* [PATCH] Transmit mark to userspace during conntrack event
@ 2006-04-16 21:45 Eric Leblond
2006-04-21 20:55 ` [PATCH] Rsend : " Eric Leblond
0 siblings, 1 reply; 3+ messages in thread
From: Eric Leblond @ 2006-04-16 21:45 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1.1: Type: text/plain, Size: 220 bytes --]
Hi,
When userspace listen to conntrack event, the connection mark was not
sent in the ctnetlink message. The following patch transmits the
connection mark to userspace.
BR,
--
Eric Leblond <eric@inl.fr>
INL
[-- Attachment #1.2: conntrack_event_with_mark.patch --]
[-- Type: text/x-patch, Size: 1068 bytes --]
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 01bd7ca..0982a9d 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -385,6 +385,9 @@ static int ctnetlink_conntrack_event(str
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
goto nfattr_failure;
+ if (ctnetlink_dump_mark(skb,ct) < 0)
+ goto nfattr_failure;
+
nlh->nlmsg_len = skb->tail - b;
nfnetlink_send(skb, 0, group, 0);
return NOTIFY_DONE;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bd10eb9..458a0d5 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -394,6 +394,9 @@ static int ctnetlink_conntrack_event(str
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
goto nfattr_failure;
+ if (ctnetlink_dump_mark(skb,ct) < 0)
+ goto nfattr_failure;
+
nlh->nlmsg_len = skb->tail - b;
nfnetlink_send(skb, 0, group, 0);
return NOTIFY_DONE;
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 191 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH] Rsend : Transmit mark to userspace during conntrack event
2006-04-16 21:45 [PATCH] Transmit mark to userspace during conntrack event Eric Leblond
@ 2006-04-21 20:55 ` Eric Leblond
2006-04-21 23:54 ` Patrick McHardy
0 siblings, 1 reply; 3+ messages in thread
From: Eric Leblond @ 2006-04-21 20:55 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1.1: Type: text/plain, Size: 261 bytes --]
Le dimanche 16 avril 2006 à 23:45 +0200, Eric Leblond a écrit :
> Hi,
>
> When userspace listen to conntrack event, the connection mark was not
> sent in the ctnetlink message. The following patch transmits the
> connection mark to userspace.
>
> BR,
[-- Attachment #1.2: ctnetlink.patch --]
[-- Type: text/x-patch, Size: 1240 bytes --]
Signed-off-by: Eric Leblond <eric@inl.fr>
---
Transmit connection mark to userspace
Connection mark was not sent to userspace when used in event linstening mode.
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 01bd7ca..0982a9d 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -385,6 +385,9 @@ static int ctnetlink_conntrack_event(str
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
goto nfattr_failure;
+ if (ctnetlink_dump_mark(skb,ct) < 0)
+ goto nfattr_failure;
+
nlh->nlmsg_len = skb->tail - b;
nfnetlink_send(skb, 0, group, 0);
return NOTIFY_DONE;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bd10eb9..458a0d5 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -394,6 +394,9 @@ static int ctnetlink_conntrack_event(str
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
goto nfattr_failure;
+ if (ctnetlink_dump_mark(skb,ct) < 0)
+ goto nfattr_failure;
+
nlh->nlmsg_len = skb->tail - b;
nfnetlink_send(skb, 0, group, 0);
return NOTIFY_DONE;
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 191 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Rsend : Transmit mark to userspace during conntrack event
2006-04-21 20:55 ` [PATCH] Rsend : " Eric Leblond
@ 2006-04-21 23:54 ` Patrick McHardy
0 siblings, 0 replies; 3+ messages in thread
From: Patrick McHardy @ 2006-04-21 23:54 UTC (permalink / raw)
To: Eric Leblond; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 381 bytes --]
Eric Leblond wrote:
>>When userspace listen to conntrack event, the connection mark was not
>>sent in the ctnetlink message. The following patch transmits the
>>connection mark to userspace.
Thanks Eric. After looking at xt_CONNMARK I think I know why the
mark wasn't included in the update messages, we didn't even had
notifications for changes. I've queued this patch instead.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 3957 bytes --]
[NETFILTER]: ctnetlink: fix conntrack mark change notifications
The connection mark was not included in event messages and changes didn't
cause event delivery.
Based on patch by Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit f62ae14f884c89b9e34417435265780ead18976e
tree 93bedfa47324e1819751854359e97e8c9a15b620
parent d3adb6926baf464a3dfc5130a67fe5bb02319ab7
author Patrick McHardy <kaber@trash.net> Sat, 22 Apr 2006 01:55:07 +0200
committer Patrick McHardy <kaber@trash.net> Sat, 22 Apr 2006 01:55:07 +0200
include/linux/netfilter/nf_conntrack_common.h | 4 ++++
net/ipv4/netfilter/ip_conntrack_netlink.c | 6 +++++-
net/netfilter/nf_conntrack_netlink.c | 6 +++++-
net/netfilter/xt_CONNMARK.c | 8 ++++++--
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 3ff88c8..4884455 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -121,6 +121,10 @@ enum ip_conntrack_events
/* Counter highest bit has been set */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+
+ /* Connection mark */
+ IPCT_MARK_BIT = 12,
+ IPCT_MARK = (1 << IPCT_MARK_BIT),
};
enum ip_conntrack_expect_events {
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 01bd7ca..0fee630 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -333,7 +333,8 @@ static int ctnetlink_conntrack_event(str
IPCT_PROTOINFO |
IPCT_HELPER |
IPCT_HELPINFO |
- IPCT_NATINFO)) {
+ IPCT_NATINFO |
+ IPCT_MARK)) {
type = IPCTNL_MSG_CT_NEW;
group = NFNLGRP_CONNTRACK_UPDATE;
} else
@@ -380,6 +381,9 @@ static int ctnetlink_conntrack_event(str
if (events & IPCT_HELPINFO
&& ctnetlink_dump_helpinfo(skb, ct) < 0)
goto nfattr_failure;
+ if (events & IPCT_MARK
+ && ctnetlink_dump_mark(skb, ct) < 0)
+ goto nfattr_failure;
if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index bd10eb9..36ff941 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -342,7 +342,8 @@ static int ctnetlink_conntrack_event(str
IPCT_PROTOINFO |
IPCT_HELPER |
IPCT_HELPINFO |
- IPCT_NATINFO)) {
+ IPCT_NATINFO |
+ IPCT_MARK)) {
type = IPCTNL_MSG_CT_NEW;
group = NFNLGRP_CONNTRACK_UPDATE;
} else
@@ -389,6 +390,9 @@ static int ctnetlink_conntrack_event(str
if (events & IPCT_HELPINFO
&& ctnetlink_dump_helpinfo(skb, ct) < 0)
goto nfattr_failure;
+ if (events & IPCT_MARK
+ && ctnetlink_dump_mark(skb, ct) < 0)
+ goto nfattr_failure;
if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index 60c375d..f0bb6d6 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -52,13 +52,17 @@ target(struct sk_buff **pskb,
switch(markinfo->mode) {
case XT_CONNMARK_SET:
newmark = (*ctmark & ~markinfo->mask) | markinfo->mark;
- if (newmark != *ctmark)
+ if (newmark != *ctmark) {
*ctmark = newmark;
+ ip_conntrack_event_cache(IPCT_MARK, *pskb);
+ }
break;
case XT_CONNMARK_SAVE:
newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
- if (*ctmark != newmark)
+ if (*ctmark != newmark) {
*ctmark = newmark;
+ ip_conntrack_event_cache(IPCT_MARK, *pskb);
+ }
break;
case XT_CONNMARK_RESTORE:
nfmark = (*pskb)->nfmark;
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-04-21 23:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-16 21:45 [PATCH] Transmit mark to userspace during conntrack event Eric Leblond
2006-04-21 20:55 ` [PATCH] Rsend : " Eric Leblond
2006-04-21 23:54 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.