netfilter: nf_ct_dccp: add missing role attributes for DCCP

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds missing role attribute to the DCCP type, otherwise
the creation of entries is not of any use.

The attribute added is CTA_PROTOINFO_DCCP_ROLE which contains the
role of the conntrack original tuple.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Pablo Neira Ayuso and committed by

Patrick McHardy 17 years ago 71951b64 4b070662

+15 -1

2 changed files

expand all

include

linux

netfilter

nfnetlink_conntrack.h

net

netfilter

nf_conntrack_proto_dccp.c

include/linux/netfilter/nfnetlink_conntrack.h

··· 100 100 enum ctattr_protoinfo_dccp { 101 101 CTA_PROTOINFO_DCCP_UNSPEC, 102 102 CTA_PROTOINFO_DCCP_STATE, 103 + CTA_PROTOINFO_DCCP_ROLE, 103 104 __CTA_PROTOINFO_DCCP_MAX, 104 105 }; 105 106 #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)

+14 -1

net/netfilter/nf_conntrack_proto_dccp.c

··· 633 633 if (!nest_parms) 634 634 goto nla_put_failure; 635 635 NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); 636 + NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE, 637 + ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]); 636 638 nla_nest_end(skb, nest_parms); 637 639 read_unlock_bh(&dccp_lock); 638 640 return 0; ··· 646 644 647 645 static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = { 648 646 [CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 }, 647 + [CTA_PROTOINFO_DCCP_ROLE] = { .type = NLA_U8 }, 649 648 }; 650 649 651 650 static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) ··· 664 661 return err; 665 662 666 663 if (!tb[CTA_PROTOINFO_DCCP_STATE] || 667 - nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) 664 + !tb[CTA_PROTOINFO_DCCP_ROLE] || 665 + nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX || 666 + nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) { 668 667 return -EINVAL; 668 + } 669 669 670 670 write_lock_bh(&dccp_lock); 671 671 ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]); 672 + if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) { 673 + ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT; 674 + ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER; 675 + } else { 676 + ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER; 677 + ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT; 678 + } 672 679 write_unlock_bh(&dccp_lock); 673 680 return 0; 674 681 }