Commit b1b72076 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller

net: sctp: probe: allow more advanced ingress filtering by mark

This is a follow-up commit for commit b1dcdc68 ("net: tcp_probe:
allow more advanced ingress filtering by mark") that allows for
advanced SCTP probe module filtering based on skb mark (for a more
detailed description and advantages using mark, refer to b1dcdc68).
The current option to filter by a given port is still being preserved.
Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 3e25c65e
......@@ -46,6 +46,10 @@ static int port __read_mostly = 0;
MODULE_PARM_DESC(port, "Port to match (0=all)");
module_param(port, int, 0);
static unsigned int fwmark __read_mostly = 0;
MODULE_PARM_DESC(fwmark, "skb mark to match (0=no mark)");
module_param(fwmark, uint, 0);
static int bufsize __read_mostly = 64 * 1024;
MODULE_PARM_DESC(bufsize, "Log buffer size (default 64k)");
module_param(bufsize, int, 0);
......@@ -129,15 +133,19 @@ static sctp_disposition_t jsctp_sf_eat_sack(struct net *net,
void *arg,
sctp_cmd_seq_t *commands)
{
struct sctp_chunk *chunk = arg;
struct sk_buff *skb = chunk->skb;
struct sctp_transport *sp;
static __u32 lcwnd = 0;
struct timespec now;
sp = asoc->peer.primary_path;
if ((full || sp->cwnd != lcwnd) &&
(!port || asoc->peer.port == port ||
ep->base.bind_addr.port == port)) {
if (((port == 0 && fwmark == 0) ||
asoc->peer.port == port ||
ep->base.bind_addr.port == port ||
(fwmark > 0 && skb->mark == fwmark)) &&
(full || sp->cwnd != lcwnd)) {
lcwnd = sp->cwnd;
getnstimeofday(&now);
......@@ -198,8 +206,8 @@ static __init int sctpprobe_init(void)
if (ret)
goto remove_proc;
pr_info("probe registered (port=%d)\n", port);
pr_info("probe registered (port=%d/fwmark=%u) bufsize=%u\n",
port, fwmark, bufsize);
return 0;
remove_proc:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment