From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Subject: [PATCH 1/6] netfilter: ctnetlink: allow to set helper for new expectations
Date: Thu, 9 Feb 2012 20:33:02 +0100 [thread overview]
Message-ID: <1328815987-28020-2-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1328815987-28020-1-git-send-email-pablo@netfilter.org>
From: Pablo Neira Ayuso <pablo@netfilter.org>
This patch allow you to set the helper for newly created
expectations based of the CTA_EXPECT_HELP_NAME attribute.
Before this, the helper set was NULL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 25 ++++++++++++++++++++++++-
1 files changed, 24 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 9307b03..8338d67 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -2017,6 +2017,7 @@ ctnetlink_create_expect(struct net *net, u16 zone,
struct nf_conntrack_expect *exp;
struct nf_conn *ct;
struct nf_conn_help *help;
+ struct nf_conntrack_helper *helper = NULL;
int err = 0;
/* caller guarantees that those three CTA_EXPECT_* exist */
@@ -2035,6 +2036,28 @@ ctnetlink_create_expect(struct net *net, u16 zone,
if (!h)
return -ENOENT;
ct = nf_ct_tuplehash_to_ctrack(h);
+
+ /* Look for helper of this expectation */
+ if (cda[CTA_EXPECT_HELP_NAME]) {
+ const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
+
+ helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
+ nf_ct_protonum(ct));
+ if (helper == NULL) {
+#ifdef CONFIG_MODULES
+ if (request_module("nfct-helper-%s", helpname) < 0)
+ return -EOPNOTSUPP;
+
+ helper = __nf_conntrack_helper_find(helpname,
+ nf_ct_l3num(ct),
+ nf_ct_protonum(ct));
+ if (helper)
+ return -EAGAIN;
+#endif
+ return -EOPNOTSUPP;
+ }
+ }
+
exp = nf_ct_expect_alloc(ct);
if (!exp) {
err = -ENOMEM;
@@ -2065,7 +2088,7 @@ ctnetlink_create_expect(struct net *net, u16 zone,
exp->class = 0;
exp->expectfn = NULL;
exp->master = ct;
- exp->helper = NULL;
+ exp->helper = helper;
memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
memcpy(&exp->mask.src.u3, &mask.src.u3, sizeof(exp->mask.src.u3));
exp->mask.src.u.all = mask.src.u.all;
--
1.7.7.3
next prev parent reply other threads:[~2012-02-09 19:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 19:33 [PATCH 0/6] [RFC] ctnetlink updates for net-next pablo
2012-02-09 19:33 ` pablo [this message]
2012-02-09 19:33 ` [PATCH 2/6] netfilter: ctnetlink: allow to set expectation class pablo
2012-02-09 19:33 ` [PATCH 3/6] netfilter: ctnetlink: add NAT support for expectations pablo
2012-02-09 19:33 ` [PATCH 4/6] netfilter: ctnetlink: allow to set expectfn " pablo
2012-02-09 19:33 ` [PATCH 5/6] netlink: netlink_dump_start may take data pointer for callbacks pablo
2012-02-09 19:33 ` [PATCH 6/6] netfilter: ctnetlink: support kernel-space dump filterings pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1328815987-28020-2-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).