From 6510a98f4139f112a0c76c71ff889ef93eac41fb Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 6 Nov 2012 17:06:39 +0100 Subject: api: add connlabel api and attribute adds new labelmap api to create a name <-> bit mapping from a text file (default: /etc/xtables/connlabel.conf). nfct_labelmap_new(filename) is used to create the map, nfct_labelmap_destroy() releases the resources allocated for the map. Two functions are added to make map lookups: nfct_labelmap_get_name(map, bit) returns the name of a bit, nfct_labelmap_get_bit returns the bit associated with a name. The connlabel attribute is represented by a nfct_bitmask object, the nfct_bitmask api can be used to test/set/get individual bits ("labels"). The exisiting nfct_attr_get/set interfaces can be used to read or replace the existing labels associated with a conntrack with a new set. Signed-off-by: Florian Westphal --- src/conntrack/build_mnl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/conntrack/build_mnl.c') diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c index 46aec8a..a666e01 100644 --- a/src/conntrack/build_mnl.c +++ b/src/conntrack/build_mnl.c @@ -10,6 +10,7 @@ */ #include "internal/internal.h" +#include #include static int @@ -379,6 +380,14 @@ nfct_build_zone(struct nlmsghdr *nlh, const struct nf_conntrack *ct) return 0; } +static void +nfct_build_labels(struct nlmsghdr *nlh, const struct nf_conntrack *ct) +{ + struct nfct_bitmask *b = ct->connlabels; + unsigned int size = b->words * sizeof(b->bits[0]); + mnl_attr_put(nlh, CTA_LABELS, size, b->bits); +} + int nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct) { @@ -475,5 +484,8 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct) if (test_bit(ATTR_ZONE, ct->head.set)) nfct_build_zone(nlh, ct); + if (test_bit(ATTR_CONNLABELS, ct->head.set)) + nfct_build_labels(nlh, ct); + return 0; } -- cgit v1.2.3