]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: conntrack: introduce connection mark event
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 22 Aug 2006 07:31:24 +0000 (00:31 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 22 Sep 2006 21:55:24 +0000 (14:55 -0700)
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter/nf_conntrack_common.h
net/netfilter/xt_CONNMARK.c

index d2e4bd7a7a1423b9c23a12f4e048cc89cb391b3a..9e0dae07861ef7bcc5c15d08bd9ed5e51e6063ff 100644 (file)
@@ -125,6 +125,10 @@ enum ip_conntrack_events
        /* Counter highest bit has been set */
        IPCT_COUNTER_FILLING_BIT = 11,
        IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+
+       /* Mark is set */
+       IPCT_MARK_BIT = 12,
+       IPCT_MARK = (1 << IPCT_MARK_BIT),
 };
 
 enum ip_conntrack_expect_events {
index 60c375d36f017c49b78fe41eb10509a7bdec1e7b..784482b74e58abef09addfb10878a4df3f2edeca 100644 (file)
@@ -52,13 +52,25 @@ target(struct sk_buff **pskb,
            switch(markinfo->mode) {
            case XT_CONNMARK_SET:
                newmark = (*ctmark & ~markinfo->mask) | markinfo->mark;
-               if (newmark != *ctmark)
+               if (newmark != *ctmark) {
                    *ctmark = newmark;
+#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
+                   ip_conntrack_event_cache(IPCT_MARK, *pskb);
+#else
+                   nf_conntrack_event_cache(IPCT_MARK, *pskb);
+#endif
+               }
                break;
            case XT_CONNMARK_SAVE:
                newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
-               if (*ctmark != newmark)
+               if (*ctmark != newmark) {
                    *ctmark = newmark;
+#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
+                   ip_conntrack_event_cache(IPCT_MARK, *pskb);
+#else
+                   nf_conntrack_event_cache(IPCT_MARK, *pskb);
+#endif
+               }
                break;
            case XT_CONNMARK_RESTORE:
                nfmark = (*pskb)->nfmark;