[NETFILTER] ctnetlink: add marking support from userspace This patch adds support for conntrack marking from user space.
Signed-off-by: Pablo Neira Ayuso <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit 6fb708af6bead3d02683185649398bbdc74bb4a5
tree 4488bf1fb9805d3af1418a19a7bccd981ddc60fb
parent f88e433b32c43c9339e3a4ba24e7db7ed610a8ab
author Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:34:30 +0100
committer Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:34:30 +0100
net/ipv4/netfilter/ip_conntrack_netlink.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c
b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -979,6 +979,11 @@ ctnetlink_change_conntrack(struct ip_con
return err;
}
+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
+ if (cda[CTA_MARK-1])
+ ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+#endif
+
DEBUGP("all done\n");
return 0;
}
@@ -1022,6 +1027,11 @@ ctnetlink_create_conntrack(struct nfattr
if (ct->helper)
ip_conntrack_helper_put(ct->helper);
+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
+ if (cda[CTA_MARK-1])
+ ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+#endif
+
DEBUGP("conntrack with id %u inserted\n", ct->id);
return 0;
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpVaARzcjhV4.pgp
Description: PGP signature
