On Thursday 2010-09-23 20:39, Eric Paris wrote: >>> >>> ÂOtherwise I'm >>>going to hard code those to 0 or 1 and export the label in a new >>>field.... >> >> The allocated secmark nlattr value should not be reused; >> it's easy to use a new nla id for the secname and omit >> transmission of secmark in nl chatter. >> >> For ye olde /proc/net/nf_conntrack, we can just remove secmark >> altogether because userspace does not depend on it. > >How does one use the secmark netlink socket? How do I test my code? >I'm sure this is an obvious question for most of you, but not for me >:) There exists a CTA_SECMARK in nfnetlink_conntrack.h. You leave that as-is, and add a new CTA_SECNAME. Subsequently, in nf_conntrack_netlink.c, you replace NLA_PUT_BE32(skb, CTA_SECMARK, ...) with the appropriate NLA_PUT_STRING(skb, CTA_SECNAME, ...) or whatever the nla_put routine was called. Adjust the preallocation size too: - + nla_total_size(sizeof(u_int32_t)) /* CTA_SECMARK */ + + nla_total_size(??) /* CTA_SECNAME */ and that should do it for the kernel side. Simiarly on the userspace side. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html