From patchwork Wed Mar 14 14:14:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 885812 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netfilter.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 401YdX6NJBz9sCc for ; Thu, 15 Mar 2018 01:14:56 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751390AbeCNOO4 (ORCPT ); Wed, 14 Mar 2018 10:14:56 -0400 Received: from mail.us.es ([193.147.175.20]:57058 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751353AbeCNOOz (ORCPT ); Wed, 14 Mar 2018 10:14:55 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 6DB92396278 for ; Wed, 14 Mar 2018 15:14:49 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 5DA9191ACF for ; Wed, 14 Mar 2018 15:14:49 +0100 (CET) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 5C6F291ACC; Wed, 14 Mar 2018 15:14:49 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 5E6CD91AD4 for ; Wed, 14 Mar 2018 15:14:47 +0100 (CET) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Wed, 14 Mar 2018 15:14:47 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (129.166.216.87.static.jazztel.es [87.216.166.129]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 17D0941A3F20 for ; Wed, 14 Mar 2018 15:14:47 +0100 (CET) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Subject: [PATCH conntrack-tools] src: synproxy support Date: Wed, 14 Mar 2018 15:14:48 +0100 Message-Id: <20180314141448.3023-1-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 X-Virus-Scanned: ClamAV using ClamSMTP Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Pablo Neira Ayuso --- include/network.h | 7 +++++++ src/build.c | 16 ++++++++++++++++ src/parse.c | 14 ++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/include/network.h b/include/network.h index ec9fadf8dc6f..95aad8232bc8 100644 --- a/include/network.h +++ b/include/network.h @@ -231,6 +231,7 @@ enum nta_attr { NTA_LABELS, /* array of uint32_t (variable length) */ NTA_SNAT_IPV6, /* uint32_t * 4 */ NTA_DNAT_IPV6, /* uint32_t * 4 */ + NTA_SYNPROXY, /* struct nft_attr_synproxy */ NTA_MAX }; @@ -246,6 +247,12 @@ struct nta_attr_natseqadj { uint32_t repl_seq_offset_after; }; +struct nta_attr_synproxy { + uint32_t its; + uint32_t isn; + uint32_t tsoff; +}; + void ct2msg(const struct nf_conntrack *ct, struct nethdr *n); int msg2ct(struct nf_conntrack *ct, struct nethdr *n, size_t remain); diff --git a/src/build.c b/src/build.c index 540330030de4..99ff230ff58d 100644 --- a/src/build.c +++ b/src/build.c @@ -107,6 +107,17 @@ ct_build_natseqadj(const struct nf_conntrack *ct, struct nethdr *n) addattr(n, NTA_NAT_SEQ_ADJ, &data, sizeof(struct nta_attr_natseqadj)); } +static inline void +ct_build_synproxy(const struct nf_conntrack *ct, struct nethdr *n) +{ + struct nta_attr_synproxy data = { + .isn = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_ISN)), + .its = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_ITS)), + .tsoff = htonl(nfct_get_attr_u32(ct, ATTR_SYNPROXY_TSOFF)), + }; + addattr(n, NTA_SYNPROXY, &data, sizeof(struct nta_attr_synproxy)); +} + static enum nf_conntrack_attr nat_type[] = { ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_CORRECTION_POS, @@ -299,6 +310,11 @@ void ct2msg(const struct nf_conntrack *ct, struct nethdr *n) if (nfct_attr_is_set(ct, ATTR_CONNLABELS)) ct_build_clabel(ct, n); + + if (nfct_attr_is_set(ct, ATTR_SYNPROXY_ISN) && + nfct_attr_is_set(ct, ATTR_SYNPROXY_ITS) && + nfct_attr_is_set(ct, ATTR_SYNPROXY_TSOFF)) + ct_build_synproxy(ct, n); } static void diff --git a/src/parse.c b/src/parse.c index d5d9b59cb653..7e524eda314f 100644 --- a/src/parse.c +++ b/src/parse.c @@ -34,6 +34,7 @@ static void ct_parse_str(struct nf_conntrack *ct, const struct netattr *, void *data); static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_synproxy(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_clabel(struct nf_conntrack *ct, const struct netattr *, void *data); @@ -200,6 +201,10 @@ static struct ct_parser h[NTA_MAX] = { .attr = ATTR_DNAT_IPV6, .size = NTA_SIZE(sizeof(uint32_t) * 4), }, + [NTA_SYNPROXY] = { + .parse = ct_parse_synproxy, + .size = NTA_SIZE(sizeof(struct nta_attr_synproxy)), + }, }; static void @@ -297,6 +302,15 @@ ct_parse_nat_seq_adj(struct nf_conntrack *ct, int attr, void *data) ntohl(this->repl_seq_offset_after)); } +static void ct_parse_synproxy(struct nf_conntrack *ct, int attr, void *data) +{ + struct nta_attr_synproxy *this = data; + + nfct_set_attr_u32(ct, ATTR_SYNPROXY_ISN, ntohl(this->isn)); + nfct_set_attr_u32(ct, ATTR_SYNPROXY_ITS, ntohl(this->its)); + nfct_set_attr_u32(ct, ATTR_SYNPROXY_TSOFF, ntohl(this->tsoff)); +} + int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain) { int len;