From 6510a98f4139f112a0c76c71ff889ef93eac41fb Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 6 Nov 2012 17:06:39 +0100 Subject: api: add connlabel api and attribute adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal --- src/conntrack/copy.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'src/conntrack/copy.c') diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index e66c952..9cb567c 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -450,6 +450,22 @@ static void copy_attr_help_info(struct nf_conntrack *dest, memcpy(dest->helper_info, orig->helper_info, orig->helper_info_len); } +static void* do_copy_attr_connlabels(struct nfct_bitmask *dest, + const struct nfct_bitmask *orig) +{ + if (orig == NULL) + return dest; + if (dest) + nfct_bitmask_destroy(dest); + return nfct_bitmask_clone(orig); +} + +static void copy_attr_connlabels(struct nf_conntrack *dest, + const struct nf_conntrack *orig) +{ + dest->connlabels = do_copy_attr_connlabels(dest->connlabels, orig->connlabels); +} + const copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_ORIG_IPV4_SRC] = copy_attr_orig_ipv4_src, [ATTR_ORIG_IPV4_DST] = copy_attr_orig_ipv4_dst, @@ -517,15 +533,19 @@ const copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_TIMESTAMP_START] = copy_attr_timestamp_start, [ATTR_TIMESTAMP_STOP] = copy_attr_timestamp_stop, [ATTR_HELPER_INFO] = copy_attr_help_info, + [ATTR_CONNLABELS] = copy_attr_connlabels, }; /* this is used by nfct_copy() with the NFCT_CP_OVERRIDE flag set. */ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct2) { memcpy(ct1, ct2, sizeof(*ct1)); - /* special case: secctx attribute is allocated dinamically. */ - ct1->secctx = NULL; /* don't free: ct2 uses it */ + /* malloc'd attributes: don't free, do copy */ + ct1->secctx = NULL; ct1->helper_info = NULL; + ct1->connlabels = NULL; + copy_attr_secctx(ct1, ct2); copy_attr_help_info(ct1, ct2); + copy_attr_connlabels(ct1, ct2); } -- cgit v1.2.3