Гаврилов Игорь wrote:
After day after the day of trials and errors I finally get working solution - I use code from act_connmark and it's working pretty well.
#define CTTUPLE(skb, member) \
({ \
enum ip_conntrack_info ctinfo; \
struct nf_conntrack_tuple tuple; \
struct nf_conntrack_zone zone; \
const struct nf_conntrack_tuple_hash *thash; \
int proto; \
const struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \
if (ct == NULL){ \
switch (tc_skb_protocol(skb)) { \
case htons(ETH_P_IP): \
proto = NFPROTO_IPV4; \
break; \
case htons(ETH_P_IPV6): \
proto = NFPROTO_IPV6; \
break; \
default: goto fallback; \
} \
if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto, &tuple)) \
goto fallback; \
zone.id = NF_CT_DEFAULT_ZONE_ID; \
zone.dir = NF_CT_DEFAULT_ZONE_DIR; \
\
thash = nf_conntrack_find_get(dev_net(skb->dev), &zone, &tuple);\
if (!thash) goto fallback; \
ct = nf_ct_tuplehash_to_ctrack(thash);} \
ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \
})
I can get info about original src/dst on ingress. But there is a little problem in function ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member;
I can't get valid direction, because I don't get ctinfo. Is any solustion for my situation?
I don't know, maybe you could ask on the netfilter list or netdev.
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
