diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-07 19:41:30 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-26 18:52:26 +0200 |
commit | 8c38d35c3d90d493fdead6d4ead0517ec09fee96 (patch) | |
tree | 67c91223a47f97e58ecbdfd8bf5ad3e77972720c /src | |
parent | fee95ed0db0745b551dfb15c58800da5c1ca9e5f (diff) | |
download | conntrack-tools-8c38d35c3d90d493fdead6d4ead0517ec09fee96.tar.gz conntrack-tools-8c38d35c3d90d493fdead6d4ead0517ec09fee96.zip |
conntrackd: cthelper: allow to attach expectations via nfqueue
This requires the Linux kernel 3.12.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/cthelper.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/cthelper.c b/src/cthelper.c index 5a8a92a..fec40fb 100644 --- a/src/cthelper.c +++ b/src/cthelper.c @@ -182,6 +182,15 @@ pkt_verdict_issue(struct ctd_helper_instance *cur, struct myct *myct, nfct_nlmsg_build(nlh, myct->ct); mnl_attr_nest_end(nlh, nest); + if (myct->exp) { + nest = mnl_attr_nest_start(nlh, NFQA_EXP); + if (nest == NULL) + return -1; + + nfexp_nlmsg_build(nlh, myct->exp); + mnl_attr_nest_end(nlh, nest); + } + if (mnl_socket_sendto(STATE_CTH(nl), nlh, nlh->nlmsg_len) < 0) { dlog(LOG_ERR, "failed to send verdict: %s", strerror(errno)); return -1; @@ -317,6 +326,8 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data) if (ct != NULL) nfct_destroy(ct); + if (myct->exp != NULL) + nfexp_destroy(myct->exp); if (myct && myct->priv_data != NULL) free(myct->priv_data); if (myct != NULL) |