Skip to content

Commit 01950a4

Browse files
aojeaaojea
committed
add ct labels support
Signed-off-by: Antonio Ojea <[email protected]>
1 parent e52552c commit 01950a4

File tree

2 files changed

+47
-1
lines changed

2 files changed

+47
-1
lines changed

nfqueue.go

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,25 @@ func (nfqueue *Nfqueue) SetVerdictWithConnMark(id uint32, verdict, mark int) err
6262
return nfqueue.setVerdict(id, verdict, false, attributes)
6363
}
6464

65+
// SetVerdictWithLabel signals the kernel the next action and the label for a specified package id
66+
func (nfqueue *Nfqueue) SetVerdictWithLabel(id uint32, verdict int, label []byte) error {
67+
ctAttrs, err := netlink.MarshalAttributes([]netlink.Attribute{{
68+
Type: ctaLabels,
69+
Data: label,
70+
}})
71+
if err != nil {
72+
return err
73+
}
74+
attributes, err := netlink.MarshalAttributes([]netlink.Attribute{{
75+
Type: netlink.Nested | nfQaCt,
76+
Data: ctAttrs,
77+
}})
78+
if err != nil {
79+
return err
80+
}
81+
return nfqueue.setVerdict(id, verdict, false, attributes)
82+
}
83+
6584
// SetVerdictModPacket signals the kernel the next action for an altered packet
6685
func (nfqueue *Nfqueue) SetVerdictModPacket(id uint32, verdict int, packet []byte) error {
6786
data, err := netlink.MarshalAttributes([]netlink.Attribute{{
@@ -121,6 +140,31 @@ func (nfqueue *Nfqueue) SetVerdictModPacketWithConnMark(id uint32, verdict, mark
121140
return nfqueue.setVerdict(id, verdict, false, data)
122141
}
123142

143+
// SetVerdictModPacketWithLabel signals the kernel the next action and label for an altered packet
144+
func (nfqueue *Nfqueue) SetVerdictModPacketWithLabel(id uint32, verdict int, label []byte, packet []byte) error {
145+
ctAttrs, err := netlink.MarshalAttributes([]netlink.Attribute{{
146+
Type: ctaLabels,
147+
Data: label,
148+
}})
149+
if err != nil {
150+
return err
151+
}
152+
data, err := netlink.MarshalAttributes([]netlink.Attribute{
153+
{
154+
Type: nfQaPayload,
155+
Data: packet,
156+
},
157+
{
158+
Type: netlink.Nested | nfQaCt,
159+
Data: ctAttrs,
160+
},
161+
})
162+
if err != nil {
163+
return err
164+
}
165+
return nfqueue.setVerdict(id, verdict, false, data)
166+
}
167+
124168
// SetVerdict signals the kernel the next action for a specified package id
125169
func (nfqueue *Nfqueue) SetVerdict(id uint32, verdict int) error {
126170
return nfqueue.setVerdict(id, verdict, false, []byte{})

types.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,8 @@ const (
164164
)
165165

166166
// conntrack attributes
167+
// include/uapi/linux/netfilter/nfnetlink_conntrack.h
167168
const (
168-
ctaMark = 8
169+
ctaMark = 8
170+
ctaLabels = 22 // CTA_LABELS
169171
)

0 commit comments

Comments
 (0)