From: Holger Eitzenberger Date: Fri, 30 Aug 2013 08:50:23 +0000 (+0200) Subject: netfilter/ct: support optional CTA_ZONE attribute X-Git-Tag: libnl3_2_23rc1~21 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=db08ef44afca0aba4b6dcb3d0463a4d2b49572e6;p=libnl netfilter/ct: support optional CTA_ZONE attribute Newer kernels support conntrack zones, which help to partition the conntrack table into virtual conntrack tables. This patch is for adding support for the optional attribute, adds setters and getters, and adds support for the zone ID in the conntrack dumper. An example entry in NL_DUMP_LINE format looks like: tcp SYN_SENT 10.128.128.99:43354 <-> 10.128.129.20:22 zone 1 Signed-off-by: Holger Eitzenberger Signed-off-by: Thomas Graf --- diff --git a/include/netlink-private/types.h b/include/netlink-private/types.h index ab5eea4..0fda9ac 100644 --- a/include/netlink-private/types.h +++ b/include/netlink-private/types.h @@ -792,6 +792,7 @@ struct nfnl_ct { uint32_t ct_mark; uint32_t ct_use; uint32_t ct_id; + uint16_t ct_zone; struct nfnl_ct_dir ct_orig; struct nfnl_ct_dir ct_repl; diff --git a/include/netlink/netfilter/ct.h b/include/netlink/netfilter/ct.h index 776e3b3..31deeb4 100644 --- a/include/netlink/netfilter/ct.h +++ b/include/netlink/netfilter/ct.h @@ -90,6 +90,10 @@ extern void nfnl_ct_set_id(struct nfnl_ct *, uint32_t); extern int nfnl_ct_test_id(const struct nfnl_ct *); extern uint32_t nfnl_ct_get_id(const struct nfnl_ct *); +extern void nfnl_ct_set_zone(struct nfnl_ct *, uint16_t); +extern int nfnl_ct_test_zone(const struct nfnl_ct *); +extern uint16_t nfnl_ct_get_zone(const struct nfnl_ct *); + extern int nfnl_ct_set_src(struct nfnl_ct *, int, struct nl_addr *); extern struct nl_addr * nfnl_ct_get_src(const struct nfnl_ct *, int); diff --git a/lib/netfilter/ct.c b/lib/netfilter/ct.c index 362cd28..130f4b1 100644 --- a/lib/netfilter/ct.c +++ b/lib/netfilter/ct.c @@ -55,6 +55,7 @@ static struct nla_policy ct_policy[CTA_MAX+1] = { [CTA_COUNTERS_REPLY] = { .type = NLA_NESTED }, [CTA_USE] = { .type = NLA_U32 }, [CTA_ID] = { .type = NLA_U32 }, + [CTA_ZONE] = { .type = NLA_U16 }, //[CTA_NAT_DST] }; @@ -369,6 +370,8 @@ int nfnlmsg_ct_parse(struct nlmsghdr *nlh, struct nfnl_ct **result) nfnl_ct_set_use(ct, ntohl(nla_get_u32(tb[CTA_USE]))); if (tb[CTA_ID]) nfnl_ct_set_id(ct, ntohl(nla_get_u32(tb[CTA_ID]))); + if (tb[CTA_ZONE]) + nfnl_ct_set_zone(ct, ntohs(nla_get_u16(tb[CTA_ZONE]))); if (tb[CTA_COUNTERS_ORIG]) { err = ct_parse_counters(ct, 0, tb[CTA_COUNTERS_ORIG]); diff --git a/lib/netfilter/ct_obj.c b/lib/netfilter/ct_obj.c index 685879b..48e0782 100644 --- a/lib/netfilter/ct_obj.c +++ b/lib/netfilter/ct_obj.c @@ -52,6 +52,7 @@ #define CT_ATTR_REPL_PACKETS (1UL << 24) #define CT_ATTR_REPL_BYTES (1UL << 25) #define CT_ATTR_TIMESTAMP (1UL << 26) +#define CT_ATTR_ZONE (1UL << 27) /** @endcond */ static void ct_free_data(struct nl_object *c) @@ -193,6 +194,9 @@ static void ct_dump_line(struct nl_object *a, struct nl_dump_params *p) if (nfnl_ct_test_mark(ct) && nfnl_ct_get_mark(ct)) nl_dump(p, "mark %u ", nfnl_ct_get_mark(ct)); + if (nfnl_ct_test_zone(ct)) + nl_dump(p, "zone %hu ", nfnl_ct_get_zone(ct)); + if (nfnl_ct_test_timestamp(ct)) { const struct nfnl_ct_timestamp *tstamp = nfnl_ct_get_timestamp(ct); int64_t delta_time = tstamp->stop - tstamp->start; @@ -584,6 +588,22 @@ uint32_t nfnl_ct_get_id(const struct nfnl_ct *ct) return ct->ct_id; } +void nfnl_ct_set_zone(struct nfnl_ct *ct, uint16_t zone) +{ + ct->ct_zone = zone; + ct->ce_mask |= CT_ATTR_ZONE; +} + +int nfnl_ct_test_zone(const struct nfnl_ct *ct) +{ + return !!(ct->ce_mask & CT_ATTR_ZONE); +} + +uint16_t nfnl_ct_get_zone(const struct nfnl_ct *ct) +{ + return ct->ct_zone; +} + static int ct_set_addr(struct nfnl_ct *ct, struct nl_addr *addr, int attr, struct nl_addr ** ct_addr) {