diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-31 17:46:13 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 15:50:06 +0200 |
commit | 8a2a96237249db7816218b9cbed1457a5d51a3ad (patch) | |
tree | 4d7c370d444f0bc1c458b9e7a3afeb7bde0ee4fe /include | |
parent | 038d226f2e6cc132de151cc295ea2e4b8805659a (diff) |
expr: add connlimit support
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/buffer.h | 1 | ||||
-rw-r--r-- | include/libnftnl/expr.h | 5 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 21 |
3 files changed, 26 insertions, 1 deletions
diff --git a/include/buffer.h b/include/buffer.h index f556895..f6626a6 100644 --- a/include/buffer.h +++ b/include/buffer.h @@ -50,6 +50,7 @@ int nftnl_buf_expr(struct nftnl_buf *b, int type, uint32_t flags, #define COMPAT_FLAGS "compat_flags" #define COMPAT_PROTO "compat_proto" #define CONSUMED "consumed" +#define COUNT "count" #define DATA "data" #define DEVICE "device" #define DIR "dir" diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h index 3dcd7dc..7d222af 100644 --- a/include/libnftnl/expr.h +++ b/include/libnftnl/expr.h @@ -103,6 +103,11 @@ enum { }; enum { + NFTNL_EXPR_CONNLIMIT_COUNT = NFTNL_EXPR_BASE, + NFTNL_EXPR_CONNLIMIT_FLAGS, +}; + +enum { NFTNL_EXPR_BITWISE_SREG = NFTNL_EXPR_BASE, NFTNL_EXPR_BITWISE_DREG, NFTNL_EXPR_BITWISE_LEN, diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index db80d53..e8f4b58 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1043,6 +1043,24 @@ enum nft_limit_attributes { }; #define NFTA_LIMIT_MAX (__NFTA_LIMIT_MAX - 1) +enum nft_connlimit_flags { + NFT_CONNLIMIT_F_INV = (1 << 0), +}; + +/** + * enum nft_connlimit_attributes - nf_tables connlimit expression netlink attributes + * + * @NFTA_CONNLIMIT_COUNT: number of connections (NLA_U32) + * @NFTA_CONNLIMIT_FLAGS: flags (NLA_U32: enum nft_connlimit_flags) + */ +enum nft_connlimit_attributes { + NFTA_CONNLIMIT_UNSPEC, + NFTA_CONNLIMIT_COUNT, + NFTA_CONNLIMIT_FLAGS, + __NFTA_CONNLIMIT_MAX +}; +#define NFTA_CONNLIMIT_MAX (__NFTA_CONNLIMIT_MAX - 1) + /** * enum nft_counter_attributes - nf_tables counter expression netlink attributes * @@ -1348,7 +1366,8 @@ enum nft_ct_helper_attributes { #define NFT_OBJECT_QUOTA 2 #define NFT_OBJECT_CT_HELPER 3 #define NFT_OBJECT_LIMIT 4 -#define __NFT_OBJECT_MAX 5 +#define NFT_OBJECT_CONNLIMIT 5 +#define __NFT_OBJECT_MAX 6 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** |