From 22c8af6991eab12a87fec4f06559e1d7ea3826f1 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 14 Dec 2012 12:42:48 +0100 Subject: api: add CTA_LABEL_MASK attribute handling allows to set/clear only a subset of the in-kernel label set, e.g. "set bit 1 and do not change any others". Signed-off-by: Florian Westphal --- src/conntrack/copy.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/conntrack/copy.c') diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 9cb567c..5915c16 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -466,6 +466,12 @@ static void copy_attr_connlabels(struct nf_conntrack *dest, dest->connlabels = do_copy_attr_connlabels(dest->connlabels, orig->connlabels); } +static void copy_attr_connlabels_mask(struct nf_conntrack *dest, + const struct nf_conntrack *orig) +{ + dest->connlabels_mask = do_copy_attr_connlabels(dest->connlabels_mask, orig->connlabels_mask); +} + const copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst, @@ -534,6 +540,7 @@ const copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_TIMESTAMP_STOP] = copy_attr_timestamp_stop, [ATTR_HELPER_INFO] = copy_attr_help_info, [ATTR_CONNLABELS] = copy_attr_connlabels, + [ATTR_CONNLABELS_MASK] = copy_attr_connlabels_mask, }; /* this is used by nfct_copy() with the NFCT_CP_OVERRIDE flag set. */ @@ -544,8 +551,10 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct2) ct1->secctx = NULL; ct1->helper_info = NULL; ct1->connlabels = NULL; + ct1->connlabels_mask = NULL; copy_attr_secctx(ct1, ct2); copy_attr_help_info(ct1, ct2); copy_attr_connlabels(ct1, ct2); + copy_attr_connlabels_mask(ct1, ct2); } -- cgit v1.2.3