From: Eric Leblond <eric@inl.fr>
To: netfilter-devel@vger.kernel.org
Subject: Transmit mark during connection destruction event
Date: Tue, 29 Jan 2008 00:13:24 +0100 [thread overview]
Message-ID: <20080128231323.GA24226@localhost> (raw)
[-- Attachment #1: Type: text/plain, Size: 415 bytes --]
Hi,
The following feature was submitted some months ago. It forces the dump
of mark during the connection destruction event. The induced load is
quiet small and the patch is usefull to provide an easy way to filter
event on user side without having to keep an hash in userspace.
This new version is against 2.6.24 git tree.
BR,
--
Eric Leblond <eric@inl.fr>
NuFW, Now User Filtering Works : http://www.nufw.org
[-- Attachment #2: 0001-Transmit-mark-during-all-events.patch --]
[-- Type: text/x-diff, Size: 1371 bytes --]
From a222a44fc10d6bd0a6fdb4b0f086d83f6347d529 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@inl.fr>
Date: Tue, 29 Jan 2008 00:00:46 +0100
Subject: [PATCH] Transmit mark during all events.
Signed-off-by: Eric Leblond <eric@inl.fr>
---
net/netfilter/nf_conntrack_netlink.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7d23124..d6ade4d 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -414,18 +414,18 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
&& ctnetlink_dump_helpinfo(skb, ct) < 0)
goto nla_put_failure;
-#ifdef CONFIG_NF_CONNTRACK_MARK
- if ((events & IPCT_MARK || ct->mark)
- && ctnetlink_dump_mark(skb, ct) < 0)
- goto nla_put_failure;
-#endif
-
if (events & IPCT_COUNTER_FILLING &&
(ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0))
goto nla_put_failure;
}
+#ifdef CONFIG_NF_CONNTRACK_MARK
+ if ((events & IPCT_MARK || ct->mark)
+ && ctnetlink_dump_mark(skb, ct) < 0)
+ goto nla_put_failure;
+#endif
+
nlh->nlmsg_len = skb->tail - b;
nfnetlink_send(skb, 0, group, 0);
return NOTIFY_DONE;
--
1.5.2.5
next reply other threads:[~2008-01-28 23:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 23:13 Eric Leblond [this message]
2008-01-29 13:38 ` Transmit mark during connection destruction event Patrick McHardy
2008-01-29 14:00 ` Pablo Neira Ayuso
2008-01-29 13:49 ` Patrick McHardy
2008-01-29 14:16 ` Pablo Neira Ayuso
2008-01-29 14:20 ` Pablo Neira Ayuso
2008-01-29 14:24 ` Patrick McHardy
2008-01-29 14:27 ` Pablo Neira Ayuso
2008-01-29 14:23 ` Patrick McHardy
2008-01-29 14:33 ` Pablo Neira Ayuso
2008-01-29 14:36 ` Patrick McHardy
2008-01-29 13:47 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080128231323.GA24226@localhost \
--to=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.