git.baikalelectronics.ru Git - kernel.git/commit

author	Toke Høiland-Jørgensen <toke@toke.dk>
	Fri, 6 Jul 2018 15:37:19 +0000 (17:37 +0200)
committer	David S. Miller <davem@davemloft.net>
	Wed, 11 Jul 2018 03:06:34 +0000 (20:06 -0700)
commit	0051f7178f14b9dfbb190097ba83296a4acf1dea
tree	eedf21e4132a231617bc99c5774303346a0c763d	tree \| snapshot
parent	f13115a3de8550cdeaa86e2b3bf7b371f51a9af1	commit \| diff

netfilter: Add nf_ct_get_tuple_skb global lookup function

This adds a global netfilter function to extract a conntrack tuple from an
skb. The function uses a new function added to nf_ct_hook, which will try
to get the tuple from skb->_nfct, and do a full lookup if that fails. This
makes it possible to use the lookup function before the skb has passed
through the conntrack init hooks (e.g., in an ingress qdisc). The tuple is
copied to the caller to avoid issues with reference counting.

The function returns false if conntrack is not loaded, allowing it to be
used without incurring a module dependency on conntrack. This is used by
the NAT mode in sch_cake.

Cc: netfilter-devel@vger.kernel.org
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter.h		diff \| blob \| history
net/netfilter/core.c		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history