git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 11 Jan 2013 06:30:44 +0000 (06:30 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 17 Jan 2013 23:28:15 +0000 (00:28 +0100)
commit	57ced54554ee6f08f1f8de400007a526f677921c
tree	e0e4881913acb233f6ea83d93eb69da446084101	tree \| snapshot
parent	e0070c62d9e49868b9f6e26d19a7c1a7bb1b80ee	commit \| diff

netfilter: add connlabel conntrack extension

similar to connmarks, except labels are bit-based; i.e.
all labels may be attached to a flow at the same time.

Up to 128 labels are supported. Supporting more labels
is possible, but requires increasing the ct offset delta
from u8 to u16 type due to increased extension sizes.

Mapping of bit-identifier to label name is done in userspace.

The extension is enabled at run-time once "-m connlabel" netfilter
rules are added.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_extend.h		diff \| blob \| history
include/net/netfilter/nf_conntrack_labels.h	[new file with mode: 0644]	blob
include/net/netns/conntrack.h		diff \| blob \| history
include/uapi/linux/netfilter/xt_connlabel.h	[new file with mode: 0644]	blob
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_labels.c	[new file with mode: 0644]	blob
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/xt_connlabel.c	[new file with mode: 0644]	blob

Linux Kernel Source Tree.

RSS Atom