diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-02-03 08:13:03 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-03 08:40:17 -0500 |
| commit | b2a15a604d379af323645e330638e2cfcc696aff (patch) | |
| tree | 75a863636fae6f5e3fcf3dacbdee3ccf1f8b7c8d /include | |
| parent | 0cebe4b4163b6373c9d24c1a192939777bc27e55 (diff) | |
netfilter: nf_conntrack: support conntrack templates
Support initializing selected parameters of new conntrack entries from a
"conntrack template", which is a specially marked conntrack entry attached
to the skb.
Currently the helper and the event delivery masks can be initialized this
way.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 4 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack.h | 5 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 3 |
3 files changed, 11 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index ebfed90733f7..c608677dda60 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
| @@ -72,6 +72,10 @@ enum ip_conntrack_status { | |||
| 72 | /* Connection has fixed timeout. */ | 72 | /* Connection has fixed timeout. */ |
| 73 | IPS_FIXED_TIMEOUT_BIT = 10, | 73 | IPS_FIXED_TIMEOUT_BIT = 10, |
| 74 | IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), | 74 | IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), |
| 75 | |||
| 76 | /* Conntrack is a template */ | ||
| 77 | IPS_TEMPLATE_BIT = 11, | ||
| 78 | IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), | ||
| 75 | }; | 79 | }; |
| 76 | 80 | ||
| 77 | /* Connection tracking event types */ | 81 | /* Connection tracking event types */ |
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index a0904adfb8f7..5043d61c99a7 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
| @@ -272,6 +272,11 @@ nf_conntrack_alloc(struct net *net, | |||
| 272 | const struct nf_conntrack_tuple *repl, | 272 | const struct nf_conntrack_tuple *repl, |
| 273 | gfp_t gfp); | 273 | gfp_t gfp); |
| 274 | 274 | ||
| 275 | static inline int nf_ct_is_template(const struct nf_conn *ct) | ||
| 276 | { | ||
| 277 | return test_bit(IPS_TEMPLATE_BIT, &ct->status); | ||
| 278 | } | ||
| 279 | |||
| 275 | /* It's confirmed if it is, or has been in the hash table. */ | 280 | /* It's confirmed if it is, or has been in the hash table. */ |
| 276 | static inline int nf_ct_is_confirmed(struct nf_conn *ct) | 281 | static inline int nf_ct_is_confirmed(struct nf_conn *ct) |
| 277 | { | 282 | { |
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 86be7c4816d6..e17aaa3e19fd 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h | |||
| @@ -47,7 +47,8 @@ extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); | |||
| 47 | 47 | ||
| 48 | extern struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp); | 48 | extern struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp); |
| 49 | 49 | ||
| 50 | extern int __nf_ct_try_assign_helper(struct nf_conn *ct, gfp_t flags); | 50 | extern int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl, |
| 51 | gfp_t flags); | ||
| 51 | 52 | ||
| 52 | extern void nf_ct_helper_destroy(struct nf_conn *ct); | 53 | extern void nf_ct_helper_destroy(struct nf_conn *ct); |
| 53 | 54 | ||