tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: ctnetlink: allow to set expectation class
This patch allows you to set the expectation class.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+12
-1
+1
include/linux/netfilter/nfnetlink_conntrack.h
+1
include/linux/netfilter/nfnetlink_conntrack.h
+11
-1
net/netfilter/nf_conntrack_netlink.c
+11
-1
net/netfilter/nf_conntrack_netlink.c
···
1691
1691
NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
1692
1692
NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
1693
1693
NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags));
1694
+
NLA_PUT_BE32(skb, CTA_EXPECT_CLASS, htonl(exp->class));
1694
1695
help = nfct_help(master);
1695
1696
if (help) {
1696
1697
struct nf_conntrack_helper *helper;
···
1857
1856
[CTA_EXPECT_HELP_NAME] = { .type = NLA_NUL_STRING },
1858
1857
[CTA_EXPECT_ZONE] = { .type = NLA_U16 },
1859
1858
[CTA_EXPECT_FLAGS] = { .type = NLA_U32 },
1859
+
[CTA_EXPECT_CLASS] = { .type = NLA_U32 },
1860
1860
};
1861
1861
1862
1862
static int
···
2045
2043
struct nf_conn *ct;
2046
2044
struct nf_conn_help *help;
2047
2045
struct nf_conntrack_helper *helper = NULL;
2046
+
u_int32_t class = 0;
2048
2047
int err = 0;
2049
2048
2050
2049
/* caller guarantees that those three CTA_EXPECT_* exist */
···
2091
2088
}
2092
2089
}
2093
2090
2091
+
if (cda[CTA_EXPECT_CLASS] && helper) {
2092
+
class = ntohl(nla_get_be32(cda[CTA_EXPECT_CLASS]));
2093
+
if (class > helper->expect_class_max) {
2094
+
err = -EINVAL;
2095
+
goto out;
2096
+
}
2097
+
}
2094
2098
exp = nf_ct_expect_alloc(ct);
2095
2099
if (!exp) {
2096
2100
err = -ENOMEM;
···
2125
2115
exp->flags = 0;
2126
2116
}
2127
2117
2128
-
exp->class = 0;
2118
+
exp->class = class;
2129
2119
exp->expectfn = NULL;
2130
2120
exp->master = ct;
2131
2121
exp->helper = helper;