netfilter: nfnetlink_queue: allow to attach expectations to conntracks

This patch adds the capability to attach expectations via nfnetlink_queue. This is required by conntrack helpers that trigger expectations based on the first packet seen like the TFTP and the DHCPv6 user-space helpers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-07 12:13:20 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-13 10:32:10 -0400
commit: bd0779370588386e4a67ba5d0b176cfded8e6a53 (patch)
tree: 7fddb1464b457c3288ced39a635fd38f0d207ba5 /include
parent: 0ef71ee1a5b92c038abefd8991d5368e6031d7de (diff)
3 files changed, 11 insertions, 0 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 655d5d198d49..e2cf786be22f 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -325,6 +325,8 @@ struct nfq_ct_hook {
        size_t (*build_size)(const struct nf_conn *ct);
        int (*build)(struct sk_buff *skb, struct nf_conn *ct);
        int (*parse)(const struct nlattr *attr, struct nf_conn *ct);
+        int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,
+                             u32 portid, u32 report);
 };
 extern struct nfq_ct_hook __rcu *nfq_ct_hook;
diff --git a/include/net/netfilter/nfnetlink_queue.h b/include/net/netfilter/nfnetlink_queue.h
index 86267a529514..aff88ba91391 100644
--- a/include/net/netfilter/nfnetlink_queue.h
+++ b/include/net/netfilter/nfnetlink_queue.h
@@ -15,6 +15,8 @@ int nfqnl_ct_put(struct sk_buff *skb, struct nf_conn *ct,
                 enum ip_conntrack_info ctinfo);
 void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
                         enum ip_conntrack_info ctinfo, int diff);
+int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+                        u32 portid, u32 report);
 #else
 inline struct nf_conn *
 nfqnl_ct_get(struct sk_buff *entskb, size_t *size, enum ip_conntrack_info *ctinfo)
@@ -39,5 +41,11 @@ inline void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
                                enum ip_conntrack_info ctinfo, int diff)
 {
 }
+inline int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+                               u32 portid, u32 report)
+{
+        return 0;
+}
 #endif /* NF_CONNTRACK */
 #endif
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index 3a9b92147339..0132bad79de7 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -46,6 +46,7 @@ enum nfqnl_attr_type {
        NFQA_CT_INFO,                   /* enum ip_conntrack_info */
        NFQA_CAP_LEN,                   /* __u32 length of captured packet */
        NFQA_SKB_INFO,                  /* __u32 skb meta information */
+        NFQA_EXP,                       /* nf_conntrack_netlink.h */
        __NFQA_MAX
 };
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-08-07 12:13:20 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-08-13 10:32:10 -0400
commit	bd0779370588386e4a67ba5d0b176cfded8e6a53 (patch)
tree	7fddb1464b457c3288ced39a635fd38f0d207ba5 /include
parent	0ef71ee1a5b92c038abefd8991d5368e6031d7de (diff)