Гаврилов Игорь wrote:
After day after the day of trials and errors I finally get working solution - I use code from act_connmark and it's working pretty well. #define CTTUPLE(skb, member) \ ({ \ enum ip_conntrack_info ctinfo; \ struct nf_conntrack_tuple tuple; \ struct nf_conntrack_zone zone; \ const struct nf_conntrack_tuple_hash *thash; \ int proto; \ const struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \ if (ct == NULL){ \ switch (tc_skb_protocol(skb)) { \ case htons(ETH_P_IP): \ proto = NFPROTO_IPV4; \ break; \ case htons(ETH_P_IPV6): \ proto = NFPROTO_IPV6; \ break; \ default: goto fallback; \ } \ if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto, &tuple)) \ goto fallback; \ zone.id = NF_CT_DEFAULT_ZONE_ID; \ zone.dir = NF_CT_DEFAULT_ZONE_DIR; \ \ thash = nf_conntrack_find_get(dev_net(skb->dev), &zone, &tuple);\ if (!thash) goto fallback; \ ct = nf_ct_tuplehash_to_ctrack(thash);} \ ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \ }) I can get info about original src/dst on ingress. But there is a little problem in function ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; I can't get valid direction, because I don't get ctinfo. Is any solustion for my situation?
I don't know, maybe you could ask on the netfilter list or netdev. -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html