From patchwork Thu Jan 27 09:38:44 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Changli Gao <xiaosuo@gmail.com>
X-Patchwork-Id: 80618
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 67C1BB70EC
	for <patchwork-incoming@ozlabs.org>;
	Thu, 27 Jan 2011 20:39:41 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753947Ab1A0Jjf (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 27 Jan 2011 04:39:35 -0500
Received: from mail-iw0-f174.google.com ([209.85.214.174]:37171 "EHLO
	mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753889Ab1A0Jje (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 27 Jan 2011 04:39:34 -0500
Received: by iwn9 with SMTP id 9so1782448iwn.19
	for <multiple recipients>; Thu, 27 Jan 2011 01:39:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:from:to:cc:subject:date:message-id:x-mailer;
	bh=p+d7JxAcpp26AoWAuDdIpux0htVE9ghtCkippZTO+Qo=;
	b=va/niOY9+UUb5zdtVWkXNHt0Qcy63Tw+UT75wxtJTy21hJ9NdBVtiZycvKfOH/m/id
	rYU1frOC0vGD5UV3QfglIjdYpA3JcTVqhDK7nz4BCtwxTvIKhQS/u4+p7fAt4moGG0zl
	EwhJ0K7Qcmy9OXSkJtvdAasIzp/9SVvtjB6us=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:to:cc:subject:date:message-id:x-mailer;
	b=FG675FK8zMJDVZUu55kICcjs1kxV3tgiTAeHb66EAxLk43M23OfgNRpdyRnVs3ExOt
	UR5CGMUjhCBnveYhbethJLhUkkOHNX1sr1HfIT4OpwiEG1QfqhQj3pMNEux0ePt+pFqB
	psJ0zo3bTm8s6kLE46igzYeF2kQLD2OOtJ1sw=
Received: by 10.42.167.197 with SMTP id t5mr1873250icy.84.1296121173397;
	Thu, 27 Jan 2011 01:39:33 -0800 (PST)
Received: from localhost.localdomain ([221.239.34.230])
	by mx.google.com with ESMTPS id u5sm12333159ics.6.2011.01.27.01.39.27
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Thu, 27 Jan 2011 01:39:32 -0800 (PST)
From: Changli Gao <xiaosuo@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>,
	netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
	Changli Gao <xiaosuo@gmail.com>
Subject: [PATCH] netfilter: CONNMARK: support save the mark of the master
	connection
Date: Thu, 27 Jan 2011 17:38:44 +0800
Message-Id: <1296121124-7016-1-git-send-email-xiaosuo@gmail.com>
X-Mailer: git-send-email 1.7.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

In some cases(Policy routing), it is expected that all the sub-connections
share the same mark with their master.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
---
 include/linux/netfilter/xt_connmark.h |    3 ++-
 net/netfilter/xt_connmark.c           |   15 +++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index efc17a8..4b513f8 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -15,7 +15,8 @@
 enum {
 	XT_CONNMARK_SET = 0,
 	XT_CONNMARK_SAVE,
-	XT_CONNMARK_RESTORE
+	XT_CONNMARK_RESTORE,
+	XT_CONNMARK_SAVE_MASTER,
 };
 
 struct xt_connmark_tginfo1 {
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 7278145..4207bb6 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -69,6 +69,21 @@ connmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
 		          (ct->mark & info->ctmask);
 		skb->mark = newmark;
 		break;
+	case XT_CONNMARK_SAVE_MASTER:
+		if (ct->master) {
+			struct nf_conn *master;
+
+			master = ct->master;
+			while (master->master)
+				master = master->master;
+			newmark = (ct->mark & ~info->ctmask) ^
+				  (master->mark & info->nfmask);
+			if (ct->mark != newmark) {
+				ct->mark = newmark;
+				nf_conntrack_event_cache(IPCT_MARK, ct);
+			}
+		}
+		break;
 	}
 
 	return XT_CONTINUE;