[NETFILTER] ctnetlink: add support to change protocol info
This patch add support to change the state of the private protocol information via conntrack_netlink. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
3392315375
commit
061cb4a0ec
1 changed files with 37 additions and 0 deletions
|
@ -949,6 +949,31 @@ ctnetlink_change_timeout(struct ip_conntrack *ct, struct nfattr *cda[])
|
|||
return 0;
|
||||
}
|
||||
|
||||
static inline int
|
||||
ctnetlink_change_protoinfo(struct ip_conntrack *ct, struct nfattr *cda[])
|
||||
{
|
||||
struct nfattr *tb[CTA_PROTOINFO_MAX], *attr = cda[CTA_PROTOINFO-1];
|
||||
struct ip_conntrack_protocol *proto;
|
||||
u_int16_t npt = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
|
||||
int err = 0;
|
||||
|
||||
if (nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr) < 0)
|
||||
goto nfattr_failure;
|
||||
|
||||
proto = ip_conntrack_proto_find_get(npt);
|
||||
if (!proto)
|
||||
return -EINVAL;
|
||||
|
||||
if (proto->from_nfattr)
|
||||
err = proto->from_nfattr(tb, ct);
|
||||
ip_conntrack_proto_put(proto);
|
||||
|
||||
return err;
|
||||
|
||||
nfattr_failure:
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
static int
|
||||
ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
|
||||
{
|
||||
|
@ -974,6 +999,12 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
|
|||
return err;
|
||||
}
|
||||
|
||||
if (cda[CTA_PROTOINFO-1]) {
|
||||
err = ctnetlink_change_protoinfo(ct, cda);
|
||||
if (err < 0)
|
||||
return err;
|
||||
}
|
||||
|
||||
DEBUGP("all done\n");
|
||||
return 0;
|
||||
}
|
||||
|
@ -1003,6 +1034,12 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
|
|||
if (err < 0)
|
||||
goto err;
|
||||
|
||||
if (cda[CTA_PROTOINFO-1]) {
|
||||
err = ctnetlink_change_protoinfo(ct, cda);
|
||||
if (err < 0)
|
||||
return err;
|
||||
}
|
||||
|
||||
ct->helper = ip_conntrack_helper_find_get(rtuple);
|
||||
|
||||
add_timer(&ct->timeout);
|
||||
|
|
Loading…
Reference in a new issue