From 9f53603a10aa738d6f5a41a061bc3e1182c42d0c Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Feb 2011 18:33:22 +0100
Subject: conntrack: add NFCT_CP_OVERRIDE flag for nfct_copy()

Thus, we have a fast version of nfct_copy() which allows to
copy the destination to the origin. After this call, the
destination is a clone of the origin.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/internal/prototypes.h                           | 1 +
 include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 +
 src/conntrack/api.c                                     | 7 +++++++
 src/conntrack/copy.c                                    | 8 ++++++++
 4 files changed, 17 insertions(+)

diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index 359a80e..928ddbd 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -21,6 +21,7 @@ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data);
 int __setobjopt(struct nf_conntrack *ct, unsigned int option);
 int __getobjopt(const struct nf_conntrack *ct, unsigned int option);
 int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags);
+void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct);
 
 int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter);
 
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index f09e03b..b3e6758 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -408,6 +408,7 @@ enum {
 	NFCT_CP_ORIG = (1 << 0),
 	NFCT_CP_REPL = (1 << 1),
 	NFCT_CP_META = (1 << 2),
+	NFCT_CP_OVERRIDE = (1 << 3),
 };
 
 extern void nfct_copy(struct nf_conntrack *dest,
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 2262974..a35c670 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -1099,6 +1099,9 @@ int nfct_cmp(const struct nf_conntrack *ct1,
  * 	and 4 protocol number.
  * 	- NFCT_CP_META: that copies the metainformation 
  * 	(all the attributes >= ATTR_TCP_STATE)
+ *	- NFCT_CP_OVERRIDE: changes the default behaviour of nfct_copy() since
+ *	it overrides the destination object. After the copy, the destination
+ *	is a clone of the origin. This flag provides faster copying.
  */
 void nfct_copy(struct nf_conntrack *ct1,
 	       const struct nf_conntrack *ct2,
@@ -1109,6 +1112,10 @@ void nfct_copy(struct nf_conntrack *ct1,
 	assert(ct1 != NULL);
 	assert(ct2 != NULL);
 
+	if (flags & NFCT_CP_OVERRIDE) {
+		__copy_fast(ct1, ct2);
+		return;
+	}
 	if (flags == NFCT_CP_ALL) {
 		for (i=0; i<ATTR_MAX; i++) {
 			if (test_bit(i, ct2->set)) {
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 94d0711..c3a4fcc 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -505,3 +505,11 @@ const copy_attr copy_attr_array[ATTR_MAX] = {
 	[ATTR_TIMESTAMP_START]		= copy_attr_timestamp_start,
 	[ATTR_TIMESTAMP_STOP]		= copy_attr_timestamp_stop,
 };
+
+/* this is used by nfct_copy() with the NFCT_CP_OVERRIDE flag set. */
+void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct2)
+{
+	memcpy(ct1, ct2, sizeof(*ct1));
+	/* special case: secctx attribute is allocated dinamically. */
+	copy_attr_secctx(ct1, ct2);
+}
-- 
cgit v1.2.3