diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-04 21:21:12 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-07 11:40:42 -0500 |
| commit | b8c5e52c13edc99ce192d78c8a7fe2fd626ac643 (patch) | |
| tree | 2431b37abab0f9b288098b17a47ca601c38c57a8 /net/netfilter | |
| parent | 660fdb2a0f5f670da4728d7028d3227296e0226c (diff) | |
netfilter: ctnetlink: allow to set expectation class
This patch allows you to set the expectation class.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 1b0aea620d62..b6ea39770c80 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -1691,6 +1691,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | |||
| 1691 | NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)); | 1691 | NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)); |
| 1692 | NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)); | 1692 | NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)); |
| 1693 | NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)); | 1693 | NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)); |
| 1694 | NLA_PUT_BE32(skb, CTA_EXPECT_CLASS, htonl(exp->class)); | ||
| 1694 | help = nfct_help(master); | 1695 | help = nfct_help(master); |
| 1695 | if (help) { | 1696 | if (help) { |
| 1696 | struct nf_conntrack_helper *helper; | 1697 | struct nf_conntrack_helper *helper; |
| @@ -1856,6 +1857,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = { | |||
| 1856 | [CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING }, | 1857 | [CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING }, |
| 1857 | [CTA_EXPECT_ZONE] = { .type = NLA_U16 }, | 1858 | [CTA_EXPECT_ZONE] = { .type = NLA_U16 }, |
| 1858 | [CTA_EXPECT_FLAGS] = { .type = NLA_U32 }, | 1859 | [CTA_EXPECT_FLAGS] = { .type = NLA_U32 }, |
| 1860 | [CTA_EXPECT_CLASS] = { .type = NLA_U32 }, | ||
| 1859 | }; | 1861 | }; |
| 1860 | 1862 | ||
| 1861 | static int | 1863 | static int |
| @@ -2043,6 +2045,7 @@ ctnetlink_create_expect(struct net *net, u16 zone, | |||
| 2043 | struct nf_conn *ct; | 2045 | struct nf_conn *ct; |
| 2044 | struct nf_conn_help *help; | 2046 | struct nf_conn_help *help; |
| 2045 | struct nf_conntrack_helper *helper = NULL; | 2047 | struct nf_conntrack_helper *helper = NULL; |
| 2048 | u_int32_t class = 0; | ||
| 2046 | int err = 0; | 2049 | int err = 0; |
| 2047 | 2050 | ||
| 2048 | /* caller guarantees that those three CTA_EXPECT_* exist */ | 2051 | /* caller guarantees that those three CTA_EXPECT_* exist */ |
| @@ -2088,6 +2091,13 @@ ctnetlink_create_expect(struct net *net, u16 zone, | |||
| 2088 | } | 2091 | } |
| 2089 | } | 2092 | } |
| 2090 | 2093 | ||
| 2094 | if (cda[CTA_EXPECT_CLASS] && helper) { | ||
| 2095 | class = ntohl(nla_get_be32(cda[CTA_EXPECT_CLASS])); | ||
| 2096 | if (class > helper->expect_class_max) { | ||
| 2097 | err = -EINVAL; | ||
| 2098 | goto out; | ||
| 2099 | } | ||
| 2100 | } | ||
| 2091 | exp = nf_ct_expect_alloc(ct); | 2101 | exp = nf_ct_expect_alloc(ct); |
| 2092 | if (!exp) { | 2102 | if (!exp) { |
| 2093 | err = -ENOMEM; | 2103 | err = -ENOMEM; |
| @@ -2115,7 +2125,7 @@ ctnetlink_create_expect(struct net *net, u16 zone, | |||
| 2115 | exp->flags = 0; | 2125 | exp->flags = 0; |
| 2116 | } | 2126 | } |
| 2117 | 2127 | ||
| 2118 | exp->class = 0; | 2128 | exp->class = class; |
| 2119 | exp->expectfn = NULL; | 2129 | exp->expectfn = NULL; |
| 2120 | exp->master = ct; | 2130 | exp->master = ct; |
| 2121 | exp->helper = helper; | 2131 | exp->helper = helper; |