summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-08-07 19:41:30 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-09-26 18:52:26 +0200
commit8c38d35c3d90d493fdead6d4ead0517ec09fee96 (patch)
tree67c91223a47f97e58ecbdfd8bf5ad3e77972720c /src
parentfee95ed0db0745b551dfb15c58800da5c1ca9e5f (diff)
downloadconntrack-tools-8c38d35c3d90d493fdead6d4ead0517ec09fee96.tar.gz
conntrack-tools-8c38d35c3d90d493fdead6d4ead0517ec09fee96.zip
conntrackd: cthelper: allow to attach expectations via nfqueue
This requires the Linux kernel 3.12. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/cthelper.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/cthelper.c b/src/cthelper.c
index 5a8a92a..fec40fb 100644
--- a/src/cthelper.c
+++ b/src/cthelper.c
@@ -182,6 +182,15 @@ pkt_verdict_issue(struct ctd_helper_instance *cur, struct myct *myct,
nfct_nlmsg_build(nlh, myct->ct);
mnl_attr_nest_end(nlh, nest);
+ if (myct->exp) {
+ nest = mnl_attr_nest_start(nlh, NFQA_EXP);
+ if (nest == NULL)
+ return -1;
+
+ nfexp_nlmsg_build(nlh, myct->exp);
+ mnl_attr_nest_end(nlh, nest);
+ }
+
if (mnl_socket_sendto(STATE_CTH(nl), nlh, nlh->nlmsg_len) < 0) {
dlog(LOG_ERR, "failed to send verdict: %s", strerror(errno));
return -1;
@@ -317,6 +326,8 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
if (ct != NULL)
nfct_destroy(ct);
+ if (myct->exp != NULL)
+ nfexp_destroy(myct->exp);
if (myct && myct->priv_data != NULL)
free(myct->priv_data);
if (myct != NULL)