522{
523 return __flags2str(flags, buf, len, status_flags,
524 ARRAY_SIZE(status_flags));
525}
526
527int nfnl_ct_str2status(const char *name)
528{
529 return __str2flags(name, status_flags, ARRAY_SIZE(status_flags));
530}
531
532void nfnl_ct_set_timeout(struct nfnl_ct *ct, uint32_t timeout)
533{
534 ct->ct_timeout = timeout;
535 ct->ce_mask |= CT_ATTR_TIMEOUT;
536}
537
538int nfnl_ct_test_timeout(const struct nfnl_ct *ct)
539{
540 return !!(ct->ce_mask & CT_ATTR_TIMEOUT);
541}
542
543uint32_t nfnl_ct_get_timeout(const struct nfnl_ct *ct)
544{
545 return ct->ct_timeout;
546}
547
548void nfnl_ct_set_mark(struct nfnl_ct *ct, uint32_t mark)
549{
550 ct->ct_mark = mark;
551 ct->ce_mask |= CT_ATTR_MARK;
552}
553
554int nfnl_ct_test_mark(const struct nfnl_ct *ct)
555{
556 return !!(ct->ce_mask & CT_ATTR_MARK);
557}
558
559uint32_t nfnl_ct_get_mark(const struct nfnl_ct *ct)
560{
561 return ct->ct_mark;
562}
563
564void nfnl_ct_set_use(struct nfnl_ct *ct, uint32_t use)
565{
566 ct->ct_use = use;
567 ct->ce_mask |= CT_ATTR_USE;
568}
569
570int nfnl_ct_test_use(const struct nfnl_ct *ct)
571{
572 return !!(ct->ce_mask & CT_ATTR_USE);
573}
574
575uint32_t nfnl_ct_get_use(const struct nfnl_ct *ct)
576{
577 return ct->ct_use;
578}
579
580void nfnl_ct_set_id(struct nfnl_ct *ct, uint32_t id)
581{
582 ct->ct_id = id;
583 ct->ce_mask |= CT_ATTR_ID;
584}
585
586int nfnl_ct_test_id(const struct nfnl_ct *ct)
587{
588 return !!(ct->ce_mask & CT_ATTR_ID);
589}
590
591uint32_t nfnl_ct_get_id(const struct nfnl_ct *ct)
592{
593 return ct->ct_id;
594}
595
596void nfnl_ct_set_zone(struct nfnl_ct *ct, uint16_t zone)
597{
598 ct->ct_zone = zone;
599 ct->ce_mask |= CT_ATTR_ZONE;
600}
601
602int nfnl_ct_test_zone(const struct nfnl_ct *ct)
603{
604 return !!(ct->ce_mask & CT_ATTR_ZONE);
605}
606
607uint16_t nfnl_ct_get_zone(const struct nfnl_ct *ct)
608{
609 return ct->ct_zone;
610}
611
612static int ct_set_addr(struct nfnl_ct *ct, struct nl_addr *addr,
613 int attr, struct nl_addr ** ct_addr)
614{
615 if (ct->ce_mask & CT_ATTR_FAMILY) {
616 if (addr->a_family != ct->ct_family)
617 return -NLE_AF_MISMATCH;
618 } else
619 nfnl_ct_set_family(ct, addr->a_family);
620
621 if (*ct_addr)
622 nl_addr_put(*ct_addr);
623
624 nl_addr_get(addr);
625 *ct_addr = addr;
626 ct->ce_mask |= attr;
627
628 return 0;
629}
630
631int nfnl_ct_set_src(struct nfnl_ct *ct, int repl, struct nl_addr *addr)
632{
633 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
634 int attr = repl ? CT_ATTR_REPL_SRC : CT_ATTR_ORIG_SRC;
635 return ct_set_addr(ct, addr, attr, &dir->src);
636}
637
638int nfnl_ct_set_dst(struct nfnl_ct *ct, int repl, struct nl_addr *addr)
639{
640 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
641 int attr = repl ? CT_ATTR_REPL_DST : CT_ATTR_ORIG_DST;
642 return ct_set_addr(ct, addr, attr, &dir->dst);
643}
644
645struct nl_addr *nfnl_ct_get_src(const struct nfnl_ct *ct, int repl)
646{
647 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
648 int attr = repl ? CT_ATTR_REPL_SRC : CT_ATTR_ORIG_SRC;
649 if (!(ct->ce_mask & attr))
650 return NULL;
651 return dir->src;
652}
653
654struct nl_addr *nfnl_ct_get_dst(const struct nfnl_ct *ct, int repl)
655{
656 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
657 int attr = repl ? CT_ATTR_REPL_DST : CT_ATTR_ORIG_DST;
658 if (!(ct->ce_mask & attr))
659 return NULL;
660 return dir->dst;
661}
662
663void nfnl_ct_set_src_port(struct nfnl_ct *ct, int repl, uint16_t port)
664{
665 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
666 int attr = repl ? CT_ATTR_REPL_SRC_PORT : CT_ATTR_ORIG_SRC_PORT;
667
668 dir->proto.port.src = port;
669 ct->ce_mask |= attr;
670}
671
672int nfnl_ct_test_src_port(const struct nfnl_ct *ct, int repl)
673{
674 int attr = repl ? CT_ATTR_REPL_SRC_PORT : CT_ATTR_ORIG_SRC_PORT;
675 return !!(ct->ce_mask & attr);
676}
677
678uint16_t nfnl_ct_get_src_port(const struct nfnl_ct *ct, int repl)
679{
680 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
681
682 return dir->proto.port.src;
683}
684
685void nfnl_ct_set_dst_port(struct nfnl_ct *ct, int repl, uint16_t port)
686{
687 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
688 int attr = repl ? CT_ATTR_REPL_DST_PORT : CT_ATTR_ORIG_DST_PORT;
689
690 dir->proto.port.dst = port;
691 ct->ce_mask |= attr;
692}
693
694int nfnl_ct_test_dst_port(const struct nfnl_ct *ct, int repl)
695{
696 int attr = repl ? CT_ATTR_REPL_DST_PORT : CT_ATTR_ORIG_DST_PORT;
697 return !!(ct->ce_mask & attr);
698}
699
700uint16_t nfnl_ct_get_dst_port(const struct nfnl_ct *ct, int repl)
701{
702 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
703
704 return dir->proto.port.dst;
705}
706
707void nfnl_ct_set_icmp_id(struct nfnl_ct *ct, int repl, uint16_t id)
708{
709 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
710 int attr = repl ? CT_ATTR_REPL_ICMP_ID : CT_ATTR_ORIG_ICMP_ID;
711
712 dir->proto.icmp.id = id;
713 ct->ce_mask |= attr;
714}
715
716int nfnl_ct_test_icmp_id(const struct nfnl_ct *ct, int repl)
717{
718 int attr = repl ? CT_ATTR_REPL_ICMP_ID : CT_ATTR_ORIG_ICMP_ID;
719 return !!(ct->ce_mask & attr);
720}
721
722uint16_t nfnl_ct_get_icmp_id(const struct nfnl_ct *ct, int repl)
723{
724 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
725
726 return dir->proto.icmp.id;
727}
728
729void nfnl_ct_set_icmp_type(struct nfnl_ct *ct, int repl, uint8_t type)
730{
731 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
732 int attr = repl ? CT_ATTR_REPL_ICMP_TYPE : CT_ATTR_ORIG_ICMP_TYPE;
733
734 dir->proto.icmp.type = type;
735 ct->ce_mask |= attr;
736}
737
738int nfnl_ct_test_icmp_type(const struct nfnl_ct *ct, int repl)
739{
740 int attr = repl ? CT_ATTR_REPL_ICMP_TYPE : CT_ATTR_ORIG_ICMP_TYPE;
741 return !!(ct->ce_mask & attr);
742}
743
744uint8_t nfnl_ct_get_icmp_type(const struct nfnl_ct *ct, int repl)
745{
746 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
747
748 return dir->proto.icmp.type;
749}
750
751void nfnl_ct_set_icmp_code(struct nfnl_ct *ct, int repl, uint8_t code)
752{
753 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
754 int attr = repl ? CT_ATTR_REPL_ICMP_CODE : CT_ATTR_ORIG_ICMP_CODE;
755
756 dir->proto.icmp.code = code;
757 ct->ce_mask |= attr;
758}
759
760int nfnl_ct_test_icmp_code(const struct nfnl_ct *ct, int repl)
761{
762 int attr = repl ? CT_ATTR_REPL_ICMP_CODE : CT_ATTR_ORIG_ICMP_CODE;
763 return !!(ct->ce_mask & attr);
764}
765
766uint8_t nfnl_ct_get_icmp_code(const struct nfnl_ct *ct, int repl)
767{
768 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
769
770 return dir->proto.icmp.code;
771}
772
773void nfnl_ct_set_packets(struct nfnl_ct *ct, int repl, uint64_t packets)
774{
775 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
776 int attr = repl ? CT_ATTR_REPL_PACKETS : CT_ATTR_ORIG_PACKETS;
777
778 dir->packets = packets;
779 ct->ce_mask |= attr;
780}
781
782int nfnl_ct_test_packets(const struct nfnl_ct *ct, int repl)
783{
784 int attr = repl ? CT_ATTR_REPL_PACKETS : CT_ATTR_ORIG_PACKETS;
785 return !!(ct->ce_mask & attr);
786}
787
788uint64_t nfnl_ct_get_packets(const struct nfnl_ct *ct, int repl)
789{
790 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
791
792 return dir->packets;
793}
794
795void nfnl_ct_set_bytes(struct nfnl_ct *ct, int repl, uint64_t bytes)
796{
797 struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
798 int attr = repl ? CT_ATTR_REPL_BYTES : CT_ATTR_ORIG_BYTES;
799
800 dir->bytes = bytes;
801 ct->ce_mask |= attr;
802}
803
804int nfnl_ct_test_bytes(const struct nfnl_ct *ct, int repl)
805{
806 int attr = repl ? CT_ATTR_REPL_BYTES : CT_ATTR_ORIG_BYTES;
807 return !!(ct->ce_mask & attr);
808}
809
810uint64_t nfnl_ct_get_bytes(const struct nfnl_ct *ct, int repl)
811{
812 const struct nfnl_ct_dir *dir = repl ? &ct->ct_repl : &ct->ct_orig;
813
814 return dir->bytes;
815}
816
817void nfnl_ct_set_timestamp(struct nfnl_ct *ct, uint64_t start, uint64_t stop)
818{
819 ct->ct_tstamp.start = start;
820 ct->ct_tstamp.stop = stop;
821 ct->ce_mask |= CT_ATTR_TIMESTAMP;
822}
823
824int nfnl_ct_test_timestamp(const struct nfnl_ct *ct)
825{
826 return !!(ct->ce_mask & CT_ATTR_TIMESTAMP);
827}
828
829const struct nfnl_ct_timestamp *nfnl_ct_get_timestamp(const struct nfnl_ct *ct)
830{
831 return &ct->ct_tstamp;
832}
833
834/** @} */
835
836struct nl_object_ops ct_obj_ops = {
837 .oo_name = "netfilter/ct",
838 .oo_size = sizeof(struct nfnl_ct),
839 .oo_free_data = ct_free_data,
840 .oo_clone = ct_clone,
841 .oo_dump = {
842 [NL_DUMP_LINE] = ct_dump_line,
843 [NL_DUMP_DETAILS] = ct_dump_details,
844 [NL_DUMP_STATS] = ct_dump_stats,
845 },
846 .oo_compare = ct_compare,
847 .oo_attrs2str = ct_attrs2str,
848};
849
850/** @} */
nl_addr_get
struct nl_addr * nl_addr_get(struct nl_addr *addr)
Increase the reference counter of an abstract address.
Definition: addr.c:522
nl_addr_cmp
int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
Compare abstract addresses.
Definition: addr.c:584
nl_addr_clone
struct nl_addr * nl_addr_clone(const struct nl_addr *addr)
Clone existing abstract address object.
Definition: addr.c:492
nl_addr2str
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:998
nl_addr_put
void nl_addr_put(struct nl_addr *addr)
Decrease the reference counter of an abstract address.
Definition: addr.c:538
nl_object_put
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:214
nl_object_get
void nl_object_get(struct nl_object *obj)
Acquire a reference on a object.
Definition: object.c:203
nl_object_alloc
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:48
nl_dump
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:955
nl_cancel_down_bytes
double nl_cancel_down_bytes(unsigned long long l, char **unit)
Cancel down a byte counter.
Definition: utils.c:163
nl_new_line
void nl_new_line(struct nl_dump_params *params)
Handle a new line while dumping.
Definition: utils.c:906
nl_msec2str
char * nl_msec2str(uint64_t msec, char *buf, size_t len)
Convert milliseconds to a character string.
Definition: utils.c:588
NL_DUMP_STATS
@ NL_DUMP_STATS
Dump all attributes including statistics.
Definition: types.h:18
NL_DUMP_LINE
@ NL_DUMP_LINE
Dump object briefly on one line.
Definition: types.h:16
NL_DUMP_DETAILS
@ NL_DUMP_DETAILS
Dump all attributes but no statistics.
Definition: types.h:17
nfnl_ct_timestamp
Definition: ct.h:23
nl_dump_params
Dumping parameters.
Definition: types.h:28