diff options
author | Kristian Evensen <kristian.evensen@gmail.com> | 2014-01-11 14:23:35 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-15 11:02:52 +0100 |
commit | 16871a3615edcf358d688a8d079b1e7b20053fb1 (patch) | |
tree | 34d47ed3c4db9b34c5754ef58cd6adcc8b2a37ee /include | |
parent | 006eac019347f0ae50ef188fb7b6e3db6f119ffa (diff) |
expr: ct: Add support for setting the mark
This patch adds userspace support for setting properties of tracked connections.
Currently, the connection mark is supported. This can be used to implemented the
same functionality as iptables -j CONNMARK --save-mark.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/libnftables/expr.h | 1 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/include/libnftables/expr.h b/include/libnftables/expr.h index 25455e4..653bbb0 100644 --- a/include/libnftables/expr.h +++ b/include/libnftables/expr.h @@ -124,6 +124,7 @@ enum { NFT_EXPR_CT_DREG = NFT_RULE_EXPR_ATTR_BASE, NFT_EXPR_CT_KEY, NFT_EXPR_CT_DIR, + NFT_EXPR_CT_SREG, }; enum { diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index fc0f669..6a22a37 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -530,12 +530,14 @@ enum nft_ct_keys { * @NFTA_CT_DREG: destination register (NLA_U32) * @NFTA_CT_KEY: conntrack data item to load (NLA_U32: nft_ct_keys) * @NFTA_CT_DIRECTION: direction in case of directional keys (NLA_U8) + * @NFTA_CT_SREG: source register (NLA_U32) */ enum nft_ct_attributes { NFTA_CT_UNSPEC, NFTA_CT_DREG, NFTA_CT_KEY, NFTA_CT_DIRECTION, + NFTA_CT_SREG, __NFTA_CT_MAX }; #define NFTA_CT_MAX (__NFTA_CT_MAX - 1) |