From patchwork Thu Sep 5 09:27:48 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 272838 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 08C6D2C00A8 for ; Thu, 5 Sep 2013 19:28:04 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1763427Ab3IEJ2C (ORCPT ); Thu, 5 Sep 2013 05:28:02 -0400 Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:59812 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1763411Ab3IEJ2A (ORCPT ); Thu, 5 Sep 2013 05:28:00 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.80) (envelope-from ) id 1VHVr5-0006Aq-Bd; Thu, 05 Sep 2013 11:27:59 +0200 From: Florian Westphal To: netfilter-devel@vger.kernel.org Cc: Florian Westphal Subject: [PATCH 1/3] conntrack: support multiple -l options Date: Thu, 5 Sep 2013 11:27:48 +0200 Message-Id: <1378373270-6914-1-git-send-email-fw@strlen.de> X-Mailer: git-send-email 1.7.8.6 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Using -l foo -l bar caused the "foo" label to be lost. Merge multiple -l options so "-l foo,bar" and "-l foo -l bar" have same effect. Signed-off-by: Florian Westphal --- Change since v1: retain old -l "foo,bar" syntax make of "-l foo -l bar,baz" work conntrack.8 | 7 ++++--- src/conntrack.c | 29 ++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/conntrack.8 b/conntrack.8 index f273434..6410e5b 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -144,10 +144,11 @@ the MARK value into the ctmark. Otherwise, the mask is logically ANDed with the existing mark before the comparision. In "--create" mode, the mask is ignored. .TP -.BI "-l, --label " "LABEL,..." -Specify the conntrack labels. +.BI "-l, --label " "LABEL" +Specify a conntrack label. This option is only available in conjunction with "-L, --dump" or "-E, --event". -Match entries whose labels matches at least those specified as arguments. +Match entries whose labels match at least those specified. +Use multiple -l commands to specify multiple labels that need to be set. .TP .BI "-c, --secmark " "SECMARK" Specify the conntrack selinux security mark. diff --git a/src/conntrack.c b/src/conntrack.c index 8da94bf..fe68e42 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1828,6 +1828,31 @@ static void labelmap_init(void) perror("nfct_labelmap_new"); } +static void merge_bitmasks(struct nfct_bitmask **current, + struct nfct_bitmask *src) +{ + unsigned int i; + + if (*current == NULL) { + *current = src; + return; + } + + /* "current" must be the larger bitmask object */ + if (nfct_bitmask_maxbit(src) > nfct_bitmask_maxbit(*current)) { + struct nfct_bitmask *tmp = *current; + *current = src; + src = tmp; + } + + for (i = 0; i <= nfct_bitmask_maxbit(src); i++) { + if (nfct_bitmask_test_bit(src, i)) + nfct_bitmask_set_bit(*current, i); + } + + nfct_bitmask_destroy(src); +} + int main(int argc, char *argv[]) { int c, cmd; @@ -2030,7 +2055,9 @@ int main(int argc, char *argv[]) struct nfct_bitmask * b = nfct_bitmask_new(max); parse_label(b, optarg2); - tmpl.label = b; + + /* join "-l foo -l bar" into single bitmask object */ + merge_bitmasks(&tmpl.label, b); free(optarg2); break; case 'a':