Skip to content

Commit 3087c3f

Browse files
Brett Mastbergenummakynes
Brett Mastbergen
authored and
ummakynes
committed
netfilter: nft_ct: Add ct id support
The 'id' key returns the unique id of the conntrack entry as returned by nf_ct_get_id(). Signed-off-by: Brett Mastbergen <[email protected]> Acked-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent fec9c27 commit 3087c3f

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

include/uapi/linux/netfilter/nf_tables.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -967,6 +967,7 @@ enum nft_socket_keys {
967967
* @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
968968
* @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
969969
* @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
970+
* @NFT_CT_ID: conntrack id
970971
*/
971972
enum nft_ct_keys {
972973
NFT_CT_STATE,
@@ -993,6 +994,7 @@ enum nft_ct_keys {
993994
NFT_CT_SRC_IP6,
994995
NFT_CT_DST_IP6,
995996
NFT_CT_TIMEOUT,
997+
NFT_CT_ID,
996998
__NFT_CT_MAX
997999
};
9981000
#define NFT_CT_MAX (__NFT_CT_MAX - 1)

net/netfilter/nft_ct.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,11 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
178178
return;
179179
}
180180
#endif
181+
case NFT_CT_ID:
182+
if (!nf_ct_is_confirmed(ct))
183+
goto err;
184+
*dest = nf_ct_get_id(ct);
185+
return;
181186
default:
182187
break;
183188
}
@@ -479,6 +484,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
479484
len = sizeof(u16);
480485
break;
481486
#endif
487+
case NFT_CT_ID:
488+
len = sizeof(u32);
489+
break;
482490
default:
483491
return -EOPNOTSUPP;
484492
}

0 commit comments

Comments
 (0)