diff options
author | Felix Huettner <felix.huettner@mail.schwarz> | 2023-12-05 09:35:03 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-01-24 21:16:34 +0100 |
commit | 931dc2d4c9195ab50974ce8af1a14053f2ebdc84 (patch) | |
tree | e9b293569350ced9331be06ef1866c810d6f8087 /include | |
parent | c70c6457b256434ef039eabef243098301df0ea1 (diff) |
dump: support filtering by zone
based on a kernel side extension of the conntrack api, this patch brings
this extension to userspace.
When dumping the conntrack table we can now filter based on the
conntrack zone directly in kernel space. If the kernel does not yet
support this feature this filtering is ignored.
Signed-off-by: Felix Huettner <felix.huettner@mail.schwarz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/object.h | 1 | ||||
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 4cac4f1..8854ef2 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -293,6 +293,7 @@ struct nfct_filter_dump { struct nfct_filter_dump_mark status; uint8_t l3num; uint32_t set; + uint16_t zone; }; /* diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 76b5c27..2e9458a 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -547,6 +547,7 @@ enum nfct_filter_dump_attr { NFCT_FILTER_DUMP_MARK = 0, /* struct nfct_filter_dump_mark */ NFCT_FILTER_DUMP_L3NUM, /* uint8_t */ NFCT_FILTER_DUMP_STATUS, /* struct nfct_filter_dump_mark */ + NFCT_FILTER_DUMP_ZONE, /* uint16_t */ NFCT_FILTER_DUMP_TUPLE, NFCT_FILTER_DUMP_MAX }; @@ -563,6 +564,10 @@ void nfct_filter_dump_set_attr_u8(struct nfct_filter_dump *filter_dump, const enum nfct_filter_dump_attr type, uint8_t data); +void nfct_filter_dump_set_attr_u16(struct nfct_filter_dump *filter_dump, + const enum nfct_filter_dump_attr type, + uint16_t data); + /* low level API: netlink functions */ extern __attribute__((deprecated)) int |