From fdda1474cc8654430f245b7f01c30e8ff171fa60 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 18 Dec 2010 20:18:49 +0100
Subject: src: add support for CTA_SECCTX

This patch adds support for the new attribute CTA_SECCTX that
supersedes CTA_SECMARK.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/api.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/conntrack/api.c')

diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index 7a5767b..8e5b2fe 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -90,6 +90,8 @@ void nfct_destroy(struct nf_conntrack *ct)
 {
 	assert(ct != NULL);
 	free(ct);
+	if (ct->secctx)
+		free(ct->secctx);
 	ct = NULL; /* bugtrap */
 }
 
@@ -353,6 +355,7 @@ void nfct_callback_unregister2(struct nfct_handle *h)
  * 	- ATTR_USE
  * 	- ATTR_ID
  * 	- ATTR_*_COUNTER_*
+ *	- ATTR_SECCTX
  * The call of this function for such attributes do nothing.
  */
 void nfct_set_attr(struct nf_conntrack *ct,
-- 
cgit v1.2.3