From 6510a98f4139f112a0c76c71ff889ef93eac41fb Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 6 Nov 2012 17:06:39 +0100 Subject: api: add connlabel api and attribute adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal --- src/conntrack/parse_mnl.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'src/conntrack/parse_mnl.c') diff --git a/src/conntrack/parse_mnl.c b/src/conntrack/parse_mnl.c index 93f6681..a4272f9 100644 --- a/src/conntrack/parse_mnl.c +++ b/src/conntrack/parse_mnl.c @@ -11,6 +11,7 @@ #include "internal/internal.h" #include +#include #include static int @@ -772,6 +773,25 @@ nfct_parse_timestamp(const struct nlattr *attr, struct nf_conntrack *ct) return 0; } +static int nfct_parse_labels(const struct nlattr *attr, struct nf_conntrack *ct) +{ + uint16_t len = mnl_attr_get_payload_len(attr); + struct nfct_bitmask *mask; + uint32_t *bits; + + if (len == 0) + return 0; + + mask = nfct_bitmask_new((len * CHAR_BIT) - 1); + if (!mask) + return -1; + bits = mnl_attr_get_payload(attr); + if (len) + memcpy(mask->bits, bits, len); + nfct_set_attr(ct, ATTR_CONNLABELS, mask); + return 0; +} + static int nfct_parse_conntrack_attr_cb(const struct nlattr *attr, void *data) { @@ -934,6 +954,11 @@ nfct_payload_parse(const void *payload, size_t payload_len, return -1; } + if (tb[CTA_LABELS]) { + if (nfct_parse_labels(tb[CTA_LABELS], ct) < 0) + return -1; + } + return 0; } -- cgit v1.2.3