From 2edc7ccd872c60f4a71218e34e737655d6e50efa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 13 Mar 2018 18:44:11 +0100
Subject: conntrack: add synproxy support

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/build_mnl.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/conntrack/build_mnl.c')

diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index 2118bf3..d9ad268 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -438,6 +438,18 @@ nfct_build_labels(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 	}
 }
 
+static void nfct_build_synproxy(struct nlmsghdr *nlh,
+				const struct nf_conntrack *ct)
+{
+	struct nlattr *nest;
+
+	nest = mnl_attr_nest_start(nlh, CTA_SYNPROXY);
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_ISN, htonl(ct->synproxy.isn));
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_ITS, htonl(ct->synproxy.its));
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_TSOFF, htonl(ct->synproxy.tsoff));
+	mnl_attr_nest_end(nlh, nest);
+}
+
 int
 nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 {
@@ -579,5 +591,10 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 	if (test_bit(ATTR_CONNLABELS, ct->head.set))
 		nfct_build_labels(nlh, ct);
 
+	if (test_bit(ATTR_SYNPROXY_ISN, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_ITS, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_TSOFF, ct->head.set))
+		nfct_build_synproxy(nlh, ct);
+
 	return 0;
 }
-- 
cgit v1.2.3