[PATCH 6/7] netfilter: ctnetlink: add CTA_HELP_INFO attribute

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: netdev@vger.kernel.org
Subject: [PATCH 6/7] netfilter: ctnetlink: add CTA_HELP_INFO attribute
Date: Mon,  4 Jun 2012 14:21:24 +0200	[thread overview]
Message-ID: <1338812485-4232-7-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1338812485-4232-1-git-send-email-pablo@netfilter.org>

From: Pablo Neira Ayuso <pablo@netfilter.org>

This attribute can be used to modify and to dump the internal
protocol information. This is required by the follow-up patch
that adds the user-space cthelper infrastructure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/nfnetlink_conntrack.h |    1 +
 include/net/netfilter/nf_conntrack_helper.h   |    1 +
 net/netfilter/nf_conntrack_netlink.c          |   28 ++++++++++++++++++++-----
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
index e58e4b9..7688833 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -191,6 +191,7 @@ enum ctattr_expect_nat {
 enum ctattr_help {
 	CTA_HELP_UNSPEC,
 	CTA_HELP_NAME,
+	CTA_HELP_INFO,
 	__CTA_HELP_MAX
 };
 #define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index 5afdcf2..e5091a9 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -39,6 +39,7 @@ struct nf_conntrack_helper {
 
 	void (*destroy)(struct nf_conn *ct);
 
+	int (*from_nlattr)(struct nlattr *attr, struct nf_conn *ct);
 	int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct);
 	unsigned int expect_class_max;
 };
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 28ac04c..27b6a75 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -901,7 +901,8 @@ static const struct nla_policy help_nla_policy[CTA_HELP_MAX+1] = {
 };
 
 static inline int
-ctnetlink_parse_help(const struct nlattr *attr, char **helper_name)
+ctnetlink_parse_help(const struct nlattr *attr, char **helper_name,
+		     struct nlattr **helpinfo)
 {
 	struct nlattr *tb[CTA_HELP_MAX+1];
 
@@ -912,6 +913,9 @@ ctnetlink_parse_help(const struct nlattr *attr, char **helper_name)
 
 	*helper_name = nla_data(tb[CTA_HELP_NAME]);
 
+	if (tb[CTA_HELP_INFO])
+		*helpinfo = tb[CTA_HELP_INFO];
+
 	return 0;
 }
 
@@ -1172,13 +1176,14 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
 	struct nf_conntrack_helper *helper;
 	struct nf_conn_help *help = nfct_help(ct);
 	char *helpname = NULL;
+	struct nlattr *helpinfo = NULL;
 	int err;
 
 	/* don't change helper of sibling connections */
 	if (ct->master)
 		return -EBUSY;
 
-	err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
+	err = ctnetlink_parse_help(cda[CTA_HELP], &helpname, &helpinfo);
 	if (err < 0)
 		return err;
 
@@ -1213,8 +1218,12 @@ ctnetlink_change_helper(struct nf_conn *ct, const struct nlattr * const cda[])
 	}
 
 	if (help) {
-		if (help->helper == helper)
+		if (help->helper == helper) {
+			/* update private helper data if allowed. */
+			if (helper->from_nlattr && helpinfo)
+				helper->from_nlattr(helpinfo, ct);
 			return 0;
+		}
 		if (help->helper)
 			return -EBUSY;
 		/* need to zero data of old helper */
@@ -1410,8 +1419,9 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
 	rcu_read_lock();
  	if (cda[CTA_HELP]) {
 		char *helpname = NULL;
- 
- 		err = ctnetlink_parse_help(cda[CTA_HELP], &helpname);
+		struct nlattr *helpinfo = NULL;
+
+		err = ctnetlink_parse_help(cda[CTA_HELP], &helpname, &helpinfo);
  		if (err < 0)
 			goto err2;
 
@@ -1445,6 +1455,9 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
 				err = -ENOMEM;
 				goto err2;
 			}
+			/* set private helper data if allowed. */
+			if (helper->from_nlattr && helpinfo)
+				helper->from_nlattr(helpinfo, ct);
 
 			/* not in hash table yet so not strictly necessary */
 			RCU_INIT_POINTER(help->helper, helper);
@@ -1745,6 +1758,11 @@ ctnetlink_nfqueue_parse(const struct nlattr *attr, struct nf_conn *ct)
 		if (err < 0)
 			return err;
 	}
+	if (cda[CTA_HELP]) {
+		err = ctnetlink_change_helper(ct, cda);
+		if (err < 0)
+			return err;
+	}
 #if defined(CONFIG_NF_CONNTRACK_MARK)
 	if (cda[CTA_MARK])
 		ct->mark = ntohl(nla_get_be32(cda[CTA_MARK]));
-- 
1.7.10

next prev parent reply	other threads:[~2012-06-04 12:22 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-04 12:21 [PATCH 0/7] [RFC] new user-space connection tracking helper infrastructure pablo
2012-06-04 12:21 ` [PATCH 1/7] netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names pablo
2012-06-04 12:21 ` [PATCH 2/7] netfilter: nf_ct_ext: support variable length extensions pablo
2012-06-04 12:21 ` [PATCH 3/7] netfilter: nf_ct_helper: implement variable length helper private data pablo
2012-06-04 13:06   ` Jan Engelhardt
2012-06-04 13:09     ` Joe Perches
2012-06-04 13:16       ` Jan Engelhardt
2012-06-04 12:21 ` [PATCH 4/7] netfilter: add glue code to integrate nfnetlink_queue and ctnetlink pablo
2012-06-04 13:38   ` Jan Engelhardt
2012-06-04 12:21 ` [PATCH 5/7] netfilter: nfnl_queue: support NAT TCP sequence adjustment if packet mangled pablo
2012-06-04 12:21 ` pablo [this message]
2012-06-04 12:21 ` [PATCH 7/7] netfilter: add user-space connection tracking helper infrastructure pablo
2012-06-04 14:04   ` Jan Engelhardt
2012-06-06  9:39   ` Ferenc Wagner
  -- strict thread matches above, loose matches on Subject: below --
2012-06-12 18:06 [PATCH 0/7] [RFCv2] new " pablo
2012-06-12 18:06 ` [PATCH 6/7] netfilter: ctnetlink: add CTA_HELP_INFO attribute pablo
2012-06-16 15:49 [PATCH 0/7] netfilter updates for net-next (upcoming 3.6), batch 2 pablo
2012-06-16 15:49 ` [PATCH 6/7] netfilter: ctnetlink: add CTA_HELP_INFO attribute pablo

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e58e4b9 dfblob:7688833 dfblob:5afdcf2 dfblob:e5091a9
dfblob:28ac04c dfblob:27b6a75 )
 OR (
bs:"[PATCH 6/7] netfilter: ctnetlink: add CTA_HELP_INFO attribute" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1338812485-4232-7-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).