Hi Guys,
To use multiple labels with connlabel module in iptables so that we
can do something like this:
iptables -t mangle -I PREROUTING -m connlabel --label "label1:label2:label3"
I made some changes in the libxt_connlabel.c and xt_connlabel.h as shown below.
Now, what changes need to be made in "xt_connlabel.c" module file?
Please advise how this can be done.
xt_connlabel.h:
...
struct xt_connlabel_mtinfo {
__u16 bit[128];
__u16 options;
__u16 count;
};
libxt_connlabel.c:
...
static void connlabel_mt_parse(struct xt_option_call *cb)
{
struct xt_connlabel_mtinfo *info = cb->data;
int tmp;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_LABEL:
printf("cb->arg: %s\n", cb->arg);
int len = strlen(cb->arg);
if (len >= 200)
xtables_error(PARAMETER_PROBLEM, "arg > 200 bytes\n");
char temp_arg[200];
char *token;
int count = 0;
strncpy(temp_arg, cb->arg, len);
temp_arg[len] = '\0';
printf("temp_arg: %s\n", temp_arg);
token = strtok(temp_arg, ":");
for(; token != NULL && count < 128; count++) {
printf("token: %s \n", token);
tmp = connlabel_value_parse(token);
if (tmp < 0 && !connlabel_open())
tmp = nfct_labelmap_get_bit(map, token);
if (tmp < 0)
xtables_error(PARAMETER_PROBLEM,
"label '%s' not found or invalid value",
token);
info->bit[count] = tmp;
token = strtok(NULL, ":");
}
info->count = count;
printf("info->count: %d\n", info->count);
if (cb->invert)
info->options |= XT_CONNLABEL_OP_INVERT;
break;
case O_SET:
info->options |= XT_CONNLABEL_OP_SET;
break;
}
}
