Pablo Neira Ayuso wrote:
Hi Patrick, While finishing the DCCP support (I think it's the last to finish the conntrack-tools), I notice that there's one field that is not exported to user-space via ctnetlink. This patch adds a couple of missing attributes that allows me to set the role in DCCP connections, otherwise the ctnetlink support is not of much help to be used by conntrackd. This can be done with only one attribute, so we can have just one CTA_PROTOINFO_DCCP_ROLE_ORIGINAL and set the reply as the opposite. However, this may look at bit inconsistent. I don't really mind the way this is done, just tell me I'll do it :), but I need this to complete DCCP support.
Indeed, this looks like an unnecessary way to do something wrong for userspace. Since the roles are always the opposite in each direction, we might as well change the kernel to only keep track of the role in the original direction and use !role for the reply direction.
+ ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = + nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE_ORIGINAL]); + ct->proto.dccp.role[IP_CT_DIR_REPLY] = + nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE_REPLY]);
Validation please, incorrect values might crash the kernel. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
