diff options
-rw-r--r-- | include/internal/prototypes.h | 1 | ||||
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 | ||||
-rw-r--r-- | src/conntrack/api.c | 7 | ||||
-rw-r--r-- | src/conntrack/copy.c | 8 |
4 files changed, 17 insertions, 0 deletions
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h index 359a80e..928ddbd 100644 --- a/include/internal/prototypes.h +++ b/include/internal/prototypes.h @@ -21,6 +21,7 @@ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data); int __setobjopt(struct nf_conntrack *ct, unsigned int option); int __getobjopt(const struct nf_conntrack *ct, unsigned int option); int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags); +void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct); int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter); diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index f09e03b..b3e6758 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -408,6 +408,7 @@ enum { NFCT_CP_ORIG = (1 << 0), NFCT_CP_REPL = (1 << 1), NFCT_CP_META = (1 << 2), + NFCT_CP_OVERRIDE = (1 << 3), }; extern void nfct_copy(struct nf_conntrack *dest, diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 2262974..a35c670 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -1099,6 +1099,9 @@ int nfct_cmp(const struct nf_conntrack *ct1, * and 4 protocol number. * - NFCT_CP_META: that copies the metainformation * (all the attributes >= ATTR_TCP_STATE) + * - NFCT_CP_OVERRIDE: changes the default behaviour of nfct_copy() since + * it overrides the destination object. After the copy, the destination + * is a clone of the origin. This flag provides faster copying. */ void nfct_copy(struct nf_conntrack *ct1, const struct nf_conntrack *ct2, @@ -1109,6 +1112,10 @@ void nfct_copy(struct nf_conntrack *ct1, assert(ct1 != NULL); assert(ct2 != NULL); + if (flags & NFCT_CP_OVERRIDE) { + __copy_fast(ct1, ct2); + return; + } if (flags == NFCT_CP_ALL) { for (i=0; i<ATTR_MAX; i++) { if (test_bit(i, ct2->set)) { diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c index 94d0711..c3a4fcc 100644 --- a/src/conntrack/copy.c +++ b/src/conntrack/copy.c @@ -505,3 +505,11 @@ const copy_attr copy_attr_array[ATTR_MAX] = { [ATTR_TIMESTAMP_START] = copy_attr_timestamp_start, [ATTR_TIMESTAMP_STOP] = copy_attr_timestamp_stop, }; + +/* this is used by nfct_copy() with the NFCT_CP_OVERRIDE flag set. */ +void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct2) +{ + memcpy(ct1, ct2, sizeof(*ct1)); + /* special case: secctx attribute is allocated dinamically. */ + copy_attr_secctx(ct1, ct2); +} |