Commit 2521c12c authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller

[NETFILTER]: conntrack: introduce connection mark event

This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b93ff783
...@@ -125,6 +125,10 @@ enum ip_conntrack_events ...@@ -125,6 +125,10 @@ enum ip_conntrack_events
/* Counter highest bit has been set */ /* Counter highest bit has been set */
IPCT_COUNTER_FILLING_BIT = 11, IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
/* Mark is set */
IPCT_MARK_BIT = 12,
IPCT_MARK = (1 << IPCT_MARK_BIT),
}; };
enum ip_conntrack_expect_events { enum ip_conntrack_expect_events {
......
...@@ -52,13 +52,25 @@ target(struct sk_buff **pskb, ...@@ -52,13 +52,25 @@ target(struct sk_buff **pskb,
switch(markinfo->mode) { switch(markinfo->mode) {
case XT_CONNMARK_SET: case XT_CONNMARK_SET:
newmark = (*ctmark & ~markinfo->mask) | markinfo->mark; newmark = (*ctmark & ~markinfo->mask) | markinfo->mark;
if (newmark != *ctmark) if (newmark != *ctmark) {
*ctmark = newmark; *ctmark = newmark;
#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
ip_conntrack_event_cache(IPCT_MARK, *pskb);
#else
nf_conntrack_event_cache(IPCT_MARK, *pskb);
#endif
}
break; break;
case XT_CONNMARK_SAVE: case XT_CONNMARK_SAVE:
newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask); newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
if (*ctmark != newmark) if (*ctmark != newmark) {
*ctmark = newmark; *ctmark = newmark;
#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
ip_conntrack_event_cache(IPCT_MARK, *pskb);
#else
nf_conntrack_event_cache(IPCT_MARK, *pskb);
#endif
}
break; break;
case XT_CONNMARK_RESTORE: case XT_CONNMARK_RESTORE:
nfmark = (*pskb)->nfmark; nfmark = (*pskb)->nfmark;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment