netfilter: nfnetlink_queue: allow to attach expectations to conntracks

This patch adds the capability to attach expectations via nfnetlink_queue. This is required by conntrack helpers that trigger expectations based on the first packet seen like the TFTP and the DHCPv6 user-space helpers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-07 16:13:20 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-13 14:32:10 (GMT)
commit: bd0779370588386e4a67ba5d0b176cfded8e6a53 (patch)
tree: 7fddb1464b457c3288ced39a635fd38f0d207ba5 /net/netfilter/nfnetlink_queue_ct.c
parent: 0ef71ee1a5b92c038abefd8991d5368e6031d7de (diff)
download: linux-bd0779370588386e4a67ba5d0b176cfded8e6a53.tar.xz
1 files changed, 15 insertions, 0 deletions
diff --git a/net/netfilter/nfnetlink_queue_ct.c b/net/netfilter/nfnetlink_queue_ct.c
index ab61d66..be89303 100644
--- a/net/netfilter/nfnetlink_queue_ct.c
+++ b/net/netfilter/nfnetlink_queue_ct.c
@@ -96,3 +96,18 @@ void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
 	if ((ct->status & IPS_NAT_MASK) && diff)
 		nfq_nat_ct->seq_adjust(skb, ct, ctinfo, diff);
 }
+
+int nfqnl_attach_expect(struct nf_conn *ct, const struct nlattr *attr,
+			u32 portid, u32 report)
+{
+	struct nfq_ct_hook *nfq_ct;
+
+	if (nf_ct_is_untracked(ct))
+		return 0;
+
+	nfq_ct = rcu_dereference(nfq_ct_hook);
+	if (nfq_ct == NULL)
+		return -EOPNOTSUPP;
+
+	return nfq_ct->attach_expect(attr, ct, portid, report);
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-08-07 16:13:20 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-08-13 14:32:10 (GMT)
commit	bd0779370588386e4a67ba5d0b176cfded8e6a53 (patch)
tree	7fddb1464b457c3288ced39a635fd38f0d207ba5 /net/netfilter/nfnetlink_queue_ct.c
parent	0ef71ee1a5b92c038abefd8991d5368e6031d7de (diff)
download	linux-bd0779370588386e4a67ba5d0b176cfded8e6a53.tar.xz