rule: add support for rule flags

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 9 insertions, 0 deletions

diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h
index 2cd1bf3..129dd29 100644
--- a/include/libnftables/rule.h
+++ b/include/libnftables/rule.h
@@ -18,15 +18,18 @@ enum {
 	NFT_RULE_ATTR_TABLE,
 	NFT_RULE_ATTR_CHAIN,
 	NFT_RULE_ATTR_HANDLE,
+	NFT_RULE_ATTR_FLAGS,
 };
 
 void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data);
+void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val);
 void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val);
 void nft_rule_attr_set_str(struct nft_rule *r, uint16_t attr, char *str);
 
 void *nft_rule_attr_get(struct nft_rule *r, uint16_t attr);
 const char *nft_rule_attr_get_str(struct nft_rule *r, uint16_t attr);
 uint8_t nft_rule_attr_get_u8(struct nft_rule *r, uint16_t attr);
+uint32_t nft_rule_attr_get_u32(struct nft_rule *r, uint16_t attr);
 uint64_t nft_rule_attr_get_u64(struct nft_rule *r, uint16_t attr);
 
 void nft_rule_add_expr(struct nft_rule *r, struct nft_rule_expr *expr);
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index a7e84e4..c07d1d3 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -86,12 +86,18 @@ enum nft_chain_attributes {
 };
 #define NFTA_CHAIN_MAX		(__NFTA_CHAIN_MAX - 1)
 
+enum {
+	NFT_RULE_F_COMMIT	= (1 << 0),
+	NFT_RULE_F_MASK		= NFT_RULE_F_COMMIT,
+};
+
 enum nft_rule_attributes {
 	NFTA_RULE_UNSPEC,
 	NFTA_RULE_TABLE,
 	NFTA_RULE_CHAIN,
 	NFTA_RULE_HANDLE,
 	NFTA_RULE_EXPRESSIONS,
+	NFTA_RULE_FLAGS,
 	__NFTA_RULE_MAX
 };
 #define NFTA_RULE_MAX		(__NFTA_RULE_MAX - 1)