diff options
author | Romain Bellan <romain.bellan@wifirst.fr> | 2020-01-29 10:47:18 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-09-14 13:15:44 +0200 |
commit | c2136262802f31cb19267dacf0c0fdecdea4ae16 (patch) | |
tree | d1eb985ab53162c084177c9d8199d620b2160a59 /include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | |
parent | 246dc83f653fbeddc4972391b6a542ffe24ce6a8 (diff) |
Adding NFCT_FILTER_DUMP_TUPLE in filter_dump_attr, using kernel CTA_FILTER API
Following kernel side new conntrack filtering API, this patch implements
userspace part. This patch:
* Update headers to get new flag value from kernel
* Use a conntrack struct to configure filtering
* Set netlink flags according to values set in conntrack struct
Signed-off-by: Romain Bellan <romain.bellan@wifirst.fr>
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h')
-rw-r--r-- | include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index a365cf5..b8ffe02 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -291,6 +291,19 @@ enum ctattr_filter { }; #define CTA_FILTER_MAX (__CTA_FILTER_MAX - 1) +#define CTA_FILTER_FLAG_CTA_IP_SRC (1 << 0) +#define CTA_FILTER_FLAG_CTA_IP_DST (1 << 1) +#define CTA_FILTER_FLAG_CTA_TUPLE_ZONE (1 << 2) +#define CTA_FILTER_FLAG_CTA_PROTO_NUM (1 << 3) +#define CTA_FILTER_FLAG_CTA_PROTO_SRC_PORT (1 << 4) +#define CTA_FILTER_FLAG_CTA_PROTO_DST_PORT (1 << 5) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMP_TYPE (1 << 6) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMP_CODE (1 << 7) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMP_ID (1 << 8) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMPV6_TYPE (1 << 9) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMPV6_CODE (1 << 10) +#define CTA_FILTER_FLAG_CTA_PROTO_ICMPV6_ID (1 << 11) + #ifdef __cplusplus } #endif |