[NETFILTER]: ctnetlink: add support for secmark

This patch adds support for James Morris' connsecmark. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2007-12-17 22:28:41 -0800
committer: David S. Miller <davem@davemloft.net> 2008-01-28 14:58:52 -0800
commit: 37fccd8577d38e249dde71512fb38d2f6a4d9d3c (patch)
tree: ede873cf656ad872b94bc88e6530831f4f2dfb01 /net/netfilter/xt_CONNSECMARK.c
parent: 0f417ce989f84cfd5418e3b316064bfbb2708196 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 2c265e87f396..2333f7e29bc9 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -20,6 +20,7 @@
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_CONNSECMARK.h>
 #include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_ecache.h>
 
 #define PFX "CONNSECMARK: "
 
@@ -40,8 +41,10 @@ static void secmark_save(const struct sk_buff *skb)
 		enum ip_conntrack_info ctinfo;
 
 		ct = nf_ct_get(skb, &ctinfo);
-		if (ct && !ct->secmark)
+		if (ct && !ct->secmark) {
 			ct->secmark = skb->secmark;
+			nf_conntrack_event_cache(IPCT_SECMARK, skb);
+		}
 	}
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2007-12-17 22:28:41 -0800
committer	David S. Miller <davem@davemloft.net>	2008-01-28 14:58:52 -0800
commit	37fccd8577d38e249dde71512fb38d2f6a4d9d3c (patch)
tree	ede873cf656ad872b94bc88e6530831f4f2dfb01 /net/netfilter/xt_CONNSECMARK.c
parent	0f417ce989f84cfd5418e3b316064bfbb2708196 (diff)