summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/internal/object.h1
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h5
-rw-r--r--src/conntrack/filter_dump.c17
3 files changed, 21 insertions, 2 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 3f6904f..75ffdbe 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -287,6 +287,7 @@ struct nfct_filter {
struct nfct_filter_dump {
struct nfct_filter_dump_mark mark;
+ struct nfct_filter_dump_mark status;
uint8_t l3num;
uint32_t set;
};
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index f02d827..6233434 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -137,11 +137,11 @@ enum nf_conntrack_attr {
ATTR_HELPER_INFO, /* variable length */
ATTR_CONNLABELS, /* variable length */
ATTR_CONNLABELS_MASK, /* variable length */
- ATTR_ORIG_ZONE, /* u16 bits */
+ ATTR_ORIG_ZONE = 68, /* u16 bits */
ATTR_REPL_ZONE, /* u16 bits */
ATTR_SNAT_IPV6, /* u128 bits */
ATTR_DNAT_IPV6, /* u128 bits */
- ATTR_SYNPROXY_ISN, /* u32 bits */
+ ATTR_SYNPROXY_ISN = 72, /* u32 bits */
ATTR_SYNPROXY_ITS, /* u32 bits */
ATTR_SYNPROXY_TSOFF, /* u32 bits */
ATTR_MAX
@@ -546,6 +546,7 @@ struct nfct_filter_dump_mark {
enum nfct_filter_dump_attr {
NFCT_FILTER_DUMP_MARK = 0, /* struct nfct_filter_dump_mark */
NFCT_FILTER_DUMP_L3NUM, /* uint8_t */
+ NFCT_FILTER_DUMP_STATUS, /* struct nfct_filter_dump_mark */
NFCT_FILTER_DUMP_MAX
};
diff --git a/src/conntrack/filter_dump.c b/src/conntrack/filter_dump.c
index 158b4cb..3894d06 100644
--- a/src/conntrack/filter_dump.c
+++ b/src/conntrack/filter_dump.c
@@ -20,6 +20,16 @@ set_filter_dump_attr_mark(struct nfct_filter_dump *filter_dump,
}
static void
+set_filter_dump_attr_status(struct nfct_filter_dump *filter_dump,
+ const void *value)
+{
+ const struct nfct_filter_dump_mark *this = value;
+
+ filter_dump->status.val = this->val;
+ filter_dump->status.mask = this->mask;
+}
+
+static void
set_filter_dump_attr_family(struct nfct_filter_dump *filter_dump,
const void *value)
{
@@ -29,6 +39,7 @@ set_filter_dump_attr_family(struct nfct_filter_dump *filter_dump,
const set_filter_dump_attr set_filter_dump_attr_array[NFCT_FILTER_DUMP_MAX] = {
[NFCT_FILTER_DUMP_MARK] = set_filter_dump_attr_mark,
[NFCT_FILTER_DUMP_L3NUM] = set_filter_dump_attr_family,
+ [NFCT_FILTER_DUMP_STATUS] = set_filter_dump_attr_status,
};
void __build_filter_dump(struct nfnlhdr *req, size_t size,
@@ -44,4 +55,10 @@ void __build_filter_dump(struct nfnlhdr *req, size_t size,
struct nfgenmsg *nfg = NLMSG_DATA(&req->nlh);
nfg->nfgen_family = filter_dump->l3num;
}
+ if (filter_dump->set & (1 << NFCT_FILTER_DUMP_STATUS)) {
+ nfnl_addattr32(&req->nlh, size, CTA_STATUS,
+ htonl(filter_dump->status.val));
+ nfnl_addattr32(&req->nlh, size, CTA_STATUS_MASK,
+ htonl(filter_dump->status.mask));
+ }
}