All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: pablo@netfilter.org
Cc: fw@strlen.de, netfilter-devel@vger.kernel.org,
	netdev@vger.kernel.org,
	Nicolas Dichtel <nicolas.dichtel@6wind.com>
Subject: [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority
Date: Fri,  4 Feb 2022 11:26:37 +0100	[thread overview]
Message-ID: <20220204102637.4272-1-nicolas.dichtel@6wind.com> (raw)
In-Reply-To: <Yfy2YxiwvDLtLvTo@salvia>

Available since linux v5.18.

Link: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 .../libnetfilter_queue/libnetfilter_queue.h   |  3 +++
 include/linux/netfilter/nfnetlink_queue.h     | 16 +++++++++++++-
 src/libnetfilter_queue.c                      | 21 ++++++++++++++++++-
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h
index a19122f10ec6..8a191dfdfeaf 100644
--- a/include/libnetfilter_queue/libnetfilter_queue.h
+++ b/include/libnetfilter_queue/libnetfilter_queue.h
@@ -96,6 +96,8 @@ extern struct nfqnl_msg_packet_hdr *
 
 extern uint32_t nfq_get_nfmark(struct nfq_data *nfad);
 
+extern uint32_t nfq_get_priority(struct nfq_data *nfad);
+
 extern int nfq_get_timestamp(struct nfq_data *nfad, struct timeval *tv);
 
 /* return 0 if not set */
@@ -132,6 +134,7 @@ enum {
 	NFQ_XML_UID	= (1 << 6),
 	NFQ_XML_GID	= (1 << 7),
 	NFQ_XML_SECCTX  = (1 << 8),
+	NFQ_XML_PRIORITY= (1 << 9),
 	NFQ_XML_ALL	= ~0U,
 };
 
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 8e2e4697ffb0..ef7c97f21a15 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
 #ifndef _NFNETLINK_QUEUE_H
 #define _NFNETLINK_QUEUE_H
 
@@ -30,6 +31,14 @@ struct nfqnl_msg_packet_timestamp {
 	__aligned_be64	usec;
 };
 
+enum nfqnl_vlan_attr {
+	NFQA_VLAN_UNSPEC,
+	NFQA_VLAN_PROTO,		/* __be16 skb vlan_proto */
+	NFQA_VLAN_TCI,			/* __be16 skb htons(vlan_tci) */
+	__NFQA_VLAN_MAX,
+};
+#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1)
+
 enum nfqnl_attr_type {
 	NFQA_UNSPEC,
 	NFQA_PACKET_HDR,
@@ -49,7 +58,10 @@ enum nfqnl_attr_type {
 	NFQA_EXP,			/* nfnetlink_conntrack.h */
 	NFQA_UID,			/* __u32 sk uid */
 	NFQA_GID,			/* __u32 sk gid */
-	NFQA_SECCTX,
+	NFQA_SECCTX,			/* security context string */
+	NFQA_VLAN,			/* nested attribute: packet vlan info */
+	NFQA_L2HDR,			/* full L2 header */
+	NFQA_PRIORITY,			/* skb->priority */
 
 	__NFQA_MAX
 };
@@ -111,5 +123,7 @@ enum nfqnl_attr_config {
 #define NFQA_SKB_CSUMNOTREADY (1 << 0)
 /* packet is GSO (i.e., exceeds device mtu) */
 #define NFQA_SKB_GSO (1 << 1)
+/* csum not validated (incoming device doesn't support hw checksum, etc.) */
+#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
 
 #endif /* _NFNETLINK_QUEUE_H */
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index a1701431d5d9..b5a3b399f5ea 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -1017,6 +1017,18 @@ uint32_t nfq_get_nfmark(struct nfq_data *nfad)
 	return ntohl(nfnl_get_data(nfad->data, NFQA_MARK, uint32_t));
 }
 
+/**
+ * nfq_get_priority - get the packet priority
+ * \param nfad Netlink packet data handle passed to callback function
+ *
+ * \return the packet priority currently assigned to the given queued packet.
+ */
+EXPORT_SYMBOL
+uint32_t nfq_get_priority(struct nfq_data *nfad)
+{
+	return ntohl(nfnl_get_data(nfad->data, NFQA_PRIORITY, uint32_t));
+}
+
 /**
  * nfq_get_timestamp - get the packet timestamp
  * \param nfad Netlink packet data handle passed to callback function
@@ -1403,6 +1415,7 @@ do {								\
  *	- NFQ_XML_PHYSDEV: include the physical device information
  *	- NFQ_XML_PAYLOAD: include the payload (in hexadecimal)
  *	- NFQ_XML_TIME: include the timestamp
+ *	- NFQ_XML_PRIORITY: include the packet priority
  *	- NFQ_XML_ALL: include all the logging information (all flags set)
  *
  * You can combine this flags with an binary OR.
@@ -1416,7 +1429,7 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
 {
 	struct nfqnl_msg_packet_hdr *ph;
 	struct nfqnl_msg_packet_hw *hwph;
-	uint32_t mark, ifi;
+	uint32_t mark, ifi, priority;
 	uint32_t uid, gid;
 	int size, offset = 0, len = 0, ret;
 	unsigned char *data;
@@ -1507,6 +1520,12 @@ int nfq_snprintf_xml(char *buf, size_t rem, struct nfq_data *tb, int flags)
 		SNPRINTF_FAILURE(size, rem, offset, len);
 	}
 
+	priority = nfq_get_priority(tb);
+	if (priority && (flags & NFQ_XML_PRIORITY)) {
+		size = snprintf(buf + offset, rem, "<priority>%u</priority>", priority);
+		SNPRINTF_FAILURE(size, rem, offset, len);
+	}
+
 	ifi = nfq_get_indev(tb);
 	if (ifi && (flags & NFQ_XML_DEV)) {
 		size = snprintf(buf + offset, rem, "<indev>%u</indev>", ifi);
-- 
2.33.0


  parent reply	other threads:[~2022-02-04 10:26 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-17 20:56 [PATCH nf-next] nfqueue: enable to get skb->priority Nicolas Dichtel
2022-01-18 12:36 ` Florian Westphal
2022-02-04  5:15 ` Pablo Neira Ayuso
2022-02-04  5:16   ` Pablo Neira Ayuso
2022-02-04 10:21     ` [PATCH nf-next] nfqueue: enable to set skb->priority Nicolas Dichtel
2022-02-04 11:59       ` Florian Westphal
2022-02-04 17:18       ` kernel test robot
2022-02-04 17:18         ` kernel test robot
2022-02-09 11:04       ` Pablo Neira Ayuso
2022-02-04 10:26   ` Nicolas Dichtel [this message]
2022-02-04 10:30     ` [PATCH libnetfilter_queue] libnetfilter_queue: add support of skb->priority Nicolas Dichtel
2022-02-04 12:01       ` Florian Westphal
2022-02-04 14:20         ` Pablo Neira Ayuso
2022-02-23  9:01           ` Nicolas Dichtel
2022-02-23 10:24             ` Pablo Neira Ayuso
2022-02-23 14:03               ` Nicolas Dichtel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220204102637.4272-1-nicolas.dichtel@6wind.com \
    --to=nicolas.dichtel@6wind.com \
    --cc=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.