netfilter: conntrack: tag conntracks picked up in local out hook

This allows to identify flows that originate from local machine in a followup patch. It would be possible to make this a ->status bit instead. For now I did not do that yet because I don't have a use-case for exposing this info to userspace. If one comes up the toggle can be replaced with a status bit. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2021-12-17 11:29:56 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-12-23 01:07:44 +0100
commit: 4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c (patch)
tree: 62f644d13c80f922e376fbf9f125e5fde7688bb9 /include/net/netfilter/nf_conntrack.h
parent: netfilter: nf_tables: make counter support built-in (diff)
download: linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.tar.xz
linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index d24b0a34c8f0..871489df63c6 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -95,6 +95,7 @@ struct nf_conn {
 	unsigned long status;
 
 	u16		cpu;
+	u16		local_origin:1;
 	possible_net_t ct_net;
 
 #if IS_ENABLED(CONFIG_NF_NAT)
author	Florian Westphal <fw@strlen.de>	2021-12-17 11:29:56 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-12-23 01:07:44 +0100
commit	4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c (patch)
tree	62f644d13c80f922e376fbf9f125e5fde7688bb9 /include/net/netfilter/nf_conntrack.h
parent	netfilter: nf_tables: make counter support built-in (diff)
download	linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.tar.xz linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.zip