diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/object.h | 3 | ||||
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 1 | ||||
-rw-r--r-- | include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 10 |
3 files changed, 13 insertions, 1 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 8d95aa1..76a0566 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -166,6 +166,9 @@ struct nf_conntrack { * length accepted is 16 bytes, this limit is enforced during module load. */ #define __NFCT_HELPER_NAMELEN 16 char helper_name[__NFCT_HELPER_NAMELEN]; +/* According to Eric Paris <eparis@redhat.com> this field can be up to 4096 + * bytes long. For that reason, we allocate this dynamically. */ + char *secctx; union __nfct_protoinfo protoinfo; struct __nfct_counters counters[__DIR_MAX]; diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 5315f42..aaf1638 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -127,6 +127,7 @@ enum nf_conntrack_attr { ATTR_TCP_WSCALE_ORIG, /* u8 bits */ ATTR_TCP_WSCALE_REPL = 60, /* u8 bits */ ATTR_ZONE, /* u16 bits */ + ATTR_SECCTX, /* string */ ATTR_MAX }; diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index 65af53e..3b0c009 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -43,8 +43,9 @@ enum ctattr_type { CTA_TUPLE_MASTER, CTA_NAT_SEQ_ADJ_ORIG, CTA_NAT_SEQ_ADJ_REPLY, - CTA_SECMARK, + CTA_SECMARK, /* obsolete */ CTA_ZONE, + CTA_SECCTX, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) @@ -177,6 +178,13 @@ enum ctattr_help { }; #define CTA_HELP_MAX (__CTA_HELP_MAX - 1) +enum ctattr_secctx { + CTA_SECCTX_UNSPEC, + CTA_SECCTX_NAME, + __CTA_SECCTX_MAX +}; +#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) + #ifdef __cplusplus } #endif |