[NETFILTER] ctnetlink: add one nesting level for TCP state
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 11 Oct 2005 03:55:49 +0000 (20:55 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 11 Oct 2005 03:55:49 +0000 (20:55 -0700)
To keep consistency, the TCP private protocol information is nested
attributes under CTA_PROTOINFO_TCP. This way the sequence of attributes to
access the TCP state information looks like here below:

CTA_PROTOINFO
CTA_PROTOINFO_TCP
CTA_PROTOINFO_TCP_STATE

instead of:

CTA_PROTOINFO
CTA_PROTOINFO_TCP_STATE

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter/nfnetlink_conntrack.h
net/ipv4/netfilter/ip_conntrack_proto_tcp.c

index 5c55751c78e4d3a83cc2b29a7d4e20bfdaeeaaa8..fb5511030185e91a3c00154552e4144ee90d564f 100644 (file)
@@ -70,11 +70,18 @@ enum ctattr_l4proto {
 
 enum ctattr_protoinfo {
        CTA_PROTOINFO_UNSPEC,
 
 enum ctattr_protoinfo {
        CTA_PROTOINFO_UNSPEC,
-       CTA_PROTOINFO_TCP_STATE,
+       CTA_PROTOINFO_TCP,
        __CTA_PROTOINFO_MAX
 };
 #define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
 
        __CTA_PROTOINFO_MAX
 };
 #define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
 
+enum ctattr_protoinfo_tcp {
+       CTA_PROTOINFO_TCP_UNSPEC,
+       CTA_PROTOINFO_TCP_STATE,
+       __CTA_PROTOINFO_TCP_MAX
+};
+#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
+
 enum ctattr_counters {
        CTA_COUNTERS_UNSPEC,
        CTA_COUNTERS_PACKETS,
 enum ctattr_counters {
        CTA_COUNTERS_UNSPEC,
        CTA_COUNTERS_PACKETS,
index 121760d6cc50cd2ccd4568591168988606ab15d3..75e27e65c28fbd29f73718f55b59e5bcc6bf9580 100644 (file)
@@ -341,11 +341,15 @@ static int tcp_print_conntrack(struct seq_file *s,
 static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa,
                         const struct ip_conntrack *ct)
 {
 static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa,
                         const struct ip_conntrack *ct)
 {
+       struct nfattr *nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
+       
        read_lock_bh(&tcp_lock);
        NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
                &ct->proto.tcp.state);
        read_unlock_bh(&tcp_lock);
 
        read_lock_bh(&tcp_lock);
        NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
                &ct->proto.tcp.state);
        read_unlock_bh(&tcp_lock);
 
+       NFA_NEST_END(skb, nest_parms);
+
        return 0;
 
 nfattr_failure:
        return 0;
 
 nfattr_failure: