3 files changed, 34 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index 17d7ef938a..e0e9951eb8 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -121,6 +121,10 @@ struct ip_conntrack
        u_int32_t mark;
 #endif
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+        u_int32_t secmark;
+#endif
        /* Traversed often, so hopefully in different cacheline to top */
        /* These are my tuples; original and reply */
        struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index dbe7a114d0..4111178158 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -114,6 +114,10 @@ struct nf_conn
        u_int32_t mark;
 #endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+        u_int32_t secmark;
+#endif
        /* Storage reserved for other modules: */
        union nf_conntrack_proto proto;
diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h
index 3cac19fb36..f1b1482d72 100644
--- a/include/net/netfilter/nf_conntrack_compat.h
+++ b/include/net/netfilter/nf_conntrack_compat.h
@@ -20,6 +20,19 @@ static inline u_int32_t *nf_ct_get_mark(const struct sk_buff *skb,
 }
 #endif /* CONFIG_IP_NF_CONNTRACK_MARK */
+#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
+static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
+                                           u_int32_t *ctinfo)
+{
+        struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
+        if (ct)
+                return &ct->secmark;
+        else
+                return NULL;
+}
+#endif /* CONFIG_IP_NF_CONNTRACK_SECMARK */
 #ifdef CONFIG_IP_NF_CT_ACCT
 static inline struct ip_conntrack_counter *
 nf_ct_get_counters(const struct sk_buff *skb)
@@ -70,6 +83,19 @@ static inline u_int32_t *nf_ct_get_mark(const struct sk_buff *skb,
 }
 #endif /* CONFIG_NF_CONNTRACK_MARK */
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
+                                           u_int32_t *ctinfo)
+{
+        struct nf_conn *ct = nf_ct_get(skb, ctinfo);
+        if (ct)
+                return &ct->secmark;
+        else
+                return NULL;
+}
+#endif /* CONFIG_NF_CONNTRACK_MARK */
 #ifdef CONFIG_NF_CT_ACCT
 static inline struct ip_conntrack_counter *
 nf_ct_get_counters(const struct sk_buff *skb)

diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 17d7ef938a..e0e9951eb8 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -121,6 +121,10 @@ struct ip_conntrack
121	u_int32_t mark;	121	u_int32_t mark;
122	#endif	122	#endif
123		123
		124	#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
		125	u_int32_t secmark;
		126	#endif
		127
124	/* Traversed often, so hopefully in different cacheline to top */	128	/* Traversed often, so hopefully in different cacheline to top */
125	/* These are my tuples; original and reply */	129	/* These are my tuples; original and reply */
126	struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];	130	struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];


diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index dbe7a114d0..4111178158 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h
@@ -114,6 +114,10 @@ struct nf_conn
114	u_int32_t mark;	114	u_int32_t mark;
115	#endif	115	#endif
116		116
		117	#ifdef CONFIG_NF_CONNTRACK_SECMARK
		118	u_int32_t secmark;
		119	#endif
		120
117	/* Storage reserved for other modules: */	121	/* Storage reserved for other modules: */
118	union nf_conntrack_proto proto;	122	union nf_conntrack_proto proto;
119		123


diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h index 3cac19fb36..f1b1482d72 100644 --- a/include/net/netfilter/nf_conntrack_compat.h +++ b/include/net/netfilter/nf_conntrack_compat.h
@@ -20,6 +20,19 @@ static inline u_int32_t nf_ct_get_mark(const struct sk_buff skb,
20	}	20	}
21	#endif /* CONFIG_IP_NF_CONNTRACK_MARK */	21	#endif /* CONFIG_IP_NF_CONNTRACK_MARK */
22		22
		23	#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
		24	static inline u_int32_t nf_ct_get_secmark(const struct sk_buff skb,
		25	u_int32_t *ctinfo)
		26	{
		27	struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
		28
		29	if (ct)
		30	return &ct->secmark;
		31	else
		32	return NULL;
		33	}
		34	#endif /* CONFIG_IP_NF_CONNTRACK_SECMARK */
		35
23	#ifdef CONFIG_IP_NF_CT_ACCT	36	#ifdef CONFIG_IP_NF_CT_ACCT
24	static inline struct ip_conntrack_counter *	37	static inline struct ip_conntrack_counter *
25	nf_ct_get_counters(const struct sk_buff *skb)	38	nf_ct_get_counters(const struct sk_buff *skb)
@@ -70,6 +83,19 @@ static inline u_int32_t nf_ct_get_mark(const struct sk_buff skb,
70	}	83	}
71	#endif /* CONFIG_NF_CONNTRACK_MARK */	84	#endif /* CONFIG_NF_CONNTRACK_MARK */
72		85
		86	#ifdef CONFIG_NF_CONNTRACK_SECMARK
		87	static inline u_int32_t nf_ct_get_secmark(const struct sk_buff skb,
		88	u_int32_t *ctinfo)
		89	{
		90	struct nf_conn *ct = nf_ct_get(skb, ctinfo);
		91
		92	if (ct)
		93	return &ct->secmark;
		94	else
		95	return NULL;
		96	}
		97	#endif /* CONFIG_NF_CONNTRACK_MARK */
		98
73	#ifdef CONFIG_NF_CT_ACCT	99	#ifdef CONFIG_NF_CT_ACCT
74	static inline struct ip_conntrack_counter *	100	static inline struct ip_conntrack_counter *
75	nf_ct_get_counters(const struct sk_buff *skb)	101	nf_ct_get_counters(const struct sk_buff *skb)