Commit 4a6fbdd8 authored Dec 17, 2021 by Florian Westphal Committed by Pablo Neira Ayuso Dec 23, 2021

netfilter: conntrack: tag conntracks picked up in local out hook



This allows to identify flows that originate from local machine
in a followup patch.

It would be possible to make this a ->status bit instead.
For now I did not do that yet because I don't have a use-case for
exposing this info to userspace.

If one comes up the toggle can be replaced with a status bit.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 023223df

include/net/netfilter/nf_conntrack.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -95,6 +95,7 @@ struct nf_conn {
		unsigned long status;

		u16 cpu;
		u16 local_origin:1;
		possible_net_t ct_net;

		#if IS_ENABLED(CONFIG_NF_NAT)

net/netfilter/nf_conntrack_core.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1747,6 +1747,9 @@ resolve_normal_ct(struct nf_conn *tmpl,
		return 0;
		if (IS_ERR(h))
		return PTR_ERR(h);

		ct = nf_ct_tuplehash_to_ctrack(h);
		ct->local_origin = state->hook == NF_INET_LOCAL_OUT;
		}
		ct = nf_ct_tuplehash_to_ctrack(h);