summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/libnftnl/chain.h1
-rw-r--r--include/libnftnl/expr.h2
-rw-r--r--include/libnftnl/object.h1
-rw-r--r--include/libnftnl/rule.h1
-rw-r--r--include/libnftnl/set.h2
-rw-r--r--include/libnftnl/table.h1
-rw-r--r--include/libnftnl/udata.h19
-rw-r--r--include/linux/netfilter/nf_tables.h7
-rw-r--r--include/obj.h5
9 files changed, 38 insertions, 1 deletions
diff --git a/include/libnftnl/chain.h b/include/libnftnl/chain.h
index 0e57a5a..f56e581 100644
--- a/include/libnftnl/chain.h
+++ b/include/libnftnl/chain.h
@@ -34,6 +34,7 @@ enum nftnl_chain_attr {
NFTNL_CHAIN_DEVICES,
NFTNL_CHAIN_FLAGS,
NFTNL_CHAIN_ID,
+ NFTNL_CHAIN_USERDATA,
__NFTNL_CHAIN_MAX
};
#define NFTNL_CHAIN_MAX (__NFTNL_CHAIN_MAX - 1)
diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index dcbcf5c..c2b2d86 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -36,6 +36,8 @@ uint32_t nftnl_expr_get_u32(const struct nftnl_expr *expr, uint16_t type);
uint64_t nftnl_expr_get_u64(const struct nftnl_expr *expr, uint16_t type);
const char *nftnl_expr_get_str(const struct nftnl_expr *expr, uint16_t type);
+void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr);
+
int nftnl_expr_snprintf(char *buf, size_t buflen, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type, uint32_t flags);
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
index 4c23774..9bd83a5 100644
--- a/include/libnftnl/object.h
+++ b/include/libnftnl/object.h
@@ -19,6 +19,7 @@ enum {
NFTNL_OBJ_FAMILY,
NFTNL_OBJ_USE,
NFTNL_OBJ_HANDLE,
+ NFTNL_OBJ_USERDATA,
NFTNL_OBJ_BASE = 16,
__NFTNL_OBJ_MAX
};
diff --git a/include/libnftnl/rule.h b/include/libnftnl/rule.h
index e5d1ca0..b6b93c6 100644
--- a/include/libnftnl/rule.h
+++ b/include/libnftnl/rule.h
@@ -51,6 +51,7 @@ uint32_t nftnl_rule_get_u32(const struct nftnl_rule *r, uint16_t attr);
uint64_t nftnl_rule_get_u64(const struct nftnl_rule *r, uint16_t attr);
void nftnl_rule_add_expr(struct nftnl_rule *r, struct nftnl_expr *expr);
+void nftnl_rule_del_expr(struct nftnl_expr *expr);
struct nlmsghdr;
diff --git a/include/libnftnl/set.h b/include/libnftnl/set.h
index 5138bb9..961ce5d 100644
--- a/include/libnftnl/set.h
+++ b/include/libnftnl/set.h
@@ -142,7 +142,7 @@ int nftnl_set_elem_parse(struct nftnl_set_elem *e, enum nftnl_parse_type type,
int nftnl_set_elem_parse_file(struct nftnl_set_elem *e, enum nftnl_parse_type type,
FILE *fp, struct nftnl_parse_err *err);
int nftnl_set_elem_snprintf(char *buf, size_t size, const struct nftnl_set_elem *s, uint32_t type, uint32_t flags);
-int nftnl_set_elem_fprintf(FILE *fp, struct nftnl_set_elem *se, uint32_t type, uint32_t flags);
+int nftnl_set_elem_fprintf(FILE *fp, const struct nftnl_set_elem *se, uint32_t type, uint32_t flags);
int nftnl_set_elem_foreach(struct nftnl_set *s, int (*cb)(struct nftnl_set_elem *e, void *data), void *data);
diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h
index 5faec81..a37fba2 100644
--- a/include/libnftnl/table.h
+++ b/include/libnftnl/table.h
@@ -23,6 +23,7 @@ enum nftnl_table_attr {
NFTNL_TABLE_FLAGS,
NFTNL_TABLE_USE,
NFTNL_TABLE_HANDLE,
+ NFTNL_TABLE_USERDATA,
__NFTNL_TABLE_MAX
};
#define NFTNL_TABLE_MAX (__NFTNL_TABLE_MAX - 1)
diff --git a/include/libnftnl/udata.h b/include/libnftnl/udata.h
index 661493b..dbf3a60 100644
--- a/include/libnftnl/udata.h
+++ b/include/libnftnl/udata.h
@@ -9,6 +9,18 @@
extern "C" {
#endif
+enum nftnl_udata_table_types {
+ NFTNL_UDATA_TABLE_COMMENT,
+ __NFTNL_UDATA_TABLE_MAX
+};
+#define NFTNL_UDATA_TABLE_MAX (__NFTNL_UDATA_TABLE_MAX - 1)
+
+enum nftnl_udata_chain_types {
+ NFTNL_UDATA_CHAIN_COMMENT,
+ __NFTNL_UDATA_CHAIN_MAX
+};
+#define NFTNL_UDATA_CHAIN_MAX (__NFTNL_UDATA_CHAIN_MAX - 1)
+
enum nftnl_udata_rule_types {
NFTNL_UDATA_RULE_COMMENT,
NFTNL_UDATA_RULE_EBTABLES_POLICY,
@@ -16,6 +28,12 @@ enum nftnl_udata_rule_types {
};
#define NFTNL_UDATA_RULE_MAX (__NFTNL_UDATA_RULE_MAX - 1)
+enum nftnl_udata_obj_types {
+ NFTNL_UDATA_OBJ_COMMENT,
+ __NFTNL_UDATA_OBJ_MAX
+};
+#define NFTNL_UDATA_OBJ_MAX (__NFTNL_UDATA_OBJ_MAX - 1)
+
#define NFTNL_UDATA_COMMENT_MAXLEN 128
enum nftnl_udata_set_types {
@@ -26,6 +44,7 @@ enum nftnl_udata_set_types {
NFTNL_UDATA_SET_DATA_TYPEOF,
NFTNL_UDATA_SET_EXPR,
NFTNL_UDATA_SET_DATA_INTERVAL,
+ NFTNL_UDATA_SET_COMMENT,
__NFTNL_UDATA_SET_MAX
};
#define NFTNL_UDATA_SET_MAX (__NFTNL_UDATA_SET_MAX - 1)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index d9b0daa..e4cdf78 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -180,6 +180,7 @@ enum nft_table_attributes {
NFTA_TABLE_USE,
NFTA_TABLE_HANDLE,
NFTA_TABLE_PAD,
+ NFTA_TABLE_USERDATA,
__NFTA_TABLE_MAX
};
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
@@ -196,6 +197,7 @@ enum nft_table_attributes {
* @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING)
* @NFTA_CHAIN_COUNTERS: counter specification of the chain (NLA_NESTED: nft_counter_attributes)
* @NFTA_CHAIN_FLAGS: chain flags
+ * @NFTA_CHAIN_USERDATA: user data (NLA_BINARY)
*/
enum nft_chain_attributes {
NFTA_CHAIN_UNSPEC,
@@ -210,6 +212,7 @@ enum nft_chain_attributes {
NFTA_CHAIN_PAD,
NFTA_CHAIN_FLAGS,
NFTA_CHAIN_ID,
+ NFTA_CHAIN_USERDATA,
__NFTA_CHAIN_MAX
};
#define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1)
@@ -994,10 +997,12 @@ enum nft_socket_attributes {
*
* @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option
* @NFT_SOCKET_MARK: Value of the socket mark
+ * @NFT_SOCKET_WILDCARD: Whether the socket is zero-bound (e.g. 0.0.0.0 or ::0)
*/
enum nft_socket_keys {
NFT_SOCKET_TRANSPARENT,
NFT_SOCKET_MARK,
+ NFT_SOCKET_WILDCARD,
__NFT_SOCKET_MAX
};
#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1)
@@ -1541,6 +1546,7 @@ enum nft_ct_expectation_attributes {
* @NFTA_OBJ_DATA: stateful object data (NLA_NESTED)
* @NFTA_OBJ_USE: number of references to this expression (NLA_U32)
* @NFTA_OBJ_HANDLE: object handle (NLA_U64)
+ * @NFTA_OBJ_USERDATA: user data (NLA_BINARY)
*/
enum nft_object_attributes {
NFTA_OBJ_UNSPEC,
@@ -1551,6 +1557,7 @@ enum nft_object_attributes {
NFTA_OBJ_USE,
NFTA_OBJ_HANDLE,
NFTA_OBJ_PAD,
+ NFTA_OBJ_USERDATA,
__NFTA_OBJ_MAX
};
#define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1)
diff --git a/include/obj.h b/include/obj.h
index 10f806c..d9e856a 100644
--- a/include/obj.h
+++ b/include/obj.h
@@ -22,6 +22,11 @@ struct nftnl_obj {
uint32_t flags;
uint64_t handle;
+ struct {
+ void *data;
+ uint32_t len;
+ } user;
+
union {
struct nftnl_obj_counter {
uint64_t pkts;