diff options
| author | Florian Westphal <fw@strlen.de> | 2025-01-09 14:15:36 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2025-02-07 13:13:30 +0100 |
| commit | 7e416f3c6217687ab35f07e14bd268109d5be4c3 (patch) | |
| tree | 6307ec5bea71a92be28ff472da39ff04627fb4c8 | |
| parent | a722c6cf3baebd9ad216daf239fa9a7afc88821d (diff) | |
Allow libnetfilter_conntrack to parse CTA_TIMESTAMP_EVENT attribute.
This will be included for all ctnetlink events if the kernel has commit
netfilter: conntrack: add conntrack event timestamp
and net.netfilter.nf_conntrack_timestamp sysctl is set to 1.
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/internal/object.h | 1 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 1 | ||||
| -rw-r--r-- | src/conntrack/getter.c | 6 | ||||
| -rw-r--r-- | src/conntrack/parse_mnl.c | 10 |
5 files changed, 19 insertions, 0 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 658e4d2..d72b31c 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -201,6 +201,7 @@ struct nf_conntrack { struct nfct_bitmask *connlabels; struct nfct_bitmask *connlabels_mask; + uint64_t timestamp_event; }; /* diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 27d972d..086c81a 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -144,6 +144,7 @@ enum nf_conntrack_attr { ATTR_SYNPROXY_ISN = 72, /* u32 bits */ ATTR_SYNPROXY_ITS, /* u32 bits */ ATTR_SYNPROXY_TSOFF, /* u32 bits */ + ATTR_TIMESTAMP_EVENT, /* u64 bits */ ATTR_MAX }; diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index b8ffe02..88c14c8 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -60,6 +60,7 @@ enum ctattr_type { CTA_SYNPROXY, CTA_FILTER, CTA_STATUS_MASK, + CTA_TIMESTAMP_EVENT, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) diff --git a/src/conntrack/getter.c b/src/conntrack/getter.c index d1f9a5a..c9615d5 100644 --- a/src/conntrack/getter.c +++ b/src/conntrack/getter.c @@ -384,6 +384,11 @@ static const void *get_attr_synproxy_tsoff(const struct nf_conntrack *ct) return &ct->synproxy.tsoff; } +static const void *get_attr_timestamp_event(const struct nf_conntrack *ct) +{ + return &ct->timestamp_event; +} + const get_attr get_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = get_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = get_attr_orig_ipv4_dst, @@ -460,4 +465,5 @@ const get_attr get_attr_array[ATTR_MAX] = { [ATTR_SYNPROXY_ISN] = get_attr_synproxy_isn, [ATTR_SYNPROXY_ITS] = get_attr_synproxy_its, [ATTR_SYNPROXY_TSOFF] = get_attr_synproxy_tsoff, + [ATTR_TIMESTAMP_EVENT] = get_attr_timestamp_event, }; diff --git a/src/conntrack/parse_mnl.c b/src/conntrack/parse_mnl.c index 3cbfc6a..0f87f69 100644 --- a/src/conntrack/parse_mnl.c +++ b/src/conntrack/parse_mnl.c @@ -897,6 +897,10 @@ nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data) case CTA_NAT_DST: /* deprecated */ break; + case CTA_TIMESTAMP_EVENT: + if (mnl_attr_validate(attr, MNL_TYPE_U64) < 0) + abi_breakage(); + break; } tb[type] = attr; return MNL_CB_OK; @@ -1029,6 +1033,12 @@ nfct_payload_parse(const void *payload, size_t payload_len, return -1; } + if (tb[CTA_TIMESTAMP_EVENT]) { + set_bit(ATTR_TIMESTAMP_EVENT, ct->head.set); + ct->timestamp_event = + be64toh(mnl_attr_get_u64(tb[CTA_TIMESTAMP_EVENT])); + } + return 0; } |