netfilter: ctnetlink: support selective event delivery

Add two masks for conntrack end expectation events to struct nf_conntrack_ecache
and use them to filter events. Their default value is "all events" when the
event sysctl is on and "no events" when it is off. A following patch will add
specific initializations. Expectation events depend on the ecache struct of
their master conntrack.

Signed-off-by: Patrick McHardy <kaber@trash.net>

1 files changed, 18 insertions, 0 deletions

diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index a374787ed9b..ebfed90733f 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -74,6 +74,24 @@ enum ip_conntrack_status {
         IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
 };
 
+/* Connection tracking event types */
+enum ip_conntrack_events {
+        IPCT_NEW,               /* new conntrack */
+        IPCT_RELATED,           /* related conntrack */
+        IPCT_DESTROY,           /* destroyed conntrack */
+        IPCT_REPLY,             /* connection has seen two-way traffic */
+        IPCT_ASSURED,           /* connection status has changed to assured */
+        IPCT_PROTOINFO,         /* protocol information has changed */
+        IPCT_HELPER,            /* new helper has been set */
+        IPCT_MARK,              /* new mark has been set */
+        IPCT_NATSEQADJ,         /* NAT is doing sequence adjustment */
+        IPCT_SECMARK,           /* new security mark has been set */
+};
+
+enum ip_conntrack_expect_events {
+        IPEXP_NEW,              /* new expectation */
+};
+
 #ifdef __KERNEL__
 struct ip_conntrack_stat {
         unsigned int searched;