diff options
| author | Rich Fought <rmf.aero@gmail.com> | 2014-02-26 16:02:13 -0800 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2014-04-14 19:20:53 +0200 |
| commit | 8ff199947ffa4f7d4f6b0b878fde68d8ffcf7f0f (patch) | |
| tree | 620d165c676873f08b600759cb64be3623e662e1 /lib/netfilter | |
| parent | cb319e22f5680b49fad62dc7f0eb35b7d737cb3b (diff) | |
| download | libnl-8ff199947ffa4f7d4f6b0b878fde68d8ffcf7f0f.tar.gz | |
netfilter/ct: expand CT parameters that can be used in add/delete operations
This expands functionality for manipulating conntracks over netlink by
adding other attributes to nfnl_ct_build_message(). Added a command link
program to add conntracks.
https://github.com/thom311/libnl/pull/55
[thaller@redhat.com: cleaned up whitespace from original patch]
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
Diffstat (limited to 'lib/netfilter')
| -rw-r--r-- | lib/netfilter/ct.c | 30 | ||||
| -rw-r--r-- | lib/netfilter/ct_obj.c | 5 |
2 files changed, 35 insertions, 0 deletions
diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c index 130f4b11..04f9d016 100644 --- a/lib/netfilter/ct.c +++ b/lib/netfilter/ct.c @@ -35,11 +35,19 @@ static uint64_t ntohll(uint64_t x) { return x; } +static uint64_t htonll(uint64_t x) +{ + return x; +} #elif __BYTE_ORDER == __LITTLE_ENDIAN static uint64_t ntohll(uint64_t x) { return bswap_64(x); } +static uint64_t htonll(uint64_t x) +{ + return bswap_64(x); +} #endif static struct nla_policy ct_policy[CTA_MAX+1] = { @@ -520,9 +528,31 @@ static int nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags, if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0) goto err_out; + /* REPLY tuple is optional, dont add unless at least src/dst specified */ + + if ( nfnl_ct_get_src(ct, 1) && nfnl_ct_get_dst(ct, 1) ) + if ((err = nfnl_ct_build_tuple(msg, ct, 1)) < 0) + goto err_out; + + if (nfnl_ct_test_status(ct)) + NLA_PUT_U32(msg, CTA_STATUS, htonl(nfnl_ct_get_status(ct))); + + if (nfnl_ct_test_timeout(ct)) + NLA_PUT_U32(msg, CTA_TIMEOUT, htonl(nfnl_ct_get_timeout(ct))); + + if (nfnl_ct_test_mark(ct)) + NLA_PUT_U32(msg, CTA_MARK, htonl(nfnl_ct_get_mark(ct))); + + if (nfnl_ct_test_id(ct)) + NLA_PUT_U32(msg, CTA_ID, htonl(nfnl_ct_get_id(ct))); + + if (nfnl_ct_test_zone(ct)) + NLA_PUT_U16(msg, CTA_ZONE, htons(nfnl_ct_get_zone(ct))); + *result = msg; return 0; +nla_put_failure: err_out: nlmsg_free(msg); return err; diff --git a/lib/netfilter/ct_obj.c b/lib/netfilter/ct_obj.c index 48e07822..61b6a31b 100644 --- a/lib/netfilter/ct_obj.c +++ b/lib/netfilter/ct_obj.c @@ -494,6 +494,11 @@ void nfnl_ct_unset_status(struct nfnl_ct *ct, uint32_t status) ct->ce_mask |= CT_ATTR_STATUS; } +int nfnl_ct_test_status(const struct nfnl_ct *ct) +{ + return !!(ct->ce_mask & CT_ATTR_STATUS); +} + uint32_t nfnl_ct_get_status(const struct nfnl_ct *ct) { return ct->ct_status; |