Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
phyus
/
linux-vybrid_public
8
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

netfilter: ctnetlink: allow to specify the expectation flags

With this patch, you can specify the expectation flags for user-space
created expectations.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Pablo Neira Ayuso 14 yıl önce
ebeveyn
bcac0dfab1
işleme
8b008faf92
4 değiştirilmiş dosya ile 12 ekleme ve 4 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 4 0
      include/linux/netfilter/nf_conntrack_common.h
  2. 1 0
      include/linux/netfilter/nfnetlink_conntrack.h
  3. 0 3
      include/net/netfilter/nf_conntrack_expect.h
  4. 7 1
      net/netfilter/nf_conntrack_netlink.c

+ 4 - 0
include/linux/netfilter/nf_conntrack_common.h
Dosyayı Görüntüle 

@@ -100,6 +100,10 @@ enum ip_conntrack_expect_events {
 
 	IPEXP_NEW,		/* new expectation */
 
 };
 
 
+/* expectation flags */
 
+#define NF_CT_EXPECT_PERMANENT		0x1
 
+#define NF_CT_EXPECT_INACTIVE		0x2
 
+
 
 #ifdef __KERNEL__
 
 struct ip_conntrack_stat {
 
 	unsigned int searched;

+ 1 - 0
include/linux/netfilter/nfnetlink_conntrack.h
Dosyayı Görüntüle 

@@ -161,6 +161,7 @@ enum ctattr_expect {
 
 	CTA_EXPECT_ID,
 
 	CTA_EXPECT_HELP_NAME,
 
 	CTA_EXPECT_ZONE,
 
+	CTA_EXPECT_FLAGS,
 
 	__CTA_EXPECT_MAX
 
 };
 
 #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)

+ 0 - 3
include/net/netfilter/nf_conntrack_expect.h
Dosyayı Görüntüle 

@@ -67,9 +67,6 @@ struct nf_conntrack_expect_policy {
 
 
 #define NF_CT_EXPECT_CLASS_DEFAULT	0
 
 
-#define NF_CT_EXPECT_PERMANENT	0x1
 
-#define NF_CT_EXPECT_INACTIVE	0x2
 
-
 
 int nf_conntrack_expect_init(struct net *net);
 
 void nf_conntrack_expect_fini(struct net *net);

+ 7 - 1
net/netfilter/nf_conntrack_netlink.c
Dosyayı Görüntüle 

@@ -1577,6 +1577,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
 
 
 	NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
 
 	NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
 
+	NLA_PUT_BE32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags));
 
 	helper = rcu_dereference(nfct_help(master)->helper);
 
 	if (helper)
 
 		NLA_PUT_STRING(skb, CTA_EXPECT_HELP_NAME, helper->name);
 
@@ -1734,6 +1735,7 @@ static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
 
 	[CTA_EXPECT_ID]		= { .type = NLA_U32 },
 
 	[CTA_EXPECT_HELP_NAME]	= { .type = NLA_NUL_STRING },
 
 	[CTA_EXPECT_ZONE]	= { .type = NLA_U16 },
 
+	[CTA_EXPECT_FLAGS]	= { .type = NLA_U32 },
 
 };
 
 
 static int
 
@@ -1933,9 +1935,13 @@ ctnetlink_create_expect(struct net *net, u16 zone,
 
 		goto out;
 
 	}
 
 
+	if (cda[CTA_EXPECT_FLAGS])
 
+		exp->flags = ntohl(nla_get_be32(cda[CTA_EXPECT_FLAGS]));
 
+	else
 
+		exp->flags = 0;
 
+
 
 	exp->class = 0;
 
 	exp->expectfn = NULL;
 
-	exp->flags = 0;
 
 	exp->master = ct;
 
 	exp->helper = NULL;
 
 	memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));