Commit 8b008faf authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Patrick McHardy

netfilter: ctnetlink: allow to specify the expectation flags

With this patch, you can specify the expectation flags for user-space
created expectations.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent bcac0dfa
...@@ -100,6 +100,10 @@ enum ip_conntrack_expect_events { ...@@ -100,6 +100,10 @@ enum ip_conntrack_expect_events {
IPEXP_NEW, /* new expectation */ IPEXP_NEW, /* new expectation */
}; };
/* expectation flags */
#define NF_CT_EXPECT_PERMANENT 0x1
#define NF_CT_EXPECT_INACTIVE 0x2
#ifdef __KERNEL__ #ifdef __KERNEL__
struct ip_conntrack_stat { struct ip_conntrack_stat {
unsigned int searched; unsigned int searched;
......
...@@ -161,6 +161,7 @@ enum ctattr_expect { ...@@ -161,6 +161,7 @@ enum ctattr_expect {
CTA_EXPECT_ID, CTA_EXPECT_ID,
CTA_EXPECT_HELP_NAME, CTA_EXPECT_HELP_NAME,
CTA_EXPECT_ZONE, CTA_EXPECT_ZONE,
CTA_EXPECT_FLAGS,
__CTA_EXPECT_MAX __CTA_EXPECT_MAX
}; };
#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
......
...@@ -67,9 +67,6 @@ struct nf_conntrack_expect_policy { ...@@ -67,9 +67,6 @@ struct nf_conntrack_expect_policy {
#define NF_CT_EXPECT_CLASS_DEFAULT 0 #define NF_CT_EXPECT_CLASS_DEFAULT 0
#define NF_CT_EXPECT_PERMANENT 0x1
#define NF_CT_EXPECT_INACTIVE 0x2
int nf_conntrack_expect_init(struct net *net); int nf_conntrack_expect_init(struct net *net);
void nf_conntrack_expect_fini(struct net *net); void nf_conntrack_expect_fini(struct net *net);
......
...@@ -1577,6 +1577,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, ...@@ -1577,6 +1577,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)); NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)); NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags));
helper = rcu_dereference(nfct_help(master)->helper); helper = rcu_dereference(nfct_help(master)->helper);
if (helper) if (helper)
NLA_PUT_STRING(skb, CTA_EXPECT_HELP_NAME, helper->name); NLA_PUT_STRING(skb, CTA_EXPECT_HELP_NAME, helper->name);
...@@ -1734,6 +1735,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = { ...@@ -1734,6 +1735,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
[CTA_EXPECT_ID] = { .type = NLA_U32 }, [CTA_EXPECT_ID] = { .type = NLA_U32 },
[CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING }, [CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING },
[CTA_EXPECT_ZONE] = { .type = NLA_U16 }, [CTA_EXPECT_ZONE] = { .type = NLA_U16 },
[CTA_EXPECT_FLAGS] = { .type = NLA_U32 },
}; };
static int static int
...@@ -1933,9 +1935,13 @@ ctnetlink_create_expect(struct net *net, u16 zone, ...@@ -1933,9 +1935,13 @@ ctnetlink_create_expect(struct net *net, u16 zone,
goto out; goto out;
} }
if (cda[CTA_EXPECT_FLAGS])
exp->flags = ntohl(nla_get_be32(cda[CTA_EXPECT_FLAGS]));
else
exp->flags = 0;
exp->class = 0; exp->class = 0;
exp->expectfn = NULL; exp->expectfn = NULL;
exp->flags = 0;
exp->master = ct; exp->master = ct;
exp->helper = NULL; exp->helper = NULL;
memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple)); memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment