netfilter: nfqueue: enable to get skb->priority

This info could be useful to improve traffic analysis.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index aed90c4..ef7c97f 100644 (file)
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -61,6 +61,7 @@ enum nfqnl_attr_type {
        NFQA_SECCTX,                    /* security context string */
        NFQA_VLAN,                      /* nested attribute: packet vlan info */
        NFQA_L2HDR,                     /* full L2 header */
+       NFQA_PRIORITY,                  /* skb->priority */
 
        __NFQA_MAX
 };

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index ea2d9c2..48d7a59 100644 (file)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -402,6 +402,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
                + nla_total_size(sizeof(u_int32_t))     /* ifindex */
 #endif
                + nla_total_size(sizeof(u_int32_t))     /* mark */
+               + nla_total_size(sizeof(u_int32_t))     /* priority */
                + nla_total_size(sizeof(struct nfqnl_msg_packet_hw))
                + nla_total_size(sizeof(u_int32_t))     /* skbinfo */
                + nla_total_size(sizeof(u_int32_t));    /* cap_len */
@@ -559,6 +560,10 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
            nla_put_be32(skb, NFQA_MARK, htonl(entskb->mark)))
                goto nla_put_failure;
 
+       if (entskb->priority &&
+           nla_put_be32(skb, NFQA_PRIORITY, htonl(entskb->priority)))
+               goto nla_put_failure;
+
        if (indev && entskb->dev &&
            skb_mac_header_was_set(entskb) &&
            skb_mac_header_len(entskb) != 0) {