netfilter: ctnetlink: allow to specify the expectation flags
With this patch, you can specify the expectation flags for user-space created expectations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
bcac0dfab1
commit
8b008faf92
4 changed files with 12 additions and 4 deletions
|
@ -100,6 +100,10 @@ enum ip_conntrack_expect_events {
|
|||
IPEXP_NEW, /* new expectation */
|
||||
};
|
||||
|
||||
/* expectation flags */
|
||||
#define NF_CT_EXPECT_PERMANENT 0x1
|
||||
#define NF_CT_EXPECT_INACTIVE 0x2
|
||||
|
||||
#ifdef __KERNEL__
|
||||
struct ip_conntrack_stat {
|
||||
unsigned int searched;
|
||||
|
|
|
@ -161,6 +161,7 @@ enum ctattr_expect {
|
|||
CTA_EXPECT_ID,
|
||||
CTA_EXPECT_HELP_NAME,
|
||||
CTA_EXPECT_ZONE,
|
||||
CTA_EXPECT_FLAGS,
|
||||
__CTA_EXPECT_MAX
|
||||
};
|
||||
#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
|
||||
|
|
|
@ -67,9 +67,6 @@ struct nf_conntrack_expect_policy {
|
|||
|
||||
#define NF_CT_EXPECT_CLASS_DEFAULT 0
|
||||
|
||||
#define NF_CT_EXPECT_PERMANENT 0x1
|
||||
#define NF_CT_EXPECT_INACTIVE 0x2
|
||||
|
||||
int nf_conntrack_expect_init(struct net *net);
|
||||
void nf_conntrack_expect_fini(struct net *net);
|
||||
|
||||
|
|
|
@ -1577,6 +1577,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
|
|||
|
||||
NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
|
||||
NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
|
||||
NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags));
|
||||
helper = rcu_dereference(nfct_help(master)->helper);
|
||||
if (helper)
|
||||
NLA_PUT_STRING(skb, CTA_EXPECT_HELP_NAME, helper->name);
|
||||
|
@ -1734,6 +1735,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
|
|||
[CTA_EXPECT_ID] = { .type = NLA_U32 },
|
||||
[CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING },
|
||||
[CTA_EXPECT_ZONE] = { .type = NLA_U16 },
|
||||
[CTA_EXPECT_FLAGS] = { .type = NLA_U32 },
|
||||
};
|
||||
|
||||
static int
|
||||
|
@ -1933,9 +1935,13 @@ ctnetlink_create_expect(struct net *net, u16 zone,
|
|||
goto out;
|
||||
}
|
||||
|
||||
if (cda[CTA_EXPECT_FLAGS])
|
||||
exp->flags = ntohl(nla_get_be32(cda[CTA_EXPECT_FLAGS]));
|
||||
else
|
||||
exp->flags = 0;
|
||||
|
||||
exp->class = 0;
|
||||
exp->expectfn = NULL;
|
||||
exp->flags = 0;
|
||||
exp->master = ct;
|
||||
exp->helper = NULL;
|
||||
memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
|
||||
|
|
Loading…
Reference in a new issue