From 2edc7ccd872c60f4a71218e34e737655d6e50efa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 13 Mar 2018 18:44:11 +0100
Subject: conntrack: add synproxy support

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'src/conntrack/build.c')

diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index cf282e6..d132890 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -459,6 +459,21 @@ static void __build_labels(struct nfnlhdr *req,
 	}
 }
 
+static void __build_synproxy(struct nfnlhdr *req, size_t size,
+			     const struct nf_conntrack *ct)
+{
+	struct nfattr *nest;
+
+	nest = nfnl_nest(&req->nlh, size, CTA_SYNPROXY);
+	nfnl_addattr32(&req->nlh, size, CTA_SYNPROXY_ISN,
+		       htonl(ct->synproxy.isn));
+	nfnl_addattr32(&req->nlh, size, CTA_SYNPROXY_ITS,
+		       htonl(ct->synproxy.its));
+	nfnl_addattr32(&req->nlh, size, CTA_SYNPROXY_TSOFF,
+		       htonl(ct->synproxy.tsoff));
+	nfnl_nest_end(&req->nlh, nest);
+}
+
 int __build_conntrack(struct nfnl_subsys_handle *ssh,
 		      struct nfnlhdr *req,
 		      size_t size,
@@ -594,5 +609,10 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
 	if (test_bit(ATTR_CONNLABELS, ct->head.set))
 		__build_labels(req, size, ct);
 
+	if (test_bit(ATTR_SYNPROXY_ISN, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_ITS, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_TSOFF, ct->head.set))
+		__build_synproxy(req, size, ct);
+
 	return 0;
 }
-- 
cgit v1.2.3