mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 14:14:37 +00:00
Code Issues Releases Wiki Activity

netfilter: conntrack: tag conntracks picked up in local out hook

Browse source 
This allows to identify flows that originate from local machine
in a followup patch.

It would be possible to make this a ->status bit instead.
For now I did not do that yet because I don't have a use-case for
exposing this info to userspace.

If one comes up the toggle can be replaced with a status bit.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2021-12-17 11:29:56 +01:00 committed by Pablo Neira Ayuso
parent 023223dfbf
commit 4a6fbdd801
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/net/netfilter/nf_conntrack.h
View file

@ -95,6 +95,7 @@ struct nf_conn {
unsigned long status;
u16 cpu;
u16 local_origin:1;
possible_net_t ct_net;
#if IS_ENABLED(CONFIG_NF_NAT)

3
net/netfilter/nf_conntrack_core.c
View file

@ -1747,6 +1747,9 @@ resolve_normal_ct(struct nf_conn *tmpl,
return 0;
if (IS_ERR(h))
return PTR_ERR(h);
ct = nf_ct_tuplehash_to_ctrack(h);
ct->local_origin = state->hook == NF_INET_LOCAL_OUT;
}
ct = nf_ct_tuplehash_to_ctrack(h);