diff options
| author | Holger Eitzenberger <holger@eitzenberger.org> | 2013-08-30 08:50:23 (GMT) |
|---|---|---|
| committer | Thomas Graf <tgraf@suug.ch> | 2013-09-05 15:39:03 (GMT) |
| commit | db08ef44afca0aba4b6dcb3d0463a4d2b49572e6 (patch) | |
| tree | f1a2e4881ebd1ecc407adc380729f32164c06686 /lib/netfilter | |
| parent | 56d2bbe173b41913cf4b701d812ce2d39a86612c (diff) | |
| download | libnl-db08ef44afca0aba4b6dcb3d0463a4d2b49572e6.zip libnl-db08ef44afca0aba4b6dcb3d0463a4d2b49572e6.tar.gz libnl-db08ef44afca0aba4b6dcb3d0463a4d2b49572e6.tar.bz2 | |
netfilter/ct: support optional CTA_ZONE attribute
Newer kernels support conntrack zones, which help to partition the
conntrack table into virtual conntrack tables.
This patch is for adding support for the optional attribute, adds
setters and getters, and adds support for the zone ID in the conntrack
dumper.
An example entry in NL_DUMP_LINE format looks like:
tcp SYN_SENT 10.128.128.99:43354 <-> 10.128.129.20:22 zone 1
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Diffstat (limited to 'lib/netfilter')
| -rw-r--r-- | lib/netfilter/ct.c | 3 | ||||
| -rw-r--r-- | lib/netfilter/ct_obj.c | 20 |
2 files changed, 23 insertions, 0 deletions
diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c index 362cd28..130f4b1 100644 --- a/lib/netfilter/ct.c +++ b/lib/netfilter/ct.c @@ -55,6 +55,7 @@ static struct nla_policy ct_policy[CTA_MAX+1] = { [CTA_COUNTERS_REPLY] = { .type = NLA_NESTED }, [CTA_USE] = { .type = NLA_U32 }, [CTA_ID] = { .type = NLA_U32 }, + [CTA_ZONE] = { .type = NLA_U16 }, //[CTA_NAT_DST] }; @@ -369,6 +370,8 @@ int nfnlmsg_ct_parse(struct nlmsghdr *nlh, struct nfnl_ct **result) nfnl_ct_set_use(ct, ntohl(nla_get_u32(tb[CTA_USE]))); if (tb[CTA_ID]) nfnl_ct_set_id(ct, ntohl(nla_get_u32(tb[CTA_ID]))); + if (tb[CTA_ZONE]) + nfnl_ct_set_zone(ct, ntohs(nla_get_u16(tb[CTA_ZONE]))); if (tb[CTA_COUNTERS_ORIG]) { err = ct_parse_counters(ct, 0, tb[CTA_COUNTERS_ORIG]); diff --git a/lib/netfilter/ct_obj.c b/lib/netfilter/ct_obj.c index 685879b..48e0782 100644 --- a/lib/netfilter/ct_obj.c +++ b/lib/netfilter/ct_obj.c @@ -52,6 +52,7 @@ #define CT_ATTR_REPL_PACKETS (1UL << 24) #define CT_ATTR_REPL_BYTES (1UL << 25) #define CT_ATTR_TIMESTAMP (1UL << 26) +#define CT_ATTR_ZONE (1UL << 27) /** @endcond */ static void ct_free_data(struct nl_object *c) @@ -193,6 +194,9 @@ static void ct_dump_line(struct nl_object *a, struct nl_dump_params *p) if (nfnl_ct_test_mark(ct) && nfnl_ct_get_mark(ct)) nl_dump(p, "mark %u ", nfnl_ct_get_mark(ct)); + if (nfnl_ct_test_zone(ct)) + nl_dump(p, "zone %hu ", nfnl_ct_get_zone(ct)); + if (nfnl_ct_test_timestamp(ct)) { const struct nfnl_ct_timestamp *tstamp = nfnl_ct_get_timestamp(ct); int64_t delta_time = tstamp->stop - tstamp->start; @@ -584,6 +588,22 @@ uint32_t nfnl_ct_get_id(const struct nfnl_ct *ct) return ct->ct_id; } +void nfnl_ct_set_zone(struct nfnl_ct *ct, uint16_t zone) +{ + ct->ct_zone = zone; + ct->ce_mask |= CT_ATTR_ZONE; +} + +int nfnl_ct_test_zone(const struct nfnl_ct *ct) +{ + return !!(ct->ce_mask & CT_ATTR_ZONE); +} + +uint16_t nfnl_ct_get_zone(const struct nfnl_ct *ct) +{ + return ct->ct_zone; +} + static int ct_set_addr(struct nfnl_ct *ct, struct nl_addr *addr, int attr, struct nl_addr ** ct_addr) { |