conntrack: add synproxy support

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-13 18:44:11 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-24 21:37:32 +0100
commit: 2edc7ccd872c60f4a71218e34e737655d6e50efa (patch)
tree: 4294844e1e3f7b81f907f618ea09943552878b09 /src/conntrack/build_mnl.c
parent: e870432649955d377a73ee5a72cb23f0f6b5e4c5 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c
index 2118bf3..d9ad268 100644
--- a/src/conntrack/build_mnl.c
+++ b/src/conntrack/build_mnl.c
@@ -438,6 +438,18 @@ nfct_build_labels(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 	}
 }
 
+static void nfct_build_synproxy(struct nlmsghdr *nlh,
+				const struct nf_conntrack *ct)
+{
+	struct nlattr *nest;
+
+	nest = mnl_attr_nest_start(nlh, CTA_SYNPROXY);
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_ISN, htonl(ct->synproxy.isn));
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_ITS, htonl(ct->synproxy.its));
+	mnl_attr_put_u32(nlh, CTA_SYNPROXY_TSOFF, htonl(ct->synproxy.tsoff));
+	mnl_attr_nest_end(nlh, nest);
+}
+
 int
 nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 {
@@ -579,5 +591,10 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
 	if (test_bit(ATTR_CONNLABELS, ct->head.set))
 		nfct_build_labels(nlh, ct);
 
+	if (test_bit(ATTR_SYNPROXY_ISN, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_ITS, ct->head.set) &&
+	    test_bit(ATTR_SYNPROXY_TSOFF, ct->head.set))
+		nfct_build_synproxy(nlh, ct);
+
 	return 0;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-13 18:44:11 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-24 21:37:32 +0100
commit	2edc7ccd872c60f4a71218e34e737655d6e50efa (patch)
tree	4294844e1e3f7b81f907f618ea09943552878b09 /src/conntrack/build_mnl.c
parent	e870432649955d377a73ee5a72cb23f0f6b5e4c5 (diff)