From 8b6ab7a3a503be66216db7c046646fcd15c28771 Mon Sep 17 00:00:00 2001 From: Krishna Kumar Date: Wed, 6 Jun 2012 00:59:00 +0000 Subject: src: implement API to set per-queue flags Implement API to set per-queue flags. This is initially used to implement fail-open support in NFQUEUE. [ Pablo mangled this patch to bump LIBVERSION as well ] Signed-off-by: Krishna Kumar Signed-off-by: Pablo Neira Ayuso --- include/libnetfilter_queue/libnetfilter_queue.h | 3 +++ include/libnetfilter_queue/linux_nfnetlink_queue.h | 7 +++++++ 2 files changed, 10 insertions(+) (limited to 'include/libnetfilter_queue') diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h index 28bf2b1..6b8acd2 100644 --- a/include/libnetfilter_queue/libnetfilter_queue.h +++ b/include/libnetfilter_queue/libnetfilter_queue.h @@ -56,6 +56,9 @@ extern int nfq_set_mode(struct nfq_q_handle *qh, int nfq_set_queue_maxlen(struct nfq_q_handle *qh, u_int32_t queuelen); +extern int nfq_set_queue_flags(struct nfq_q_handle *qh, + uint32_t mask, uint32_t flags); + extern int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, diff --git a/include/libnetfilter_queue/linux_nfnetlink_queue.h b/include/libnetfilter_queue/linux_nfnetlink_queue.h index 6b4f86d..58c8ca5 100644 --- a/include/libnetfilter_queue/linux_nfnetlink_queue.h +++ b/include/libnetfilter_queue/linux_nfnetlink_queue.h @@ -87,8 +87,15 @@ enum nfqnl_attr_config { NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ NFQA_CFG_QUEUE_MAXLEN, /* u_int32_t */ + NFQA_CFG_MASK, /* identify which flags to change */ + NFQA_CFG_FLAGS, /* value of these flags (__u32) */ __NFQA_CFG_MAX }; #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) +/* Flags/options for NFQA_CFG_FLAGS */ +#define NFQA_CFG_F_FAIL_OPEN (1 << 0) +#define NFQA_CFG_F_CONNTRACK (1 << 1) +#define NFQA_CFG_F_MAX (1 << 2) + #endif /* _NFNETLINK_QUEUE_H */ -- cgit v1.2.3