Message ID | 1296121124-7016-1-git-send-email-xiaosuo@gmail.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Am 27.01.2011 10:38, schrieb Changli Gao: > In some cases(Policy routing), it is expected that all the sub-connections > share the same mark with their master. We already automatically mark expected connections with the mark of the master. What purpose does your patch serve on top of that? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Jan 27, 2011 at 5:49 PM, Patrick McHardy <kaber@trash.net> wrote: > Am 27.01.2011 10:38, schrieb Changli Gao: >> In some cases(Policy routing), it is expected that all the sub-connections >> share the same mark with their master. > > We already automatically mark expected connections with the mark of the > master. What purpose does your patch serve on top of that? > > It is done in init_conntrack(), indeed. Sorry for the noise. Thanks.
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h index efc17a8..4b513f8 100644 --- a/include/linux/netfilter/xt_connmark.h +++ b/include/linux/netfilter/xt_connmark.h @@ -15,7 +15,8 @@ enum { XT_CONNMARK_SET = 0, XT_CONNMARK_SAVE, - XT_CONNMARK_RESTORE + XT_CONNMARK_RESTORE, + XT_CONNMARK_SAVE_MASTER, }; struct xt_connmark_tginfo1 { diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 7278145..4207bb6 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c @@ -69,6 +69,21 @@ connmark_tg(struct sk_buff *skb, const struct xt_action_param *par) (ct->mark & info->ctmask); skb->mark = newmark; break; + case XT_CONNMARK_SAVE_MASTER: + if (ct->master) { + struct nf_conn *master; + + master = ct->master; + while (master->master) + master = master->master; + newmark = (ct->mark & ~info->ctmask) ^ + (master->mark & info->nfmask); + if (ct->mark != newmark) { + ct->mark = newmark; + nf_conntrack_event_cache(IPCT_MARK, ct); + } + } + break; } return XT_CONTINUE;
In some cases(Policy routing), it is expected that all the sub-connections share the same mark with their master. Signed-off-by: Changli Gao <xiaosuo@gmail.com> --- include/linux/netfilter/xt_connmark.h | 3 ++- net/netfilter/xt_connmark.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html