31 Jul, 2013

1 commit

• 5813a8eb4   netfilter: connlabels: remove unneeded includes ... Browse Code »

  leftovers from the (never merged) v1 patch.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2013-07-31 22:39:18 +0800  

24 Jun, 2013

1 commit

• 797a7d66d   netfilter: ctnetlink: send event when conntrack label was modified ... Browse Code »

  commit 0ceabd83875b72a29f33db4ab703d6ba40ea4c58
  (netfilter: ctnetlink: deliver labels to userspace) sets the event bit
  when we raced with another packet, instead of raising the event bit
  when the label bit is set for the first time.

  commit 9b21f6a90924dfe8e5e686c314ddb441fb06501e
  (netfilter: ctnetlink: allow userspace to modify labels) forgot to update
  the event mask in the "conntrack already exists" case.

  Both issues result in CTA_LABELS attribute not getting included in the
  conntrack event.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2013-06-24 17:32:56 +0800  

23 Jan, 2013

1 commit

• 5f69b8f52   netfilter: nf_ct_labels: move initialization out of pernet_operations ... Browse Code »

  Move the global initial codes to the module_init/exit context.

  Signed-off-by: Gao feng
  Signed-off-by: Pablo Neira Ayuso

  Gao feng

  2013-01-23 19:56:23 +0800  

18 Jan, 2013

3 commits

• 9b21f6a90   netfilter: ctnetlink: allow userspace to modify labels ... Browse Code »

  Add the ability to set/clear labels assigned to a conntrack
  via ctnetlink.

  To allow userspace to only alter specific bits, Pablo suggested to add
  a new CTA_LABELS_MASK attribute:

  The new set of active labels is then determined via

  active = (active & ~mask) ^ changeset

  i.e., the mask selects those bits in the existing set that should be
  changed.

  This follows the same method already used by MARK and CONNMARK targets.

  Omitting CTA_LABELS_MASK is the same as setting all bits in CTA_LABELS_MASK
  to 1: The existing set is replaced by the one from userspace.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2013-01-18 07:28:17 +0800  
• 0ceabd838   netfilter: ctnetlink: deliver labels to userspace ... Browse Code »

  Introduce CTA_LABELS attribute to send a bit-vector of currently active labels
  to userspace.

  Future patch will permit userspace to also set/delete active labels.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2013-01-18 07:28:16 +0800  
• c539f0171   netfilter: add connlabel conntrack extension ... Browse Code »

  similar to connmarks, except labels are bit-based; i.e.
  all labels may be attached to a flow at the same time.

  Up to 128 labels are supported. Supporting more labels
  is possible, but requires increasing the ct offset delta
  from u8 to u16 type due to increased extension sizes.

  Mapping of bit-identifier to label name is done in userspace.

  The extension is enabled at run-time once "-m connlabel" netfilter
  rules are added.

  Signed-off-by: Florian Westphal
  Signed-off-by: Pablo Neira Ayuso

  Florian Westphal

  2013-01-18 07:28:15 +0800