summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/conntrack/build.c12
-rw-r--r--src/conntrack/parse.c5
-rw-r--r--src/conntrack/snprintf_default.c12
-rw-r--r--src/conntrack/snprintf_xml.c7
4 files changed, 35 insertions, 1 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index 169f289..f5e7353 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -236,6 +236,13 @@ void __build_mark(struct nfnlhdr *req,
nfnl_addattr32(&req->nlh, size, CTA_MARK, htonl(ct->mark));
}
+void __build_secmark(struct nfnlhdr *req,
+ size_t size,
+ const struct nf_conntrack *ct)
+{
+ nfnl_addattr32(&req->nlh, size, CTA_SECMARK, htonl(ct->secmark));
+}
+
int __build_conntrack(struct nfnl_subsys_handle *ssh,
struct nfnlhdr *req,
size_t size,
@@ -282,11 +289,14 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
if (test_bit(ATTR_MARK, ct->set))
__build_mark(req, size, ct);
+ if (test_bit(ATTR_SECMARK, ct->set))
+ __build_secmark(req, size, ct);
+
if (test_bit(ATTR_TCP_STATE, ct->set) ||
(test_bit(ATTR_TCP_FLAGS_ORIG, ct->set) &&
test_bit(ATTR_TCP_MASK_ORIG, ct->set)) ||
(test_bit(ATTR_TCP_FLAGS_REPL, ct->set) &&
- test_but(ATTR_TCP_MASK_REPL, ct->set)))
+ test_bit(ATTR_TCP_MASK_REPL, ct->set)))
__build_protoinfo(req, size, ct);
if (test_bit(ATTR_SNAT_IPV4, ct->set) &&
diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 75c5072..d5482cc 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -322,6 +322,11 @@ void __parse_conntrack(const struct nlmsghdr *nlh,
set_bit(ATTR_MARK, ct->set);
}
+ if (cda[CTA_SECMARK-1]) {
+ ct->secmark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
+ set_bit(ATTR_SECMARK, ct->set);
+ }
+
if (cda[CTA_COUNTERS_ORIG-1])
__parse_counters(cda[CTA_COUNTERS_ORIG-1], ct, __DIR_ORIG);
diff --git a/src/conntrack/snprintf_default.c b/src/conntrack/snprintf_default.c
index 996fe1a..04c2af3 100644
--- a/src/conntrack/snprintf_default.c
+++ b/src/conntrack/snprintf_default.c
@@ -194,6 +194,13 @@ int __snprintf_mark(char *buf, unsigned int len, const struct nf_conntrack *ct)
return (snprintf(buf, len, "mark=%u ", ct->mark));
}
+int __snprintf_secmark(char *buf,
+ unsigned int len,
+ const struct nf_conntrack *ct)
+{
+ return (snprintf(buf, len, "secmark=%u ", ct->secmark));
+}
+
int __snprintf_use(char *buf, unsigned int len, const struct nf_conntrack *ct)
{
return (snprintf(buf, len, "use=%u ", ct->use));
@@ -285,6 +292,11 @@ int __snprintf_conntrack_default(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
+ if (test_bit(ATTR_SECMARK, ct->set)) {
+ ret = __snprintf_secmark(buf+offset, len, ct);
+ BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (test_bit(ATTR_USE, ct->set)) {
ret = __snprintf_use(buf+offset, len, ct);
BUFFER_SIZE(ret, size, len, offset);
diff --git a/src/conntrack/snprintf_xml.c b/src/conntrack/snprintf_xml.c
index 56b2016..5f5b6bb 100644
--- a/src/conntrack/snprintf_xml.c
+++ b/src/conntrack/snprintf_xml.c
@@ -45,6 +45,7 @@
* </layer4>
* <timeout>100</timeout>
* <mark>1</mark>
+ * <secmark>0</secmark>
* <use>1</use>
* <assured/>
* </meta>
@@ -307,6 +308,12 @@ int __snprintf_conntrack_xml(char *buf,
BUFFER_SIZE(ret, size, len, offset);
}
+ if (test_bit(ATTR_SECMARK, ct->set)) {
+ ret = snprintf(buf+offset, len,
+ "<secmark>%u</secmark>", ct->secmark);
+ BUFFER_SIZE(ret, size, len, offset);
+ }
+
if (test_bit(ATTR_USE, ct->set)) {
ret = snprintf(buf+offset, len, "<use>%u</use>", ct->use);
BUFFER_SIZE(ret, size, len, offset);