]> www.infradead.org Git - users/hch/dma-mapping.git/commitdiff
netfilter: conntrack: tag conntracks picked up in local out hook
authorFlorian Westphal <fw@strlen.de>
Fri, 17 Dec 2021 10:29:56 +0000 (11:29 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 23 Dec 2021 00:07:44 +0000 (01:07 +0100)
This allows to identify flows that originate from local machine
in a followup patch.

It would be possible to make this a ->status bit instead.
For now I did not do that yet because I don't have a use-case for
exposing this info to userspace.

If one comes up the toggle can be replaced with a status bit.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c

index d24b0a34c8f0cd3571893e0c16b10fa391c0511d..871489df63c6470ff899da113806a695d826a129 100644 (file)
@@ -95,6 +95,7 @@ struct nf_conn {
        unsigned long status;
 
        u16             cpu;
+       u16             local_origin:1;
        possible_net_t ct_net;
 
 #if IS_ENABLED(CONFIG_NF_NAT)
index d7e31354806674e49b6c9d074cca78217a38df3b..bed0017cadb027b0f717bfded0618dbbddb5dc0c 100644 (file)
@@ -1747,6 +1747,9 @@ resolve_normal_ct(struct nf_conn *tmpl,
                        return 0;
                if (IS_ERR(h))
                        return PTR_ERR(h);
+
+               ct = nf_ct_tuplehash_to_ctrack(h);
+               ct->local_origin = state->hook == NF_INET_LOCAL_OUT;
        }
        ct = nf_ct_tuplehash_to_ctrack(h);