diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-12-18 20:18:49 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-01-16 22:32:40 +0100 |
| commit | fdda1474cc8654430f245b7f01c30e8ff171fa60 (patch) | |
| tree | e9d4a4f3d5a45677c49079aefa13e70541db7f8d /include | |
| parent | f1456fa807f20bf8dd73ab3ae3312c2e8187f89f (diff) | |
src: add support for CTA_SECCTX
This patch adds support for the new attribute CTA_SECCTX that
supersedes CTA_SECMARK.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/internal/object.h | 3 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 | ||||
| -rw-r--r-- | include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 10 |
3 files changed, 13 insertions, 1 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 8d95aa1..76a0566 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -166,6 +166,9 @@ struct nf_conntrack { * length accepted is 16 bytes, this limit is enforced during module load. */ #define __NFCT_HELPER_NAMELEN 16 char helper_name[__NFCT_HELPER_NAMELEN]; +/* According to Eric Paris <eparis@redhat.com> this field can be up to 4096 + * bytes long. For that reason, we allocate this dynamically. */ + char *secctx; union __nfct_protoinfo protoinfo; struct __nfct_counters counters[__DIR_MAX]; diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 5315f42..aaf1638 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -127,6 +127,7 @@ enum nf_conntrack_attr { ATTR_TCP_WSCALE_ORIG, /* u8 bits */ ATTR_TCP_WSCALE_REPL = 60, /* u8 bits */ ATTR_ZONE, /* u16 bits */ + ATTR_SECCTX, /* string */ ATTR_MAX }; diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index 65af53e..3b0c009 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -43,8 +43,9 @@ enum ctattr_type { CTA_TUPLE_MASTER, CTA_NAT_SEQ_ADJ_ORIG, CTA_NAT_SEQ_ADJ_REPLY, - CTA_SECMARK, + CTA_SECMARK, /* obsolete */ CTA_ZONE, + CTA_SECCTX, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) @@ -177,6 +178,13 @@ enum ctattr_help { }; #define CTA_HELP_MAX (__CTA_HELP_MAX - 1) +enum ctattr_secctx { + CTA_SECCTX_UNSPEC, + CTA_SECCTX_NAME, + __CTA_SECCTX_MAX +}; +#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) + #ifdef __cplusplus } #endif |