1 /*
2 * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
8 */
9
10 #include "internal/internal.h"
11 #include <linux/icmp.h>
12 #include <linux/icmpv6.h>
13
14 static const uint8_t invmap_icmp[] = {
15 [ICMP_ECHO] = ICMP_ECHOREPLY + 1,
16 [ICMP_ECHOREPLY] = ICMP_ECHO + 1,
17 [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1,
18 [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1,
19 [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1,
20 [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1,
21 [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1,
22 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
23 };
24
25 #ifndef ICMPV6_NI_QUERY
26 #define ICMPV6_NI_QUERY 139
27 #endif
28
29 #ifndef ICMPV6_NI_REPLY
30 #define ICMPV6_NI_REPLY 140
31 #endif
32
33 static const uint8_t invmap_icmpv6[] = {
34 [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1,
35 [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1,
36 [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1,
37 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1
38 };
39
40 static void
set_attr_orig_ipv4_src(struct nf_conntrack * ct,const void * value,size_t len)41 set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len)
42 {
43 ct->head.orig.src.v4 = *((uint32_t *) value);
44 }
45
46 static void
set_attr_orig_ipv4_dst(struct nf_conntrack * ct,const void * value,size_t len)47 set_attr_orig_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len)
48 {
49 ct->head.orig.dst.v4 = *((uint32_t *) value);
50 }
51
52 static void
set_attr_repl_ipv4_src(struct nf_conntrack * ct,const void * value,size_t len)53 set_attr_repl_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len)
54 {
55 ct->repl.src.v4 = *((uint32_t *) value);
56 }
57
58 static void
set_attr_repl_ipv4_dst(struct nf_conntrack * ct,const void * value,size_t len)59 set_attr_repl_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len)
60 {
61 ct->repl.dst.v4 = *((uint32_t *) value);
62 }
63
64 static void
set_attr_orig_ipv6_src(struct nf_conntrack * ct,const void * value,size_t len)65 set_attr_orig_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len)
66 {
67 memcpy(&ct->head.orig.src.v6, value, sizeof(uint32_t)*4);
68 }
69
70 static void
set_attr_orig_ipv6_dst(struct nf_conntrack * ct,const void * value,size_t len)71 set_attr_orig_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len)
72 {
73 memcpy(&ct->head.orig.dst.v6, value, sizeof(uint32_t)*4);
74 }
75
76 static void
set_attr_repl_ipv6_src(struct nf_conntrack * ct,const void * value,size_t len)77 set_attr_repl_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len)
78 {
79 memcpy(&ct->repl.src.v6, value, sizeof(uint32_t)*4);
80 }
81
82 static void
set_attr_repl_ipv6_dst(struct nf_conntrack * ct,const void * value,size_t len)83 set_attr_repl_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len)
84 {
85 memcpy(&ct->repl.dst.v6, value, sizeof(uint32_t)*4);
86 }
87
88 static void
set_attr_orig_port_src(struct nf_conntrack * ct,const void * value,size_t len)89 set_attr_orig_port_src(struct nf_conntrack *ct, const void *value, size_t len)
90 {
91 ct->head.orig.l4src.all = *((uint16_t *) value);
92 }
93
94 static void
set_attr_orig_port_dst(struct nf_conntrack * ct,const void * value,size_t len)95 set_attr_orig_port_dst(struct nf_conntrack *ct, const void *value, size_t len)
96 {
97 ct->head.orig.l4dst.all = *((uint16_t *) value);
98 }
99
100 static void
set_attr_repl_port_src(struct nf_conntrack * ct,const void * value,size_t len)101 set_attr_repl_port_src(struct nf_conntrack *ct, const void *value, size_t len)
102 {
103 ct->repl.l4src.all = *((uint16_t *) value);
104 }
105
106 static void
set_attr_repl_port_dst(struct nf_conntrack * ct,const void * value,size_t len)107 set_attr_repl_port_dst(struct nf_conntrack *ct, const void *value, size_t len)
108 {
109 ct->repl.l4dst.all = *((uint16_t *) value);
110 }
111
112 static void
set_attr_orig_zone(struct nf_conntrack * ct,const void * value,size_t len)113 set_attr_orig_zone(struct nf_conntrack *ct, const void *value, size_t len)
114 {
115 ct->head.orig.zone = *((uint16_t *) value);
116 }
117
118 static void
set_attr_repl_zone(struct nf_conntrack * ct,const void * value,size_t len)119 set_attr_repl_zone(struct nf_conntrack *ct, const void *value, size_t len)
120 {
121 ct->repl.zone = *((uint16_t *) value);
122 }
123
124 static void
set_attr_icmp_type(struct nf_conntrack * ct,const void * value,size_t len)125 set_attr_icmp_type(struct nf_conntrack *ct, const void *value, size_t len)
126 {
127 uint8_t rtype;
128
129 ct->head.orig.l4dst.icmp.type = *((uint8_t *) value);
130
131 switch(ct->head.orig.l3protonum) {
132 case AF_INET:
133 rtype = invmap_icmp[*((uint8_t *) value)];
134 break;
135
136 case AF_INET6:
137 rtype = invmap_icmpv6[*((uint8_t *) value) - 128];
138 break;
139
140 default:
141 rtype = 0; /* not found */
142 }
143
144 if (rtype)
145 ct->repl.l4dst.icmp.type = rtype - 1;
146 else
147 ct->repl.l4dst.icmp.type = 255; /* will fail with -EINVAL */
148
149 }
150
151 static void
set_attr_icmp_code(struct nf_conntrack * ct,const void * value,size_t len)152 set_attr_icmp_code(struct nf_conntrack *ct, const void *value, size_t len)
153 {
154 ct->head.orig.l4dst.icmp.code = *((uint8_t *) value);
155 ct->repl.l4dst.icmp.code = *((uint8_t *) value);
156 }
157
158 static void
set_attr_icmp_id(struct nf_conntrack * ct,const void * value,size_t len)159 set_attr_icmp_id(struct nf_conntrack *ct, const void *value, size_t len)
160 {
161 ct->head.orig.l4src.icmp.id = *((uint16_t *) value);
162 ct->repl.l4src.icmp.id = *((uint16_t *) value);
163 }
164
165 static void
set_attr_orig_l3proto(struct nf_conntrack * ct,const void * value,size_t len)166 set_attr_orig_l3proto(struct nf_conntrack *ct, const void *value, size_t len)
167 {
168 ct->head.orig.l3protonum = *((uint8_t *) value);
169 }
170
171 static void
set_attr_repl_l3proto(struct nf_conntrack * ct,const void * value,size_t len)172 set_attr_repl_l3proto(struct nf_conntrack *ct, const void *value, size_t len)
173 {
174 ct->repl.l3protonum = *((uint8_t *) value);
175 }
176
177 static void
set_attr_orig_l4proto(struct nf_conntrack * ct,const void * value,size_t len)178 set_attr_orig_l4proto(struct nf_conntrack *ct, const void *value, size_t len)
179 {
180 ct->head.orig.protonum = *((uint8_t *) value);
181 }
182
183 static void
set_attr_repl_l4proto(struct nf_conntrack * ct,const void * value,size_t len)184 set_attr_repl_l4proto(struct nf_conntrack *ct, const void *value, size_t len)
185 {
186 ct->repl.protonum = *((uint8_t *) value);
187 }
188
189 static void
set_attr_tcp_state(struct nf_conntrack * ct,const void * value,size_t len)190 set_attr_tcp_state(struct nf_conntrack *ct, const void *value, size_t len)
191 {
192 ct->protoinfo.tcp.state = *((uint8_t *) value);
193 }
194
195 static void
set_attr_tcp_flags_orig(struct nf_conntrack * ct,const void * value,size_t len)196 set_attr_tcp_flags_orig(struct nf_conntrack *ct, const void *value, size_t len)
197 {
198 ct->protoinfo.tcp.flags[__DIR_ORIG].value = *((uint8_t *) value);
199 }
200
201 static void
set_attr_tcp_mask_orig(struct nf_conntrack * ct,const void * value,size_t len)202 set_attr_tcp_mask_orig(struct nf_conntrack *ct, const void *value, size_t len)
203 {
204 ct->protoinfo.tcp.flags[__DIR_ORIG].mask = *((uint8_t *) value);
205 }
206
207 static void
set_attr_tcp_flags_repl(struct nf_conntrack * ct,const void * value,size_t len)208 set_attr_tcp_flags_repl(struct nf_conntrack *ct, const void *value, size_t len)
209 {
210 ct->protoinfo.tcp.flags[__DIR_REPL].value = *((uint8_t *) value);
211 }
212
213 static void
set_attr_tcp_mask_repl(struct nf_conntrack * ct,const void * value,size_t len)214 set_attr_tcp_mask_repl(struct nf_conntrack *ct, const void *value, size_t len)
215 {
216 ct->protoinfo.tcp.flags[__DIR_REPL].mask = *((uint8_t *) value);
217 }
218
219 static void
set_attr_sctp_state(struct nf_conntrack * ct,const void * value,size_t len)220 set_attr_sctp_state(struct nf_conntrack *ct, const void *value, size_t len)
221 {
222 ct->protoinfo.sctp.state = *((uint8_t *) value);
223 }
224
225 static void
set_attr_sctp_vtag_orig(struct nf_conntrack * ct,const void * value,size_t len)226 set_attr_sctp_vtag_orig(struct nf_conntrack *ct, const void *value, size_t len)
227 {
228 ct->protoinfo.sctp.vtag[__DIR_ORIG] = *((uint32_t *) value);
229 }
230
231 static void
set_attr_sctp_vtag_repl(struct nf_conntrack * ct,const void * value,size_t len)232 set_attr_sctp_vtag_repl(struct nf_conntrack *ct, const void *value, size_t len)
233 {
234 ct->protoinfo.sctp.vtag[__DIR_REPL] = *((uint32_t *) value);
235 }
236
237 static void
set_attr_snat_ipv4(struct nf_conntrack * ct,const void * value,size_t len)238 set_attr_snat_ipv4(struct nf_conntrack *ct, const void *value, size_t len)
239 {
240 ct->snat.min_ip.v4 = ct->snat.max_ip.v4 = *((uint32_t *) value);
241 }
242
243 static void
set_attr_dnat_ipv4(struct nf_conntrack * ct,const void * value,size_t len)244 set_attr_dnat_ipv4(struct nf_conntrack *ct, const void *value, size_t len)
245 {
246 ct->dnat.min_ip.v4 = ct->dnat.max_ip.v4 = *((uint32_t *) value);
247 }
248
249 static void
set_attr_snat_ipv6(struct nf_conntrack * ct,const void * value,size_t len)250 set_attr_snat_ipv6(struct nf_conntrack *ct, const void *value, size_t len)
251 {
252 memcpy(&ct->snat.min_ip.v6, value, sizeof(struct in6_addr));
253 memcpy(&ct->snat.max_ip.v6, value, sizeof(struct in6_addr));
254 }
255
256 static void
set_attr_dnat_ipv6(struct nf_conntrack * ct,const void * value,size_t len)257 set_attr_dnat_ipv6(struct nf_conntrack *ct, const void *value, size_t len)
258 {
259 memcpy(&ct->dnat.min_ip.v6, value, sizeof(struct in6_addr));
260 memcpy(&ct->dnat.max_ip.v6, value, sizeof(struct in6_addr));
261 }
262
263 static void
set_attr_snat_port(struct nf_conntrack * ct,const void * value,size_t len)264 set_attr_snat_port(struct nf_conntrack *ct, const void *value, size_t len)
265 {
266 ct->snat.l4min.all = ct->snat.l4max.all = *((uint16_t *) value);
267 }
268
269 static void
set_attr_dnat_port(struct nf_conntrack * ct,const void * value,size_t len)270 set_attr_dnat_port(struct nf_conntrack *ct, const void *value, size_t len)
271 {
272 ct->dnat.l4min.all = ct->dnat.l4max.all = *((uint16_t *) value);
273 }
274
275 static void
set_attr_timeout(struct nf_conntrack * ct,const void * value,size_t len)276 set_attr_timeout(struct nf_conntrack *ct, const void *value, size_t len)
277 {
278 ct->timeout = *((uint32_t *) value);
279 }
280
281 static void
set_attr_mark(struct nf_conntrack * ct,const void * value,size_t len)282 set_attr_mark(struct nf_conntrack *ct, const void *value, size_t len)
283 {
284 ct->mark = *((uint32_t *) value);
285 }
286
287 static void
set_attr_secmark(struct nf_conntrack * ct,const void * value,size_t len)288 set_attr_secmark(struct nf_conntrack *ct, const void *value, size_t len)
289 {
290 ct->secmark = *((uint32_t *) value);
291 }
292
293 static void
set_attr_status(struct nf_conntrack * ct,const void * value,size_t len)294 set_attr_status(struct nf_conntrack *ct, const void *value, size_t len)
295 {
296 ct->status = *((uint32_t *) value);
297 }
298
299 static void
set_attr_id(struct nf_conntrack * ct,const void * value,size_t len)300 set_attr_id(struct nf_conntrack *ct, const void *value, size_t len)
301 {
302 ct->id = *((uint32_t *) value);
303 }
304
305 static void
set_attr_master_ipv4_src(struct nf_conntrack * ct,const void * value,size_t len)306 set_attr_master_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len)
307 {
308 ct->master.src.v4 = *((uint32_t *) value);
309 }
310
311 static void
set_attr_master_ipv4_dst(struct nf_conntrack * ct,const void * value,size_t len)312 set_attr_master_ipv4_dst(struct nf_conntrack *ct, const void *value, size_t len)
313 {
314 ct->master.dst.v4 = *((uint32_t *) value);
315 }
316
317 static void
set_attr_master_ipv6_src(struct nf_conntrack * ct,const void * value,size_t len)318 set_attr_master_ipv6_src(struct nf_conntrack *ct, const void *value, size_t len)
319 {
320 memcpy(&ct->master.src.v6, value, sizeof(uint32_t)*4);
321 }
322
323 static void
set_attr_master_ipv6_dst(struct nf_conntrack * ct,const void * value,size_t len)324 set_attr_master_ipv6_dst(struct nf_conntrack *ct, const void *value, size_t len)
325 {
326 memcpy(&ct->master.dst.v6, value, sizeof(uint32_t)*4);
327 }
328
329 static void
set_attr_master_port_src(struct nf_conntrack * ct,const void * value,size_t len)330 set_attr_master_port_src(struct nf_conntrack *ct, const void *value, size_t len)
331 {
332 ct->master.l4src.all = *((uint16_t *) value);
333 }
334
335 static void
set_attr_master_port_dst(struct nf_conntrack * ct,const void * value,size_t len)336 set_attr_master_port_dst(struct nf_conntrack *ct, const void *value, size_t len)
337 {
338 ct->master.l4dst.all = *((uint16_t *) value);
339 }
340
341 static void
set_attr_master_l3proto(struct nf_conntrack * ct,const void * value,size_t len)342 set_attr_master_l3proto(struct nf_conntrack *ct, const void *value, size_t len)
343 {
344 ct->master.l3protonum = *((uint8_t *) value);
345 }
346
347 static void
set_attr_master_l4proto(struct nf_conntrack * ct,const void * value,size_t len)348 set_attr_master_l4proto(struct nf_conntrack *ct, const void *value, size_t len)
349 {
350 ct->master.protonum = *((uint8_t *) value);
351 }
352
353 static void
set_attr_orig_cor_pos(struct nf_conntrack * ct,const void * value,size_t len)354 set_attr_orig_cor_pos(struct nf_conntrack *ct, const void *value, size_t len)
355 {
356 ct->natseq[__DIR_ORIG].correction_pos = *((uint32_t *) value);
357 }
358
359 static void
set_attr_orig_off_bfr(struct nf_conntrack * ct,const void * value,size_t len)360 set_attr_orig_off_bfr(struct nf_conntrack *ct, const void *value, size_t len)
361 {
362 ct->natseq[__DIR_ORIG].offset_before = *((uint32_t *) value);
363 }
364
365 static void
set_attr_orig_off_aft(struct nf_conntrack * ct,const void * value,size_t len)366 set_attr_orig_off_aft(struct nf_conntrack *ct, const void *value, size_t len)
367 {
368 ct->natseq[__DIR_ORIG].offset_after = *((uint32_t *) value);
369 }
370
371 static void
set_attr_repl_cor_pos(struct nf_conntrack * ct,const void * value,size_t len)372 set_attr_repl_cor_pos(struct nf_conntrack *ct, const void *value, size_t len)
373 {
374 ct->natseq[__DIR_REPL].correction_pos = *((uint32_t *) value);
375 }
376
377 static void
set_attr_repl_off_bfr(struct nf_conntrack * ct,const void * value,size_t len)378 set_attr_repl_off_bfr(struct nf_conntrack *ct, const void *value, size_t len)
379 {
380 ct->natseq[__DIR_REPL].offset_before = *((uint32_t *) value);
381 }
382
383 static void
set_attr_repl_off_aft(struct nf_conntrack * ct,const void * value,size_t len)384 set_attr_repl_off_aft(struct nf_conntrack *ct, const void *value, size_t len)
385 {
386 ct->natseq[__DIR_REPL].offset_after = *((uint32_t *) value);
387 }
388
389 static void
set_attr_helper_name(struct nf_conntrack * ct,const void * value,size_t len)390 set_attr_helper_name(struct nf_conntrack *ct, const void *value, size_t len)
391 {
392 strncpy(ct->helper_name, value, NFCT_HELPER_NAME_MAX);
393 ct->helper_name[NFCT_HELPER_NAME_MAX-1] = '\0';
394 }
395
396 static void
set_attr_dccp_state(struct nf_conntrack * ct,const void * value,size_t len)397 set_attr_dccp_state(struct nf_conntrack *ct, const void *value, size_t len)
398 {
399 ct->protoinfo.dccp.state = *((uint8_t *) value);
400 }
401
402 static void
set_attr_dccp_role(struct nf_conntrack * ct,const void * value,size_t len)403 set_attr_dccp_role(struct nf_conntrack *ct, const void *value, size_t len)
404 {
405 ct->protoinfo.dccp.role = *((uint8_t *) value);
406 }
407
408 static void
set_attr_dccp_handshake_seq(struct nf_conntrack * ct,const void * value,size_t len)409 set_attr_dccp_handshake_seq(struct nf_conntrack *ct, const void *value,
410 size_t len)
411 {
412 ct->protoinfo.dccp.handshake_seq = *((uint64_t *) value);
413 }
414
415 static void
set_attr_tcp_wscale_orig(struct nf_conntrack * ct,const void * value,size_t len)416 set_attr_tcp_wscale_orig(struct nf_conntrack *ct, const void *value, size_t len)
417 {
418 ct->protoinfo.tcp.wscale[__DIR_ORIG] = *((uint8_t *) value);
419 }
420
421 static void
set_attr_tcp_wscale_repl(struct nf_conntrack * ct,const void * value,size_t len)422 set_attr_tcp_wscale_repl(struct nf_conntrack *ct, const void *value, size_t len)
423 {
424 ct->protoinfo.tcp.wscale[__DIR_REPL] = *((uint8_t *) value);
425 }
426
427 static void
set_attr_zone(struct nf_conntrack * ct,const void * value,size_t len)428 set_attr_zone(struct nf_conntrack *ct, const void *value, size_t len)
429 {
430 ct->zone = *((uint16_t *) value);
431 }
432
433 static void
set_attr_helper_info(struct nf_conntrack * ct,const void * value,size_t len)434 set_attr_helper_info(struct nf_conntrack *ct, const void *value, size_t len)
435 {
436 if (ct->helper_info == NULL) {
437 retry:
438 ct->helper_info = calloc(1, len);
439 if (ct->helper_info == NULL)
440 return;
441
442 memcpy(ct->helper_info, value, len);
443 } else {
444 free(ct->helper_info);
445 goto retry;
446 }
447 }
448
449 static void
do_set_attr_connlabels(struct nfct_bitmask * current,const void * value)450 do_set_attr_connlabels(struct nfct_bitmask *current, const void *value)
451 {
452 if (current && current != value)
453 nfct_bitmask_destroy(current);
454 }
455
456 static void
set_attr_connlabels(struct nf_conntrack * ct,const void * value,size_t len)457 set_attr_connlabels(struct nf_conntrack *ct, const void *value, size_t len)
458 {
459 do_set_attr_connlabels(ct->connlabels, value);
460 ct->connlabels = (void *) value;
461 }
462
463 static void
set_attr_connlabels_mask(struct nf_conntrack * ct,const void * value,size_t len)464 set_attr_connlabels_mask(struct nf_conntrack *ct, const void *value, size_t len)
465 {
466 do_set_attr_connlabels(ct->connlabels_mask, value);
467 ct->connlabels_mask = (void *) value;
468 }
469
470 static void
set_attr_do_nothing(struct nf_conntrack * ct,const void * value,size_t len)471 set_attr_do_nothing(struct nf_conntrack *ct, const void *value, size_t len) {}
472
473 const set_attr set_attr_array[ATTR_MAX] = {
474 [ATTR_ORIG_IPV4_SRC] = set_attr_orig_ipv4_src,
475 [ATTR_ORIG_IPV4_DST] = set_attr_orig_ipv4_dst,
476 [ATTR_REPL_IPV4_SRC] = set_attr_repl_ipv4_src,
477 [ATTR_REPL_IPV4_DST] = set_attr_repl_ipv4_dst,
478 [ATTR_ORIG_IPV6_SRC] = set_attr_orig_ipv6_src,
479 [ATTR_ORIG_IPV6_DST] = set_attr_orig_ipv6_dst,
480 [ATTR_REPL_IPV6_SRC] = set_attr_repl_ipv6_src,
481 [ATTR_REPL_IPV6_DST] = set_attr_repl_ipv6_dst,
482 [ATTR_ORIG_PORT_SRC] = set_attr_orig_port_src,
483 [ATTR_ORIG_PORT_DST] = set_attr_orig_port_dst,
484 [ATTR_REPL_PORT_SRC] = set_attr_repl_port_src,
485 [ATTR_REPL_PORT_DST] = set_attr_repl_port_dst,
486 [ATTR_ICMP_TYPE] = set_attr_icmp_type,
487 [ATTR_ICMP_CODE] = set_attr_icmp_code,
488 [ATTR_ICMP_ID] = set_attr_icmp_id,
489 [ATTR_ORIG_L3PROTO] = set_attr_orig_l3proto,
490 [ATTR_REPL_L3PROTO] = set_attr_repl_l3proto,
491 [ATTR_ORIG_L4PROTO] = set_attr_orig_l4proto,
492 [ATTR_REPL_L4PROTO] = set_attr_repl_l4proto,
493 [ATTR_TCP_STATE] = set_attr_tcp_state,
494 [ATTR_SNAT_IPV4] = set_attr_snat_ipv4,
495 [ATTR_DNAT_IPV4] = set_attr_dnat_ipv4,
496 [ATTR_SNAT_PORT] = set_attr_snat_port,
497 [ATTR_DNAT_PORT] = set_attr_dnat_port,
498 [ATTR_TIMEOUT] = set_attr_timeout,
499 [ATTR_MARK] = set_attr_mark,
500 [ATTR_ORIG_COUNTER_PACKETS] = set_attr_do_nothing,
501 [ATTR_REPL_COUNTER_PACKETS] = set_attr_do_nothing,
502 [ATTR_ORIG_COUNTER_BYTES] = set_attr_do_nothing,
503 [ATTR_REPL_COUNTER_BYTES] = set_attr_do_nothing,
504 [ATTR_USE] = set_attr_do_nothing,
505 [ATTR_ID] = set_attr_id,
506 [ATTR_STATUS] = set_attr_status,
507 [ATTR_TCP_FLAGS_ORIG] = set_attr_tcp_flags_orig,
508 [ATTR_TCP_FLAGS_REPL] = set_attr_tcp_flags_repl,
509 [ATTR_TCP_MASK_ORIG] = set_attr_tcp_mask_orig,
510 [ATTR_TCP_MASK_REPL] = set_attr_tcp_mask_repl,
511 [ATTR_MASTER_IPV4_SRC] = set_attr_master_ipv4_src,
512 [ATTR_MASTER_IPV4_DST] = set_attr_master_ipv4_dst,
513 [ATTR_MASTER_IPV6_SRC] = set_attr_master_ipv6_src,
514 [ATTR_MASTER_IPV6_DST] = set_attr_master_ipv6_dst,
515 [ATTR_MASTER_PORT_SRC] = set_attr_master_port_src,
516 [ATTR_MASTER_PORT_DST] = set_attr_master_port_dst,
517 [ATTR_MASTER_L3PROTO] = set_attr_master_l3proto,
518 [ATTR_MASTER_L4PROTO] = set_attr_master_l4proto,
519 [ATTR_SECMARK] = set_attr_secmark,
520 [ATTR_ORIG_NAT_SEQ_CORRECTION_POS] = set_attr_orig_cor_pos,
521 [ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE] = set_attr_orig_off_bfr,
522 [ATTR_ORIG_NAT_SEQ_OFFSET_AFTER] = set_attr_orig_off_aft,
523 [ATTR_REPL_NAT_SEQ_CORRECTION_POS] = set_attr_repl_cor_pos,
524 [ATTR_REPL_NAT_SEQ_OFFSET_BEFORE] = set_attr_repl_off_bfr,
525 [ATTR_REPL_NAT_SEQ_OFFSET_AFTER] = set_attr_repl_off_aft,
526 [ATTR_SCTP_STATE] = set_attr_sctp_state,
527 [ATTR_SCTP_VTAG_ORIG] = set_attr_sctp_vtag_orig,
528 [ATTR_SCTP_VTAG_REPL] = set_attr_sctp_vtag_repl,
529 [ATTR_HELPER_NAME] = set_attr_helper_name,
530 [ATTR_DCCP_STATE] = set_attr_dccp_state,
531 [ATTR_DCCP_ROLE] = set_attr_dccp_role,
532 [ATTR_DCCP_HANDSHAKE_SEQ] = set_attr_dccp_handshake_seq,
533 [ATTR_TCP_WSCALE_ORIG] = set_attr_tcp_wscale_orig,
534 [ATTR_TCP_WSCALE_REPL] = set_attr_tcp_wscale_repl,
535 [ATTR_ZONE] = set_attr_zone,
536 [ATTR_ORIG_ZONE] = set_attr_orig_zone,
537 [ATTR_REPL_ZONE] = set_attr_repl_zone,
538 [ATTR_SECCTX] = set_attr_do_nothing,
539 [ATTR_TIMESTAMP_START] = set_attr_do_nothing,
540 [ATTR_TIMESTAMP_STOP] = set_attr_do_nothing,
541 [ATTR_HELPER_INFO] = set_attr_helper_info,
542 [ATTR_CONNLABELS] = set_attr_connlabels,
543 [ATTR_CONNLABELS_MASK] = set_attr_connlabels_mask,
544 [ATTR_SNAT_IPV6] = set_attr_snat_ipv6,
545 [ATTR_DNAT_IPV6] = set_attr_dnat_ipv6,
546 };
547