[Oisf-devel] [PATCH 2/3] set_mark: handle feature in NFQ.

Eric Leblond eric at regit.org
Mon Mar 7 10:59:52 UTC 2011


This patch implements the set_mark related modification of verdict
handling.
---
 src/source-nfq.c |   32 +++++++++++++++++++++++++++++---
 1 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/source-nfq.c b/src/source-nfq.c
index 691cd99..2bf043d 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -792,10 +792,36 @@ void NFQSetVerdict(Packet *p) {
         default:
         case NFQ_ACCEPT_MODE:
         case NFQ_ROUTE_MODE:
-            if (p->flags & PKT_STREAM_MODIFIED) {
-                ret = nfq_set_verdict(t->qh, p->nfq_v.id, verdict, GET_PKT_LEN(p), GET_PKT_DATA(p));
+            if (p->flags & PKT_MARK_MODIFIED) {
+#ifdef HAVE_NFQ_SET_VERDICT2
+                if (p->flags & PKT_STREAM_MODIFIED) {
+                    ret = nfq_set_verdict2(t->qh, p->nfq_v.id, verdict,
+                            p->nfq_v.mark,
+                            GET_PKT_LEN(p), GET_PKT_DATA(p));
+                } else {
+                    ret = nfq_set_verdict2(t->qh, p->nfq_v.id, verdict,
+                            p->nfq_v.mark,
+                            0, NULL);
+                }
+#else /* fall back to old function */
+                if (p->flags & PKT_STREAM_MODIFIED) {
+                    ret = nfq_set_verdict_mark(t->qh, p->nfq_v.id, verdict,
+                            htonl(p->nfq_v.mark),
+                            GET_PKT_LEN(p), GET_PKT_DATA(p));
+                } else {
+                    ret = nfq_set_verdict_mark(t->qh, p->nfq_v.id, verdict,
+                            htonl(p->nfq_v.mark),
+                            0, NULL);
+                }
+#endif /* HAVE_NFQ_SET_VERDICT2 */
             } else {
-                ret = nfq_set_verdict(t->qh, p->nfq_v.id, verdict, 0, NULL);
+                if (p->flags & PKT_STREAM_MODIFIED) {
+                    ret = nfq_set_verdict(t->qh, p->nfq_v.id, verdict,
+                            GET_PKT_LEN(p), GET_PKT_DATA(p));
+                } else {
+                    ret = nfq_set_verdict(t->qh, p->nfq_v.id, verdict, 0, NULL);
+                }
+
             }
             break;
         case NFQ_REPEAT_MODE:
-- 
1.7.4.1




More information about the Oisf-devel mailing list