diff options
| author |   Florian Westphal <fw@strlen.de> | 2021-12-17 11:29:56 +0100 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-23 01:07:44 +0100 |
| commit | 4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c (patch) | |
| tree | 62f644d13c80f922e376fbf9f125e5fde7688bb9 /net/netfilter | |
| parent | netfilter: nf_tables: make counter support built-in (diff) | |
| download | linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.tar.xz linux-dev-4a6fbdd801e882ee6ca5cdfdc3374f0ae263174c.zip | |
netfilter: conntrack: tag conntracks picked up in local out hook
This allows to identify flows that originate from local machine
in a followup patch.
It would be possible to make this a ->status bit instead.
For now I did not do that yet because I don't have a use-case for
exposing this info to userspace.
If one comes up the toggle can be replaced with a status bit.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index d7e313548066..bed0017cadb0 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1747,6 +1747,9 @@ resolve_normal_ct(struct nf_conn *tmpl, return 0; if (IS_ERR(h)) return PTR_ERR(h); + + ct = nf_ct_tuplehash_to_ctrack(h); + ct->local_origin = state->hook == NF_INET_LOCAL_OUT; } ct = nf_ct_tuplehash_to_ctrack(h); |