summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorSt├ęphane Veyret <sveyret@gmail.com>2019-05-31 18:51:44 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-06-19 13:11:13 +0200
commitc4b6aa09b85d2604a07ad4b4464b1cbf6e7fa238 (patch)
tree49e851419f12137434873b475f5da3e218d608b5 /include
parentd819a832e0214a3bec3679345f542644596a2850 (diff)
src: add ct expectation support
Add support for ct expectation objects, used to define specific expectations. Signed-off-by: St├ęphane Veyret <sveyret@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/libnftnl/object.h8
-rw-r--r--include/linux/netfilter/nf_tables.h14
-rw-r--r--include/obj.h8
3 files changed, 29 insertions, 1 deletions
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
index 4ce2230..cce0713 100644
--- a/include/libnftnl/object.h
+++ b/include/libnftnl/object.h
@@ -71,6 +71,14 @@ enum {
};
enum {
+ NFTNL_OBJ_CT_EXPECT_L3PROTO = NFTNL_OBJ_BASE,
+ NFTNL_OBJ_CT_EXPECT_L4PROTO,
+ NFTNL_OBJ_CT_EXPECT_DPORT,
+ NFTNL_OBJ_CT_EXPECT_TIMEOUT,
+ NFTNL_OBJ_CT_EXPECT_SIZE,
+};
+
+enum {
NFTNL_OBJ_LIMIT_RATE = NFTNL_OBJ_BASE,
NFTNL_OBJ_LIMIT_UNIT,
NFTNL_OBJ_LIMIT_BURST,
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index fd38cdc..7eb8a5b 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1429,6 +1429,17 @@ enum nft_ct_timeout_attributes {
};
#define NFTA_CT_TIMEOUT_MAX (__NFTA_CT_TIMEOUT_MAX - 1)
+enum nft_ct_expectation_attributes {
+ NFTA_CT_EXPECT_UNSPEC,
+ NFTA_CT_EXPECT_L3PROTO,
+ NFTA_CT_EXPECT_L4PROTO,
+ NFTA_CT_EXPECT_DPORT,
+ NFTA_CT_EXPECT_TIMEOUT,
+ NFTA_CT_EXPECT_SIZE,
+ __NFTA_CT_EXPECT_MAX,
+};
+#define NFTA_CT_EXPECT_MAX (__NFTA_CT_EXPECT_MAX - 1)
+
#define NFT_OBJECT_UNSPEC 0
#define NFT_OBJECT_COUNTER 1
#define NFT_OBJECT_QUOTA 2
@@ -1438,7 +1449,8 @@ enum nft_ct_timeout_attributes {
#define NFT_OBJECT_TUNNEL 6
#define NFT_OBJECT_CT_TIMEOUT 7
#define NFT_OBJECT_SECMARK 8
-#define __NFT_OBJECT_MAX 9
+#define NFT_OBJECT_CT_EXPECT 9
+#define __NFT_OBJECT_MAX 10
#define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1)
/**
diff --git a/include/obj.h b/include/obj.h
index 35b5c40..9394d79 100644
--- a/include/obj.h
+++ b/include/obj.h
@@ -42,6 +42,13 @@ struct nftnl_obj {
uint8_t l4proto;
uint32_t timeout[NFTNL_CTTIMEOUT_ARRAY_MAX];
} ct_timeout;
+ struct nftnl_obj_ct_expect {
+ uint16_t l3proto;
+ uint16_t dport;
+ uint8_t l4proto;
+ uint8_t size;
+ uint32_t timeout;
+ } ct_expect;
struct nftnl_obj_limit {
uint64_t rate;
uint64_t unit;
@@ -99,6 +106,7 @@ extern struct obj_ops obj_ops_counter;
extern struct obj_ops obj_ops_quota;
extern struct obj_ops obj_ops_ct_helper;
extern struct obj_ops obj_ops_ct_timeout;
+extern struct obj_ops obj_ops_ct_expect;
extern struct obj_ops obj_ops_limit;
extern struct obj_ops obj_ops_tunnel;
extern struct obj_ops obj_ops_secmark;