From 8c38d35c3d90d493fdead6d4ead0517ec09fee96 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 7 Aug 2013 19:41:30 +0200
Subject: conntrackd: cthelper: allow to attach expectations via nfqueue

This requires the Linux kernel 3.12.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cthelper.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src')

diff --git a/src/cthelper.c b/src/cthelper.c
index 5a8a92a..fec40fb 100644
--- a/src/cthelper.c
+++ b/src/cthelper.c
@@ -182,6 +182,15 @@ pkt_verdict_issue(struct ctd_helper_instance *cur, struct myct *myct,
 	nfct_nlmsg_build(nlh, myct->ct);
 	mnl_attr_nest_end(nlh, nest);
 
+	if (myct->exp) {
+		nest = mnl_attr_nest_start(nlh, NFQA_EXP);
+		if (nest == NULL)
+			return -1;
+
+		nfexp_nlmsg_build(nlh, myct->exp);
+		mnl_attr_nest_end(nlh, nest);
+	}
+
 	if (mnl_socket_sendto(STATE_CTH(nl), nlh, nlh->nlmsg_len) < 0) {
 		dlog(LOG_ERR, "failed to send verdict: %s", strerror(errno));
 		return -1;
@@ -317,6 +326,8 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
 
 	if (ct != NULL)
 		nfct_destroy(ct);
+	if (myct->exp != NULL)
+		nfexp_destroy(myct->exp);
 	if (myct && myct->priv_data != NULL)
 		free(myct->priv_data);
 	if (myct != NULL)
-- 
cgit v1.2.3