[nf-next] nfqueue: enable to get skb->priority

Commit Message

Nicolas Dichtel Jan. 17, 2022, 8:56 p.m. UTC

This info could be useful to improve traffic analysis.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
 include/uapi/linux/netfilter/nfnetlink_queue.h | 1 +
 net/netfilter/nfnetlink_queue.c                | 5 +++++
 2 files changed, 6 insertions(+)

Comments

Florian Westphal Jan. 18, 2022, 12:36 p.m. UTC | #1

Nicolas Dichtel <nicolas.dichtel@6wind.com> wrote:
> This info could be useful to improve traffic analysis.

Acked-by: Florian Westphal <fw@strlen.de>

Pablo Neira Ayuso Feb. 4, 2022, 5:15 a.m. UTC | #2

On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote:
> This info could be useful to improve traffic analysis.

Applied.

Pablo Neira Ayuso Feb. 4, 2022, 5:16 a.m. UTC | #3

On Fri, Feb 04, 2022 at 06:15:20AM +0100, Pablo Neira Ayuso wrote:
> On Mon, Jan 17, 2022 at 09:56:13PM +0100, Nicolas Dichtel wrote:
> > This info could be useful to improve traffic analysis.
> 
> Applied.

Maybe allow to update this skbuff field from the verdict path too?
I don't remember any read-only field like this in nfqueue.

Patch

diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index aed90c4df0c8..ef7c97f21a15 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -61,6 +61,7 @@  enum nfqnl_attr_type {
 	NFQA_SECCTX,			/* security context string */
 	NFQA_VLAN,			/* nested attribute: packet vlan info */
 	NFQA_L2HDR,			/* full L2 header */
+	NFQA_PRIORITY,			/* skb->priority */
 
 	__NFQA_MAX
 };
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index ea2d9c2a44cf..48d7a59c6482 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -402,6 +402,7 @@  nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 		+ nla_total_size(sizeof(u_int32_t))	/* ifindex */
 #endif
 		+ nla_total_size(sizeof(u_int32_t))	/* mark */
+		+ nla_total_size(sizeof(u_int32_t))	/* priority */
 		+ nla_total_size(sizeof(struct nfqnl_msg_packet_hw))
 		+ nla_total_size(sizeof(u_int32_t))	/* skbinfo */
 		+ nla_total_size(sizeof(u_int32_t));	/* cap_len */
@@ -559,6 +560,10 @@  nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	    nla_put_be32(skb, NFQA_MARK, htonl(entskb->mark)))
 		goto nla_put_failure;
 
+	if (entskb->priority &&
+	    nla_put_be32(skb, NFQA_PRIORITY, htonl(entskb->priority)))
+		goto nla_put_failure;
+
 	if (indev && entskb->dev &&
 	    skb_mac_header_was_set(entskb) &&
 	    skb_mac_header_len(entskb) != 0) {