summaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2016-09-14 11:41:26 +0200
committerFlorian Westphal <fw@strlen.de>2016-10-28 12:57:04 +0200
commita970963a2ad4411efcd7362c63f7d2e3bec5cbc2 (patch)
tree127e1445565ce4c07871073e48b3063b69e04e0c /include/linux
parentc3394df0f547a542af95685fdf08dc46b22efa55 (diff)
expr: add fib expression
Allows to query fib for output interface and route type of a packets source or destination address. Scheduled for Linux 4.10. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter/nf_tables.h36
1 files changed, 36 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index f396293..9e1541e 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1130,6 +1130,42 @@ enum nft_gen_attributes {
};
#define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1)
+/*
+ * enum nft_fib_attributes - nf_tables fib expression netlink attributes
+ *
+ * @NFTA_FIB_DREG: destination register (NLA_U32)
+ * @NFTA_FIB_RESULT: desired result (NLA_U32)
+ * @NFTA_FIB_FLAGS: flowi fields to initialize when querying the FIB (NLA_U32)
+ *
+ * The FIB expression performs a route lookup according
+ * to the packet data.
+ */
+enum nft_fib_attributes {
+ NFTA_FIB_UNSPEC,
+ NFTA_FIB_DREG,
+ NFTA_FIB_RESULT,
+ NFTA_FIB_FLAGS,
+ __NFTA_FIB_MAX
+};
+#define NFTA_FIB_MAX (__NFTA_FIB_MAX - 1)
+
+enum nft_fib_result {
+ NFT_FIB_RESULT_UNSPEC,
+ NFT_FIB_RESULT_OIF,
+ NFT_FIB_RESULT_OIFNAME,
+ NFT_FIB_RESULT_ADDRTYPE,
+ __NFT_FIB_RESULT_MAX
+};
+#define NFT_FIB_RESULT_MAX (__NFT_FIB_RESULT_MAX - 1)
+
+enum nft_fib_flags {
+ NFTA_FIB_F_SADDR = 1 << 0, /* look up src */
+ NFTA_FIB_F_DADDR = 1 << 1, /* look up dst */
+ NFTA_FIB_F_MARK = 1 << 2, /* use skb->mark */
+ NFTA_FIB_F_IIF = 1 << 3, /* restrict to iif */
+ NFTA_FIB_F_OIF = 1 << 4, /* restrict to oif */
+};
+
/**
* enum nft_trace_attributes - nf_tables trace netlink attributes
*