From de12e29bf35b1da51944c826beb34acf48d90289 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 7 Aug 2019 15:59:57 +0200
Subject: conntrack: support for IPS_OFFLOAD

 # conntrack -L -u OFFLOAD
 tcp      6 431984 ESTABLISHED src=192.168.10.2 dst=10.0.1.2 sport=32824 dport=5201 src=10.0.1.2 dst=10.0.1.1 sport=5201 dport=32824 [OFFLOAD] mark=0 secctx=null use=2
 tcp      6 431984 ESTABLISHED src=192.168.10.2 dst=10.0.1.2 sport=32826 dport=5201 src=10.0.1.2 dst=10.0.1.1 sport=5201 dport=32826 [OFFLOAD] mark=0 secctx=null use=2

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/conntrack.c b/src/conntrack.c
index 97132a9..c980a13 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -62,6 +62,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <libmnl/libmnl.h>
+#include <linux/netfilter/nf_conntrack_common.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
 
 static struct nfct_mnl_socket {
@@ -867,10 +868,10 @@ enum {
 static struct parse_parameter {
 	const char	*parameter[7];
 	size_t  size;
-	unsigned int value[7];
+	unsigned int value[8];
 } parse_array[PARSE_MAX] = {
-	{ {"ASSURED", "SEEN_REPLY", "UNSET", "FIXED_TIMEOUT", "EXPECTED"}, 5,
-	  { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
+	{ {"ASSURED", "SEEN_REPLY", "UNSET", "FIXED_TIMEOUT", "EXPECTED", "OFFLOAD"}, 6,
+	  { IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED, IPS_OFFLOAD} },
 	{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
 	  { CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
 	{ {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", "userspace" }, 7,
-- 
cgit v1.2.3