diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-02-03 11:17:06 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-03 11:17:06 -0500 |
| commit | 84f3bb9ae9db90f7fb15d98b55279a58ab1b2363 (patch) | |
| tree | 7fe7b882f027ee138edbc0f189e21532dad6531a /include | |
| parent | b2a15a604d379af323645e330638e2cfcc696aff (diff) | |
netfilter: xtables: add CT target
Add a new target for the raw table, which can be used to specify conntrack
parameters for specific connections, f.i. the conntrack helper.
The target attaches a "template" connection tracking entry to the skb, which
is used by the conntrack core when initializing a new conntrack.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/Kbuild | 1 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_CT.h | 17 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 3 |
3 files changed, 21 insertions, 0 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 2aea50399c0b..a5a63e41b8af 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild | |||
| @@ -6,6 +6,7 @@ header-y += nfnetlink_queue.h | |||
| 6 | header-y += xt_CLASSIFY.h | 6 | header-y += xt_CLASSIFY.h |
| 7 | header-y += xt_CONNMARK.h | 7 | header-y += xt_CONNMARK.h |
| 8 | header-y += xt_CONNSECMARK.h | 8 | header-y += xt_CONNSECMARK.h |
| 9 | header-y += xt_CT.h | ||
| 9 | header-y += xt_DSCP.h | 10 | header-y += xt_DSCP.h |
| 10 | header-y += xt_LED.h | 11 | header-y += xt_LED.h |
| 11 | header-y += xt_MARK.h | 12 | header-y += xt_MARK.h |
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h new file mode 100644 index 000000000000..7fd0effe1316 --- /dev/null +++ b/include/linux/netfilter/xt_CT.h | |||
| @@ -0,0 +1,17 @@ | |||
| 1 | #ifndef _XT_CT_H | ||
| 2 | #define _XT_CT_H | ||
| 3 | |||
| 4 | #define XT_CT_NOTRACK 0x1 | ||
| 5 | |||
| 6 | struct xt_ct_target_info { | ||
| 7 | u_int16_t flags; | ||
| 8 | u_int16_t __unused; | ||
| 9 | u_int32_t ct_events; | ||
| 10 | u_int32_t exp_events; | ||
| 11 | char helper[16]; | ||
| 12 | |||
| 13 | /* Used internally by the kernel */ | ||
| 14 | struct nf_conn *ct __attribute__((aligned(8))); | ||
| 15 | }; | ||
| 16 | |||
| 17 | #endif /* _XT_CT_H */ | ||
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index e17aaa3e19fd..32c305dbdab6 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h | |||
| @@ -42,6 +42,9 @@ struct nf_conntrack_helper { | |||
| 42 | extern struct nf_conntrack_helper * | 42 | extern struct nf_conntrack_helper * |
| 43 | __nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum); | 43 | __nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum); |
| 44 | 44 | ||
| 45 | extern struct nf_conntrack_helper * | ||
| 46 | nf_conntrack_helper_try_module_get(const char *name, u16 l3num, u8 protonum); | ||
| 47 | |||
| 45 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); | 48 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); |
| 46 | extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); | 49 | extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); |
| 47 | 50 | ||