diff options
author | Afschin Hormozdiary <Afschin.Hormozdiary@sophos.com> | 2013-05-17 09:38:26 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2013-05-20 21:19:00 +0200 |
commit | d0dd9ebfea593948352a1a7ac438ff417e4323e0 (patch) | |
tree | 26a02b566c98dbd52eebd2504ec05142dbe4f394 | |
parent | 22c8af6991eab12a87fec4f06559e1d7ea3826f1 (diff) |
libnetfilter_conntrack: don't ignore ATTR_CONNLABELS
The libnfnetlink based backend 'build.c' currently ignores
ATTR_CONNLABELS and ATTR_CONNLABELS_MASK.
The libmnl based backend 'build_mnl.c' instead handles
both attributes correct.
Add function to set CTA_LABELS and CTA_LABELS_MASK
if required.
Signed-off-by: Afschin Hormozdiary <Afschin.Hormozdiary@sophos.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/conntrack/build.c | 27 | ||||
-rw-r--r-- | src/conntrack/parse.c | 24 |
2 files changed, 51 insertions, 0 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 2900027..4852536 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -398,6 +398,30 @@ static void __build_zone(struct nfnlhdr *req, nfnl_addattr16(&req->nlh, size, CTA_ZONE, htons(ct->zone)); } +static void __build_labels(struct nfnlhdr *req, + size_t size, + const struct nf_conntrack *ct) +{ + struct nfct_bitmask *b = ct->connlabels; + unsigned int b_size = b->words * sizeof(b->bits[0]); + + nfnl_addattr_l(&req->nlh, + size, + CTA_LABELS, + b->bits, + b_size); + + if (test_bit(ATTR_CONNLABELS_MASK, ct->head.set)) { + b = ct->connlabels_mask; + if (b_size == (b->words * sizeof(b->bits[0]))) + nfnl_addattr_l(&req->nlh, + size, + CTA_LABELS_MASK, + b->bits, + b_size); + } +} + int __build_conntrack(struct nfnl_subsys_handle *ssh, struct nfnlhdr *req, size_t size, @@ -500,5 +524,8 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, if (test_bit(ATTR_ZONE, ct->head.set)) __build_zone(req, size, ct); + if (test_bit(ATTR_CONNLABELS, ct->head.set)) + __build_labels(req, size, ct); + return 0; } diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c index 6096e8d..cb185d0 100644 --- a/src/conntrack/parse.c +++ b/src/conntrack/parse.c @@ -8,6 +8,7 @@ */ #include "internal/internal.h" +#include <limits.h> #include <libmnl/libmnl.h> static void __parse_ip(const struct nfattr *attr, @@ -476,6 +477,26 @@ __parse_timestamp(const struct nfattr *attr, struct nf_conntrack *ct) } } +static void +__parse_labels(const struct nfattr *attr, struct nf_conntrack *ct) +{ + struct nfattr *tb[CTA_LABELS]; + struct nfct_bitmask *mask; + uint16_t len = NFA_PAYLOAD(tb[CTA_LABELS-1]); + + nfnl_parse_nested(tb, CTA_LABELS, attr); + if (tb[CTA_LABELS-1]) { + mask = nfct_bitmask_new((len * CHAR_BIT) - 1); + if (!mask) + return; + + if (len) + memcpy(mask->bits, NFA_DATA(tb[CTA_LABELS-1]), len); + + set_bit(ATTR_CONNLABELS, ct->head.set); + } +} + void __parse_conntrack(const struct nlmsghdr *nlh, struct nfattr *cda[], struct nf_conntrack *ct) @@ -564,4 +585,7 @@ void __parse_conntrack(const struct nlmsghdr *nlh, if (cda[CTA_TIMESTAMP-1]) __parse_timestamp(cda[CTA_TIMESTAMP-1], ct); + + if (cda[CTA_LABELS-1]) + __parse_labels(cda[CTA_LABELS-1], ct); } |