* [PATCH 1/8][CONNTRACK] mark conntrack event
@ 2006-07-25 13:17 Pablo Neira Ayuso
2006-08-08 10:14 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2006-07-25 13:17 UTC (permalink / raw)
To: Netfilter Development Mailinglist; +Cc: Harald Welte, Patrick McHardy
[-- Attachment #1: Type: text/plain, Size: 304 bytes --]
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
[-- Attachment #2: 01mark.patch --]
[-- Type: text/plain, Size: 1867 bytes --]
[CONNTRACK] mark conntrack event
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Index: net-2.6/include/linux/netfilter/nf_conntrack_common.h
===================================================================
--- net-2.6.orig/include/linux/netfilter/nf_conntrack_common.h 2006-07-06 18:24:40.000000000 +0200
+++ net-2.6/include/linux/netfilter/nf_conntrack_common.h 2006-07-06 18:31:52.000000000 +0200
@@ -125,6 +125,10 @@
/* Counter highest bit has been set */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+
+ /* Mark is set */
+ IPCT_MARK_BIT = 12,
+ IPCT_MARK = (1 << IPCT_MARK_BIT),
};
enum ip_conntrack_expect_events {
Index: net-2.6/net/netfilter/xt_CONNMARK.c
===================================================================
--- net-2.6.orig/net/netfilter/xt_CONNMARK.c 2006-07-06 18:24:40.000000000 +0200
+++ net-2.6/net/netfilter/xt_CONNMARK.c 2006-07-06 18:36:23.000000000 +0200
@@ -52,13 +52,25 @@
switch(markinfo->mode) {
case XT_CONNMARK_SET:
newmark = (*ctmark & ~markinfo->mask) | markinfo->mark;
- if (newmark != *ctmark)
+ if (newmark != *ctmark) {
*ctmark = newmark;
+#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
+ ip_conntrack_event_cache(IPCT_MARK, *pskb);
+#else
+ nf_conntrack_event_cache(IPCT_MARK, *pskb);
+#endif
+ }
break;
case XT_CONNMARK_SAVE:
newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
- if (*ctmark != newmark)
+ if (*ctmark != newmark) {
*ctmark = newmark;
+#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
+ ip_conntrack_event_cache(IPCT_MARK, *pskb);
+#else
+ nf_conntrack_event_cache(IPCT_MARK, *pskb);
+#endif
+ }
break;
case XT_CONNMARK_RESTORE:
nfmark = (*pskb)->nfmark;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 1/8][CONNTRACK] mark conntrack event
2006-07-25 13:17 [PATCH 1/8][CONNTRACK] mark conntrack event Pablo Neira Ayuso
@ 2006-08-08 10:14 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-08-08 10:14 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Harald Welte, Netfilter Development Mailinglist
Pablo Neira Ayuso wrote:
> This patch introduces the mark event. ctnetlink can use this to know if
> the mark needs to be dumped.
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-08-08 10:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-25 13:17 [PATCH 1/8][CONNTRACK] mark conntrack event Pablo Neira Ayuso
2006-08-08 10:14 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.