From 92e66d4e07d20e73606e2110144199b81663dc35 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 7 Oct 2010 17:43:50 +0200 Subject: expect: add support for CTA_EXPECT_FLAGS This patch allows to set the expectation flags from user-space. Signed-off-by: Pablo Neira Ayuso --- include/internal/object.h | 1 + include/libnetfilter_conntrack/libnetfilter_conntrack.h | 6 ++++++ include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 1 + 3 files changed, 8 insertions(+) (limited to 'include') diff --git a/include/internal/object.h b/include/internal/object.h index a0c2b4e..4263ef0 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -258,6 +258,7 @@ struct nf_expect { u_int32_t timeout; u_int32_t id; u_int16_t zone; + u_int32_t flags; u_int32_t set[1]; }; diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 710362c..029eebd 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -496,6 +496,7 @@ enum nf_expect_attr { ATTR_EXP_MASK, /* pointer to conntrack object */ ATTR_EXP_TIMEOUT, /* u32 bits */ ATTR_EXP_ZONE, /* u16 bits */ + ATTR_EXP_FLAGS, /* u32 bits */ ATTR_EXP_MAX }; @@ -643,6 +644,11 @@ enum ip_conntrack_status { IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), }; +/* expectation flags */ +#define NF_CT_EXPECT_PERMANENT 0x1 +#define NF_CT_EXPECT_INACTIVE 0x2 +#define NF_CT_EXPECT_USERSPACE 0x4 + /* * TCP flags */ diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index e17e0c5..1278dda 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -165,6 +165,7 @@ enum ctattr_expect { CTA_EXPECT_ID, CTA_EXPECT_HELP_NAME, CTA_EXPECT_ZONE, + CTA_EXPECT_FLAGS, __CTA_EXPECT_MAX }; #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) -- cgit v1.2.3