summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/internal/prototypes.h1
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h1
-rw-r--r--src/conntrack/api.c7
-rw-r--r--src/conntrack/copy.c8
4 files changed, 17 insertions, 0 deletions
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index 359a80e..928ddbd 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -21,6 +21,7 @@ int __callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data);
int __setobjopt(struct nf_conntrack *ct, unsigned int option);
int __getobjopt(const struct nf_conntrack *ct, unsigned int option);
int __compare(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags);
+void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct);
int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter);
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index f09e03b..b3e6758 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -408,6 +408,7 @@ enum {
NFCT_CP_ORIG = (1 << 0),
NFCT_CP_REPL = (1 << 1),
NFCT_CP_META = (1 << 2),
+ NFCT_CP_OVERRIDE = (1 << 3),
};
extern void nfct_copy(struct nf_conntrack *dest,
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 2262974..a35c670 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -1099,6 +1099,9 @@ int nfct_cmp(const struct nf_conntrack *ct1,
* and 4 protocol number.
* - NFCT_CP_META: that copies the metainformation
* (all the attributes >= ATTR_TCP_STATE)
+ * - NFCT_CP_OVERRIDE: changes the default behaviour of nfct_copy() since
+ * it overrides the destination object. After the copy, the destination
+ * is a clone of the origin. This flag provides faster copying.
*/
void nfct_copy(struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
@@ -1109,6 +1112,10 @@ void nfct_copy(struct nf_conntrack *ct1,
assert(ct1 != NULL);
assert(ct2 != NULL);
+ if (flags & NFCT_CP_OVERRIDE) {
+ __copy_fast(ct1, ct2);
+ return;
+ }
if (flags == NFCT_CP_ALL) {
for (i=0; i<ATTR_MAX; i++) {
if (test_bit(i, ct2->set)) {
diff --git a/src/conntrack/copy.c b/src/conntrack/copy.c
index 94d0711..c3a4fcc 100644
--- a/src/conntrack/copy.c
+++ b/src/conntrack/copy.c
@@ -505,3 +505,11 @@ const copy_attr copy_attr_array[ATTR_MAX] = {
[ATTR_TIMESTAMP_START] = copy_attr_timestamp_start,
[ATTR_TIMESTAMP_STOP] = copy_attr_timestamp_stop,
};
+
+/* this is used by nfct_copy() with the NFCT_CP_OVERRIDE flag set. */
+void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct2)
+{
+ memcpy(ct1, ct2, sizeof(*ct1));
+ /* special case: secctx attribute is allocated dinamically. */
+ copy_attr_secctx(ct1, ct2);
+}