diff options
| author |   Florian Westphal <fw@strlen.de> | 2013-01-11 06:30:46 +0000 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-18 00:28:17 +0100 |
| commit | 9b21f6a90924dfe8e5e686c314ddb441fb06501e (patch) | |
| tree | 015decd07bc0bc7dfd53e8e2a417a138964a2b20 /include/uapi/linux | |
| parent | netfilter: ctnetlink: deliver labels to userspace (diff) | |
| download | linux-dev-9b21f6a90924dfe8e5e686c314ddb441fb06501e.tar.xz linux-dev-9b21f6a90924dfe8e5e686c314ddb441fb06501e.zip | |
netfilter: ctnetlink: allow userspace to modify labels
Add the ability to set/clear labels assigned to a conntrack
via ctnetlink.
To allow userspace to only alter specific bits, Pablo suggested to add
a new CTA_LABELS_MASK attribute:
The new set of active labels is then determined via
active = (active & ~mask) ^ changeset
i.e., the mask selects those bits in the existing set that should be
changed.
This follows the same method already used by MARK and CONNMARK targets.
Omitting CTA_LABELS_MASK is the same as setting all bits in CTA_LABELS_MASK
to 1: The existing set is replaced by the one from userspace.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_conntrack.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h index 9e71e0c081fd..08fabc6c93f3 100644 --- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h +++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h @@ -50,6 +50,7 @@ enum ctattr_type { CTA_TIMESTAMP, CTA_MARK_MASK, CTA_LABELS, + CTA_LABELS_MASK, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) |