diff options
| author | Harald Welte <laforge@netfilter.org> | 2004-10-20 07:14:41 -0700 |
|---|---|---|
| committer | David S. Miller <davem@nuts.davemloft.net> | 2004-10-20 07:14:41 -0700 |
| commit | e42d291db750b2cd605ed5bfbb74e61e80b532de (patch) | |
| tree | 5bf2bcb3ba14e10c78f0151966448043c4c75840 /include/linux | |
| parent | bd03dca44e17a4b0a3190c42ad616b59eb2ce4ec (diff) | |
[NETFILTER]: Add iptables CONNMARK match+target
This is the first patch, adding something similar like nfmark, but on a
per-conntrack (as opposed to per-skb) level. Very useful especially for
asymmatric routing in combination with MASQUERADE, as often found on
home DSL setups with dymamic IP address that also have e.g. a tunnel
device with static IP.
Signed-off-by: Henrik Nordstrom <hno@marasystems.com>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 4 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_CONNMARK.h | 25 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_connmark.h | 18 |
3 files changed, 47 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 989f1cf75560..afa5e0495f38 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h @@ -212,6 +212,10 @@ struct ip_conntrack } nat; #endif /* CONFIG_IP_NF_NAT_NEEDED */ +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) + unsigned long mark; +#endif + /* Traversed often, so hopefully in different cacheline to top */ /* These are my tuples; original and reply */ struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; diff --git a/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/include/linux/netfilter_ipv4/ipt_CONNMARK.h new file mode 100644 index 000000000000..d3c02536fc4c --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_CONNMARK.h @@ -0,0 +1,25 @@ +#ifndef _IPT_CONNMARK_H_target +#define _IPT_CONNMARK_H_target + +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> + * by Henrik Nordstrom <hno@marasystems.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +enum { + IPT_CONNMARK_SET = 0, + IPT_CONNMARK_SAVE, + IPT_CONNMARK_RESTORE +}; + +struct ipt_connmark_target_info { + unsigned long mark; + unsigned long mask; + u_int8_t mode; +}; + +#endif /*_IPT_CONNMARK_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_connmark.h b/include/linux/netfilter_ipv4/ipt_connmark.h new file mode 100644 index 000000000000..46573270d9aa --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_connmark.h @@ -0,0 +1,18 @@ +#ifndef _IPT_CONNMARK_H +#define _IPT_CONNMARK_H + +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> + * by Henrik Nordstrom <hno@marasystems.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +struct ipt_connmark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + +#endif /*_IPT_CONNMARK_H*/ |