diff options
| author | Florian Westphal <fw@strlen.de> | 2017-02-21 18:11:31 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:09:42 +0100 |
| commit | 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch) | |
| tree | a54d95ecbb4de9deeeee83f1353421ef690f135e /src/netlink.c | |
| parent | f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff) | |
src: add initial ct helper support
This adds initial support for defining conntrack helper objects
which can then be assigned to connections using the objref infrastructure:
table ip filter {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain y {
tcp dport 21 ct helper set "ftp-standard"
}
}
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c index fb6d2876..6fbb67da 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -317,6 +317,15 @@ alloc_nftnl_obj(const struct handle *h, struct obj *obj) nftnl_obj_set_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS, obj->quota.flags); break; + case NFT_OBJECT_CT_HELPER: + nftnl_obj_set_str(nlo, NFTNL_OBJ_CT_HELPER_NAME, + obj->ct.helper_name); + nftnl_obj_set_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO, + obj->ct.l4proto); + if (obj->ct.l3proto) + nftnl_obj_set_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO, + obj->ct.l3proto); + break; default: BUG("Unknown type %d\n", obj->type); break; @@ -1814,6 +1823,13 @@ static struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx, nftnl_obj_get_u64(nlo, NFTNL_OBJ_QUOTA_CONSUMED); obj->quota.flags = nftnl_obj_get_u32(nlo, NFTNL_OBJ_QUOTA_FLAGS); + break; + case NFT_OBJECT_CT_HELPER: + snprintf(obj->ct.helper_name, sizeof(obj->ct.helper_name), "%s", + nftnl_obj_get_str(nlo, NFTNL_OBJ_CT_HELPER_NAME)); + obj->ct.l3proto = nftnl_obj_get_u16(nlo, NFTNL_OBJ_CT_HELPER_L3PROTO); + obj->ct.l4proto = nftnl_obj_get_u8(nlo, NFTNL_OBJ_CT_HELPER_L4PROTO); + break; } obj->type = type; |