To apply the payload on both directions we need nft_payload_set struct
along with the source data.
There is also enum nft_ext_entry_type to signal the validity of the
context.
Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>
---
include/net/netfilter/nf_tables.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 8f34571fe345..ffcbe25d6bd2 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1735,7 +1735,19 @@ int nft_payload_mangle(const struct nft_payload_set *priv,
const u32 *src);
#if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
+enum nft_ext_entry_type {
+ NFT_EXT_UNDEFINED
+ , NFT_EXT_PAYLOAD_SET
+};
+
+struct nf_conn_nft_ext_entry {
+ enum nft_ext_entry_type nfte_type;
+ struct nft_payload_set nfte_payload;
+ u32 nfte_data;
+};
+
struct nf_conn_nft_ext {
+ struct nf_conn_nft_ext_entry nfte_entries[IP_CT_DIR_MAX];
};
static inline void nfct_nft_ext_add(struct nf_conn *ct)
--
2.32.0
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
