tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: ctnetlink: allow to set helper for new expectations
This patch allow you to set the helper for newly created
expectations based of the CTA_EXPECT_HELP_NAME attribute.
Before this, the helper set was NULL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+29
-1
+29
-1
net/netfilter/nf_conntrack_netlink.c
+29
-1
net/netfilter/nf_conntrack_netlink.c
···
2042
2042
struct nf_conntrack_expect *exp;
2043
2043
struct nf_conn *ct;
2044
2044
struct nf_conn_help *help;
2045
+
struct nf_conntrack_helper *helper = NULL;
2045
2046
int err = 0;
2046
2047
2047
2048
/* caller guarantees that those three CTA_EXPECT_* exist */
···
2061
2060
if (!h)
2062
2061
return -ENOENT;
2063
2062
ct = nf_ct_tuplehash_to_ctrack(h);
2063
+
2064
+
/* Look for helper of this expectation */
2065
+
if (cda[CTA_EXPECT_HELP_NAME]) {
2066
+
const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
2067
+
2068
+
helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
2069
+
nf_ct_protonum(ct));
2070
+
if (helper == NULL) {
2071
+
#ifdef CONFIG_MODULES
2072
+
if (request_module("nfct-helper-%s", helpname) < 0) {
2073
+
err = -EOPNOTSUPP;
2074
+
goto out;
2075
+
}
2076
+
2077
+
helper = __nf_conntrack_helper_find(helpname,
2078
+
nf_ct_l3num(ct),
2079
+
nf_ct_protonum(ct));
2080
+
if (helper) {
2081
+
err = -EAGAIN;
2082
+
goto out;
2083
+
}
2084
+
#endif
2085
+
err = -EOPNOTSUPP;
2086
+
goto out;
2087
+
}
2088
+
}
2089
+
2064
2090
exp = nf_ct_expect_alloc(ct);
2065
2091
if (!exp) {
2066
2092
err = -ENOMEM;
···
2118
2090
exp->class = 0;
2119
2091
exp->expectfn = NULL;
2120
2092
exp->master = ct;
2121
-
exp->helper = NULL;
2093
+
exp->helper = helper;
2122
2094
memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
2123
2095
memcpy(&exp->mask.src.u3, &mask.src.u3, sizeof(exp->mask.src.u3));
2124
2096
exp->mask.src.u.all = mask.src.u.all;