[NETFILTER]: ctnetlink: add support for master tuple event notification and dumping

This patch adds support for master tuple event notification and dumping. Conntrackd needs this information to recover related connections appropriately. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2007-12-18 01:28:19 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:58:51 -0500
commit: 0f417ce989f84cfd5418e3b316064bfbb2708196 (patch)
tree: 7462b82b0a14e0b4bc1e916f55b01999e56b1591
parent: 13eae15a244bb29beaa47bf86a24fd29ca7f8a4c (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index d7da167ef1b8..94027c84be52 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -254,6 +254,29 @@ nla_put_failure:
 #define ctnetlink_dump_mark(a, b) (0)
 #endif
+#define master_tuple(ct) &(ct->master->tuplehash[IP_CT_DIR_ORIGINAL].tuple)
+static inline int
+ctnetlink_dump_master(struct sk_buff *skb, const struct nf_conn *ct)
+{
+        struct nlattr *nest_parms;
+        if (!(ct->status & IPS_EXPECTED))
+                return 0;
+        nest_parms = nla_nest_start(skb, CTA_TUPLE_MASTER | NLA_F_NESTED);
+        if (!nest_parms)
+                goto nla_put_failure;
+        if (ctnetlink_dump_tuples(skb, master_tuple(ct)) < 0)
+                goto nla_put_failure;
+        nla_nest_end(skb, nest_parms);
+        return 0;
+nla_put_failure:
+        return -1;
+}
 #ifdef CONFIG_NF_NAT_NEEDED
 static inline int
 dump_nat_seq_adj(struct sk_buff *skb, const struct nf_nat_seq *natseq, int type)
@@ -371,6 +394,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
            ctnetlink_dump_mark(skb, ct) < 0 ||
            ctnetlink_dump_id(skb, ct) < 0 ||
            ctnetlink_dump_use(skb, ct) < 0 ||
+            ctnetlink_dump_master(skb, ct) < 0 ||
            ctnetlink_dump_nat_seq_adj(skb, ct) < 0)
                goto nla_put_failure;
@@ -475,6 +499,10 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
                     ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
                        goto nla_put_failure;
+                if (events & IPCT_RELATED &&
+                    ctnetlink_dump_master(skb, ct) < 0)
+                        goto nla_put_failure;
                if (events & IPCT_NATSEQADJ &&
                    ctnetlink_dump_nat_seq_adj(skb, ct) < 0)
                        goto nla_put_failure;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2007-12-18 01:28:19 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:58:51 -0500
commit	0f417ce989f84cfd5418e3b316064bfbb2708196 (patch)
tree	7462b82b0a14e0b4bc1e916f55b01999e56b1591
parent	13eae15a244bb29beaa47bf86a24fd29ca7f8a4c (diff)

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index d7da167ef1b8..94027c84be52 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c
@@ -254,6 +254,29 @@ nla_put_failure:
254	#define ctnetlink_dump_mark(a, b) (0)	254	#define ctnetlink_dump_mark(a, b) (0)
255	#endif	255	#endif
256		256
		257	#define master_tuple(ct) &(ct->master->tuplehash[IP_CT_DIR_ORIGINAL].tuple)
		258
		259	static inline int
		260	ctnetlink_dump_master(struct sk_buff skb, const struct nf_conn ct)
		261	{
		262	struct nlattr *nest_parms;
		263
		264	if (!(ct->status & IPS_EXPECTED))
		265	return 0;
		266
		267	nest_parms = nla_nest_start(skb, CTA_TUPLE_MASTER \| NLA_F_NESTED);
		268	if (!nest_parms)
		269	goto nla_put_failure;
		270	if (ctnetlink_dump_tuples(skb, master_tuple(ct)) < 0)
		271	goto nla_put_failure;
		272	nla_nest_end(skb, nest_parms);
		273
		274	return 0;
		275
		276	nla_put_failure:
		277	return -1;
		278	}
		279
257	#ifdef CONFIG_NF_NAT_NEEDED	280	#ifdef CONFIG_NF_NAT_NEEDED
258	static inline int	281	static inline int
259	dump_nat_seq_adj(struct sk_buff skb, const struct nf_nat_seq natseq, int type)	282	dump_nat_seq_adj(struct sk_buff skb, const struct nf_nat_seq natseq, int type)
@@ -371,6 +394,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
371	ctnetlink_dump_mark(skb, ct) < 0 \|\|	394	ctnetlink_dump_mark(skb, ct) < 0 \|\|
372	ctnetlink_dump_id(skb, ct) < 0 \|\|	395	ctnetlink_dump_id(skb, ct) < 0 \|\|
373	ctnetlink_dump_use(skb, ct) < 0 \|\|	396	ctnetlink_dump_use(skb, ct) < 0 \|\|
		397	ctnetlink_dump_master(skb, ct) < 0 \|\|
374	ctnetlink_dump_nat_seq_adj(skb, ct) < 0)	398	ctnetlink_dump_nat_seq_adj(skb, ct) < 0)
375	goto nla_put_failure;	399	goto nla_put_failure;
376		400
@@ -475,6 +499,10 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
475	ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))	499	ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
476	goto nla_put_failure;	500	goto nla_put_failure;
477		501
		502	if (events & IPCT_RELATED &&
		503	ctnetlink_dump_master(skb, ct) < 0)
		504	goto nla_put_failure;
		505
478	if (events & IPCT_NATSEQADJ &&	506	if (events & IPCT_NATSEQADJ &&
479	ctnetlink_dump_nat_seq_adj(skb, ct) < 0)	507	ctnetlink_dump_nat_seq_adj(skb, ct) < 0)
480	goto nla_put_failure;	508	goto nla_put_failure;