diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-12-18 20:18:49 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-01-16 22:32:40 +0100 |
commit | fdda1474cc8654430f245b7f01c30e8ff171fa60 (patch) | |
tree | e9d4a4f3d5a45677c49079aefa13e70541db7f8d /src/conntrack/compare.c | |
parent | f1456fa807f20bf8dd73ab3ae3312c2e8187f89f (diff) |
src: add support for CTA_SECCTX
This patch adds support for the new attribute CTA_SECCTX that
supersedes CTA_SECMARK.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/compare.c')
-rw-r--r-- | src/conntrack/compare.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/conntrack/compare.c b/src/conntrack/compare.c index 134cefd..1cdad1c 100644 --- a/src/conntrack/compare.c +++ b/src/conntrack/compare.c @@ -368,6 +368,14 @@ cmp_zone(const struct nf_conntrack *ct1, return (ct1->zone == ct2->zone); } +static int +cmp_secctx(const struct nf_conntrack *ct1, + const struct nf_conntrack *ct2, + unsigned int flags) +{ + return strcmp(ct1->secctx, ct2->secctx) == 0; +} + static int cmp_meta(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) @@ -388,6 +396,8 @@ static int cmp_meta(const struct nf_conntrack *ct1, return 0; if (!__cmp(ATTR_ZONE, ct1, ct2, flags, cmp_zone)) return 0; + if (!__cmp(ATTR_SECCTX, ct1, ct2, flags, cmp_secctx)) + return 0; return 1; } |