Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 84f3bb9a authored by Patrick McHardy's avatar Patrick McHardy
Browse files

netfilter: xtables: add CT target 



Add a new target for the raw table, which can be used to specify conntrack
parameters for specific connections, f.i. the conntrack helper.

The target attaches a "template" connection tracking entry to the skb, which
is used by the conntrack core when initializing a new conntrack.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent b2a15a60

include/linux/netfilter/Kbuild

+1 −0
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ header-y += nfnetlink_queue.h 
header-y += xt_CLASSIFY.h

header-y += xt_CONNMARK.h

header-y += xt_CONNSECMARK.h

header-y += xt_CT.h

header-y += xt_DSCP.h

header-y += xt_LED.h

header-y += xt_MARK.h

include/linux/netfilter/xt_CT.h

0 → 100644
+17 −0
Original line number Diff line number Diff line 
#ifndef _XT_CT_H

#define _XT_CT_H



#define XT_CT_NOTRACK	0x1



struct xt_ct_target_info {

	u_int16_t	flags;

	u_int16_t	__unused;

	u_int32_t	ct_events;

	u_int32_t	exp_events;

	char		helper[16];



	/* Used internally by the kernel */

	struct nf_conn	*ct __attribute__((aligned(8)));

};



#endif /* _XT_CT_H */

include/net/netfilter/nf_conntrack_helper.h

+3 −0
Original line number Diff line number Diff line
@@ -42,6 +42,9 @@ struct nf_conntrack_helper { 
extern struct nf_conntrack_helper *

__nf_conntrack_helper_find(const char *name, u16 l3num, u8 protonum);



extern struct nf_conntrack_helper *

nf_conntrack_helper_try_module_get(const char *name, u16 l3num, u8 protonum);



extern int nf_conntrack_helper_register(struct nf_conntrack_helper *);

extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);

net/netfilter/Kconfig

+12 −0
Original line number Diff line number Diff line
@@ -341,6 +341,18 @@ config NETFILTER_XT_TARGET_CONNSECMARK 


	  To compile it as a module, choose M here.  If unsure, say N.



config NETFILTER_XT_TARGET_CT

	tristate '"CT" target support'

	depends on NF_CONNTRACK

	depends on IP_NF_RAW || IP6_NF_RAW

	depends on NETFILTER_ADVANCED

	help

	  This options adds a `CT' target, which allows to specify initial

	  connection tracking parameters like events to be delivered and

	  the helper to be used.



	  To compile it as a module, choose M here.  If unsure, say N.



config NETFILTER_XT_TARGET_DSCP

	tristate '"DSCP" and "TOS" target support'

	depends on IP_NF_MANGLE || IP6_NF_MANGLE

net/netfilter/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o 
obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o

obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o

obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o

obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o

obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o

obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o

obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o