diff options
| author | Florian Westphal <fw@strlen.de> | 2013-01-11 01:30:46 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-17 18:28:17 -0500 |
| commit | 9b21f6a90924dfe8e5e686c314ddb441fb06501e (patch) | |
| tree | 015decd07bc0bc7dfd53e8e2a417a138964a2b20 /include/uapi/linux | |
| parent | 0ceabd83875b72a29f33db4ab703d6ba40ea4c58 (diff) | |
netfilter: ctnetlink: allow userspace to modify labels
Add the ability to set/clear labels assigned to a conntrack
via ctnetlink.
To allow userspace to only alter specific bits, Pablo suggested to add
a new CTA_LABELS_MASK attribute:
The new set of active labels is then determined via
active = (active & ~mask) ^ changeset
i.e., the mask selects those bits in the existing set that should be
changed.
This follows the same method already used by MARK and CONNMARK targets.
Omitting CTA_LABELS_MASK is the same as setting all bits in CTA_LABELS_MASK
to 1: The existing set is replaced by the one from userspace.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_conntrack.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h index 9e71e0c081fd..08fabc6c93f3 100644 --- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h +++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h | |||
| @@ -50,6 +50,7 @@ enum ctattr_type { | |||
| 50 | CTA_TIMESTAMP, | 50 | CTA_TIMESTAMP, |
| 51 | CTA_MARK_MASK, | 51 | CTA_MARK_MASK, |
| 52 | CTA_LABELS, | 52 | CTA_LABELS, |
| 53 | CTA_LABELS_MASK, | ||
| 53 | __CTA_MAX | 54 | __CTA_MAX |
| 54 | }; | 55 | }; |
| 55 | #define CTA_MAX (__CTA_MAX - 1) | 56 | #define CTA_MAX (__CTA_MAX - 1) |