diff options
author | Florian Westphal <fw@strlen.de> | 2012-11-06 17:06:39 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2013-05-06 21:34:15 +0200 |
commit | 6510a98f4139f112a0c76c71ff889ef93eac41fb (patch) | |
tree | 01e2ee90772ff378629bd889d51a509a26d3098e /src/conntrack/api.c | |
parent | 013a5284c901a6ce80320f499685b89d15eeed9e (diff) |
api: add connlabel api and attribute
adds new labelmap api to create a name <-> bit mapping
from a text file (default: /etc/xtables/connlabel.conf).
nfct_labelmap_new(filename) is used to create the map,
nfct_labelmap_destroy() releases the resources allocated for the map.
Two functions are added to make map lookups:
nfct_labelmap_get_name(map, bit) returns the name of a bit,
nfct_labelmap_get_bit returns the bit associated with a name.
The connlabel attribute is represented by a nfct_bitmask object, the
nfct_bitmask api can be used to test/set/get individual bits
("labels").
The exisiting nfct_attr_get/set interfaces can be used to read or
replace the existing labels associated with a conntrack with a new set.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r-- | src/conntrack/api.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 7b79e05..072bb09 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -95,6 +95,8 @@ void nfct_destroy(struct nf_conntrack *ct) free(ct->secctx); if (ct->helper_info) free(ct->helper_info); + if (ct->connlabels) + nfct_bitmask_destroy(ct->connlabels); free(ct); ct = NULL; /* bugtrap */ } @@ -1485,6 +1487,69 @@ void nfct_filter_dump_set_attr_u8(struct nfct_filter_dump *filter_dump, */ /** + * \defgroup label Conntrack labels + * + * @{ + */ + +/** + * nfct_labelmap_get_name - get name of the label bit + * + * \param m label map obtained from nfct_label_open + * \param bit whose name should be returned + * + * returns a pointer to the name associated with the label. + * If no name has been configured, the empty string is returned. + * If bit is out of range, NULL is returned. + */ +const char *nfct_labelmap_get_name(struct nfct_labelmap *m, unsigned int bit) +{ + return __labelmap_get_name(m, bit); +} + +/** + * nfct_labelmap_get_bit - get bit associated with the name + * + * \param h label handle obtained from nfct_labelmap_new + * \param name name of the label + * + * returns the bit associated with the name, or negative value on error. + */ +int nfct_labelmap_get_bit(struct nfct_labelmap *m, const char *name) +{ + return __labelmap_get_bit(m, name); +} + +/** + * nfct_labelmap_new - create a new label map + * + * \param mapfile the file containing the bit <-> name mapping + * + * If mapfile is NULL, the default mapping file is used. + * returns a new label map, or NULL on error. + */ +struct nfct_labelmap *nfct_labelmap_new(const char *mapfile) +{ + return __labelmap_new(mapfile); +} + +/** + * nfct_labelmap_destroy - destroy nfct_labelmap object + * + * \param map the label object to destroy. + * + * This function releases the memory that is used by the labelmap object. + */ +void nfct_labelmap_destroy(struct nfct_labelmap *map) +{ + __labelmap_destroy(map); +} + +/** + * @} + */ + +/* * \defgroup bitmask bitmask object * * @{ @@ -1593,6 +1658,11 @@ unsigned int nfct_bitmask_maxbit(const struct nfct_bitmask *b) * \param b pointer to the bitmask object * * This function releases the memory that is used by the bitmask object. + * + * If you assign a bitmask object to a nf_conntrack object using + * nfct_set_attr ATTR_CONNLABEL, then the ownership of the bitmask + * object passes on to the nf_conntrack object. The nfct_bitmask object + * will be destroyed when the nf_conntrack object is destroyed. */ void nfct_bitmask_destroy(struct nfct_bitmask *b) { |