src: add support for CTA_SECCTX

This patch adds support for the new attribute CTA_SECCTX that supersedes CTA_SECMARK. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2010-12-18 20:18:49 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2011-01-16 22:32:40 +0100
commit: fdda1474cc8654430f245b7f01c30e8ff171fa60 (patch)
tree: e9d4a4f3d5a45677c49079aefa13e70541db7f8d /src/conntrack/compare.c
parent: f1456fa807f20bf8dd73ab3ae3312c2e8187f89f (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c
index 134cefd..1cdad1c 100644
--- a/src/conntrack/compare.c
+++ b/src/conntrack/compare.c
@@ -368,6 +368,14 @@ cmp_zone(const struct nf_conntrack *ct1,
 	return (ct1->zone == ct2->zone);
 }
 
+static int
+cmp_secctx(const struct nf_conntrack *ct1,
+	   const struct nf_conntrack *ct2,
+	   unsigned int flags)
+{
+	return strcmp(ct1->secctx, ct2->secctx) == 0;
+}
+
 static int cmp_meta(const struct nf_conntrack *ct1,
 		    const struct nf_conntrack *ct2,
 		    unsigned int flags)
@@ -388,6 +396,8 @@ static int cmp_meta(const struct nf_conntrack *ct1,
 		return 0;
 	if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone))
 		return 0;
+	if (!__cmp(ATTR_SECCTX, ct1, ct2, flags, cmp_secctx))
+		return 0;
 
 	return 1;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2010-12-18 20:18:49 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2011-01-16 22:32:40 +0100
commit	fdda1474cc8654430f245b7f01c30e8ff171fa60 (patch)
tree	e9d4a4f3d5a45677c49079aefa13e70541db7f8d /src/conntrack/compare.c
parent	f1456fa807f20bf8dd73ab3ae3312c2e8187f89f (diff)