Pandora Sourcecodes - pandora-kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 11 Jan 2013 06:30:46 +0000 (06:30 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 17 Jan 2013 23:28:17 +0000 (00:28 +0100)
commit	9b21f6a90924dfe8e5e686c314ddb441fb06501e
tree	015decd07bc0bc7dfd53e8e2a417a138964a2b20	tree \| snapshot
parent	0ceabd83875b72a29f33db4ab703d6ba40ea4c58	commit \| diff

netfilter: ctnetlink: allow userspace to modify labels

Add the ability to set/clear labels assigned to a conntrack
via ctnetlink.

To allow userspace to only alter specific bits, Pablo suggested to add
a new CTA_LABELS_MASK attribute:

The new set of active labels is then determined via

active = (active & ~mask) ^ changeset

i.e., the mask selects those bits in the existing set that should be
changed.

This follows the same method already used by MARK and CONNMARK targets.

Omitting CTA_LABELS_MASK is the same as setting all bits in CTA_LABELS_MASK
to 1: The existing set is replaced by the one from userspace.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_labels.h		diff \| blob \| history
include/uapi/linux/netfilter/nfnetlink_conntrack.h		diff \| blob \| history
net/netfilter/nf_conntrack_labels.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history