diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-08-22 03:31:24 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:55:24 -0400 |
| commit | 2521c12cf1a29f6c380b13ca32a38175f6beed08 (patch) | |
| tree | 9077f28bd5a1fd25de83874f30cabcd28acb9e6c | |
| parent | b93ff78317c0b8f42830e2bb13dd8df596232528 (diff) | |
[NETFILTER]: conntrack: introduce connection mark event
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_CONNMARK.c | 16 |
2 files changed, 18 insertions, 2 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index d2e4bd7a7a14..9e0dae07861e 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
| @@ -125,6 +125,10 @@ enum ip_conntrack_events | |||
| 125 | /* Counter highest bit has been set */ | 125 | /* Counter highest bit has been set */ |
| 126 | IPCT_COUNTER_FILLING_BIT = 11, | 126 | IPCT_COUNTER_FILLING_BIT = 11, |
| 127 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), | 127 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), |
| 128 | |||
| 129 | /* Mark is set */ | ||
| 130 | IPCT_MARK_BIT = 12, | ||
| 131 | IPCT_MARK = (1 << IPCT_MARK_BIT), | ||
| 128 | }; | 132 | }; |
| 129 | 133 | ||
| 130 | enum ip_conntrack_expect_events { | 134 | enum ip_conntrack_expect_events { |
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index 60c375d36f01..784482b74e58 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
| @@ -52,13 +52,25 @@ target(struct sk_buff **pskb, | |||
| 52 | switch(markinfo->mode) { | 52 | switch(markinfo->mode) { |
| 53 | case XT_CONNMARK_SET: | 53 | case XT_CONNMARK_SET: |
| 54 | newmark = (*ctmark & ~markinfo->mask) | markinfo->mark; | 54 | newmark = (*ctmark & ~markinfo->mask) | markinfo->mark; |
| 55 | if (newmark != *ctmark) | 55 | if (newmark != *ctmark) { |
| 56 | *ctmark = newmark; | 56 | *ctmark = newmark; |
| 57 | #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS | ||
| 58 | ip_conntrack_event_cache(IPCT_MARK, *pskb); | ||
| 59 | #else | ||
| 60 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | ||
| 61 | #endif | ||
| 62 | } | ||
| 57 | break; | 63 | break; |
| 58 | case XT_CONNMARK_SAVE: | 64 | case XT_CONNMARK_SAVE: |
| 59 | newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask); | 65 | newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask); |
| 60 | if (*ctmark != newmark) | 66 | if (*ctmark != newmark) { |
| 61 | *ctmark = newmark; | 67 | *ctmark = newmark; |
| 68 | #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS | ||
| 69 | ip_conntrack_event_cache(IPCT_MARK, *pskb); | ||
| 70 | #else | ||
| 71 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | ||
| 72 | #endif | ||
| 73 | } | ||
| 62 | break; | 74 | break; |
| 63 | case XT_CONNMARK_RESTORE: | 75 | case XT_CONNMARK_RESTORE: |
| 64 | nfmark = (*pskb)->nfmark; | 76 | nfmark = (*pskb)->nfmark; |