Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Sun, Jun 23, 2013 at 11:14:39PM +0200, Florian Westphal wrote:
> > By default, nfct_snprintf will not print connlabels, as they're
> > system specific and can easily generate lots of output.
> >
> > This adds a fmt attribute to print connlabel names.
> > +static int
> > +__snprintf_clabels(char *buf, unsigned int len,
> > + const struct nf_conntrack *ct)
> > +{
> > + const struct nfct_bitmask *b = nfct_get_attr(ct, ATTR_CONNLABELS);
> > + struct nfct_labelmap *map;
> > + int ret, size = 0, offset = 0;
> > +
> > + if (!b)
> > + return 0;
> > +
> > + map = nfct_labelmap_new(NULL);
> > + if (!map)
> > + return 0;
>
> This opens and parses the map file for each conntrack, it would be
> expensive. I think it's better provide more control to the client
> regarding the load of the mapping, it's more flexible.
>
> Consider adding:
>
> int nfct_snprintf_connlabel(char *buf, unsigned int len,
> const struct nf_conntrack *ct,
> const struct nfct_labelmap *labelmap);
Thats what I'll do.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
