Re: Problem with cls_flow nfct-* keys

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Гаврилов Игорь wrote:
After day after the day of trials and errors I finally get working solution - I use code from act_connmark and it's working pretty well.
#define CTTUPLE(skb, member)                                            \
({                                                                      \
         enum ip_conntrack_info ctinfo;                                  \
         struct nf_conntrack_tuple tuple;                                \
         struct nf_conntrack_zone zone;                                  \
         const struct nf_conntrack_tuple_hash *thash;                    \
         int proto;                                                      \
         const struct nf_conn *ct = nf_ct_get(skb, &ctinfo);             \
         if (ct == NULL){                                                \
                         switch (tc_skb_protocol(skb)) {                 \
                         case htons(ETH_P_IP):                           \
                                 proto = NFPROTO_IPV4;                   \
                                 break;                                  \
                         case htons(ETH_P_IPV6):                         \
                                 proto = NFPROTO_IPV6;                   \
                                 break;                                  \
                         default: goto fallback;                         \
         }                                                               \
         if (!nf_ct_get_tuplepr(skb, skb_network_offset(skb), proto, &tuple)) \
                 goto fallback;                                          \
         zone.id = NF_CT_DEFAULT_ZONE_ID;                                \
         zone.dir = NF_CT_DEFAULT_ZONE_DIR;                              \
                                                                         \
         thash = nf_conntrack_find_get(dev_net(skb->dev), &zone, &tuple);\
         if (!thash) goto fallback;                                      \
         ct = nf_ct_tuplehash_to_ctrack(thash);}                         \

         ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member;                 \
})


I can get info about original src/dst on ingress. But there is a little problem in function ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member;
I can't get valid direction, because I don't get ctinfo. Is any solustion for my situation?

I don't know, maybe you could ask on the netfilter list or netdev.


--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux