path: root/src/conntrack/setter.c
diff options
authorFlorian Westphal <>2012-11-06 17:06:39 +0100
committerFlorian Westphal <>2013-05-06 21:34:15 +0200
commit6510a98f4139f112a0c76c71ff889ef93eac41fb (patch)
tree01e2ee90772ff378629bd889d51a509a26d3098e /src/conntrack/setter.c
parent013a5284c901a6ce80320f499685b89d15eeed9e (diff)
api: add connlabel api and attribute
adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal <>
Diffstat (limited to 'src/conntrack/setter.c')
1 files changed, 12 insertions, 0 deletions
diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c
index dbcd68e..8879f02 100644
--- a/src/conntrack/setter.c
+++ b/src/conntrack/setter.c
@@ -421,6 +421,17 @@ retry:
static void
+set_attr_connlabels(struct nf_conntrack *ct, const void *value, size_t len)
+ if (ct->connlabels == value)
+ return;
+ if (ct->connlabels)
+ nfct_bitmask_destroy(ct->connlabels);
+ ct->connlabels = (void *) value;
+static void
set_attr_do_nothing(struct nf_conntrack *ct, const void *value, size_t len) {}
const set_attr set_attr_array[ATTR_MAX] = {
@@ -490,4 +501,5 @@ const set_attr set_attr_array[ATTR_MAX] = {
[ATTR_TIMESTAMP_START] = set_attr_do_nothing,
[ATTR_TIMESTAMP_STOP] = set_attr_do_nothing,
[ATTR_HELPER_INFO] = set_attr_helper_info,
+ [ATTR_CONNLABELS] = set_attr_connlabels,